Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"Disappearing Shortcuts" [Solved]

Started by fenix1 , Dec 28 2011 02:54 PM

  • This topic is locked This topic is locked

#1
fenix1
Posted 28 December 2011 - 02:54 PM

fenix1

    Member

  • Member
  • PipPip
  • 29 posts
I give up! Thank GOD i found this site...think maybe someone here can help. Love my icons had a bunch until they mysteriously disappeared...i mean NONE and my start menu as well. There is NO MALWARE on this machine! I've tried Rogue Killer, Unhide, Shexview, Malwarebytes, Spybot S& D, Stinger, and a few others. Finally did a Restore and on the reboot got caught in a loop. system couldn't load all the services. Thankfully i had a repair disk and booted from the cd. Had to copy entire OS from D drive mirror copy. Booted in SAFE MODE and did CLEAN BOOT. Nothing works! New USER ACCOUNT same as original accounts.
Didn't know by default this fine OS only allows 4 icons after it runs weekly maintenance. This i find ridiculous...thanks ms! I have downloaded OTL so if i can find someone to analyze results and suggest a fix i would really appreciate it. Been working on this problem for two days and i have had it. First time in 16 years i haven't been able to solve a problem on my computers. Never saw anything like this...please help! Like windows 7 but had i known this i'd stayed with Vista.
  • 0

Advertisements

#2
Essexboy
Posted 28 December 2011 - 03:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi. To recap all icons and start menus have dissapeared is that correct ?

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Macboatmaster
Posted 28 December 2011 - 05:47 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
Essexboy
Good evening.
For your information, not that a lot was done, the original thread.
http://www.geekstogo...__fromsearch__1
Regards
Macboatmaster
  • 0

#4
fenix1
Posted 28 December 2011 - 06:09 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I really appreciate ur hlp Essexboy...here comes Rogue Killer!


RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Fenix1 [Admin rights]
Mode: Scan -- Date : 12/28/2011 17:12:49

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] magicJack.exe -- C:\Users\Fenix1\AppData\Roaming\mjusbsp\magicJack.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Fenix1\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3792762254-3201514299-365106432-1001[...]\Run : cdloader ("C:\Users\Fenix1\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 7862f5277d717fe80135f0b647614109
[BSP] ff9c4dc5171de1dc544b2e311e76c796 : Windows Vista/7 MBR Code
Partition table:
0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 19327 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 37750784 | Size: 104 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 37955584 | Size: 150271 Mo
3 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 331454464 | Size: 150366 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



Now here's OTL!


OTL logfile created on: 12/28/2011 5:17:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fenix1\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 57.58% Memory free
4.41 Gb Paging File | 3.12 Gb Available in Paging File | 70.88% Paging File free
Paging file location(s): c:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.95 Gb Total Space | 104.63 Gb Free Space | 74.76% Space Free | Partition Type: NTFS
Drive D: | 140.04 Gb Total Space | 25.82 Gb Free Space | 18.44% Space Free | Partition Type: NTFS

Computer Name: FENIX1-PC | User Name: Fenix1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 17:15:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
PRC - [2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/11/17 11:03:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/15 13:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/01/24 16:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/03 14:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/04/19 01:30:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/11/17 15:18:10 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/17 14:17:30 | 000,434,176 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/17 18:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 19:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/04/15 21:33:16 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/17 15:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/11 19:21:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/02 14:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/06/03 14:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 17:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/02/17 18:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/03 01:40:33 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/12/03 01:40:33 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 06:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 06:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 04:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/15 21:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/03/11 16:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 15:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2005/04/21 15:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...65u2i5z47326284
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...65u2i5z47326284

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...65u2i5z47326284
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111220&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Fenix1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Fenix1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2011/11/10 17:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/21 05:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/25 02:43:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/25 12:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/28 14:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 04:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 14:44:40 | 000,000,000 | ---D | M]

[2011/11/30 01:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Extensions
[2011/12/25 05:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Firefox\Profiles\7hu2limx.default\extensions
[2011/12/19 18:13:47 | 000,001,945 | ---- | M] () -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Firefox\Profiles\7hu2limx.default\searchplugins\bing-zugo.xml
[2011/12/25 04:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/25 12:59:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/10 17:58:22 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
() (No name found) -- C:\USERS\FENIX1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HU2LIMX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\FENIX1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HU2LIMX.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/24 03:12:59 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/27 22:06:17 | 000,001,018 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (GetRight IE Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111228034256.dll (McAfee, Inc.)
O2 - BHO: (no name) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [cdloader] C:\Users\Fenix1\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C170C70C-8D25-46DB-A63A-82E7459E0703}: DhcpNameServer = 208.180.42.100 208.180.42.68
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (wxvault.dll) -C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 17:15:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
[2011/12/28 17:12:14 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Desktop\RK_Quarantine
[2011/12/28 14:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/12/28 14:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/12/28 12:32:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/12/27 23:55:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\ElevatedDiagnostics
[2011/12/27 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Desktop\RK Reports
[2011/12/27 21:22:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWNet.dll
[2011/12/27 20:36:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Nero
[2011/12/27 20:16:51 | 001,114,624 | ---- | C] (The Windows Club) -- C:\Windows\memorb.exe
[2011/12/27 18:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/12/27 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/12/27 18:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/12/27 18:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/12/27 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
[2011/12/25 16:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/12/25 13:00:14 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/12/25 13:00:14 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/25 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/25 13:00:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/12/25 13:00:11 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/12/25 13:00:09 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/25 13:00:08 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/25 12:59:45 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/25 12:59:44 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/12/25 12:54:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/25 12:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/25 08:01:29 | 000,000,000 | ---D | C] -- C:\Windows\PIF
[2011/12/25 07:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011/12/25 07:30:04 | 000,000,000 | ---D | C] -- C:\rei
[2011/12/25 07:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/12/25 05:05:11 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2011/12/25 03:46:16 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2011/12/25 03:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/12/24 23:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/24 23:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/24 20:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2011/12/24 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/12/24 18:51:42 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\McAfee
[2011/12/24 05:46:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\309c9d7b
[2011/12/24 05:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\ExpressFiles
[2011/12/24 03:33:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Thinstall
[2011/12/24 03:30:35 | 000,000,000 | ---D | C] -- C:\Games
[2011/12/24 03:12:59 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\Babylon
[2011/12/24 03:12:56 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Babylon
[2011/12/24 03:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/12/24 01:29:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/24 00:51:39 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Rockets
[2011/12/24 00:34:56 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{FA9C89FF-F8D7-4A63-8DAC-11F1273E91A9}
[2011/12/24 00:34:39 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{009F7A31-727A-4334-911C-1D23FCA9C072}
[2011/12/24 00:34:36 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\eType
[2011/12/23 20:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2011/12/23 20:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2011/12/23 19:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
[2011/12/23 19:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/12/19 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Applian FLV and Media Player
[2011/12/19 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Documents\Freecorder
[2011/12/19 18:13:24 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\FLVService
[2011/12/16 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bill2's Process Manager
[2011/12/16 15:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bill2's Process Manager
[2011/12/16 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bill2's Process Manager
[2011/12/16 15:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ainvo
[2011/12/15 03:00:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:00:49 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:00:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:00:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:00:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 22:43:53 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 22:43:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 22:43:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 22:43:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 22:43:17 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 22:43:16 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/13 18:19:52 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011/12/13 18:17:31 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/12/13 16:27:14 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{8116206C-A6D7-4E59-B75A-27B0C43DA522}
[2011/12/13 16:25:23 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{5D03D72D-B52B-48D7-902B-D24FBA0AF78C}
[2011/12/10 14:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Clean Expert
[2011/12/10 14:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2011/12/10 14:33:40 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2011/12/10 14:33:40 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2011/12/10 14:33:40 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2011/12/10 14:33:40 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2011/12/10 14:33:40 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF32.DLL
[2011/12/10 14:33:40 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF16.DLL
[2011/12/10 14:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2011/12/10 11:07:59 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\LockHunter
[2011/12/10 10:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2011/12/10 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2011/12/10 09:45:44 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{9DD9A7D5-C17A-45C4-AB63-521D7C67A2A2}
[2011/12/10 09:45:31 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{2CE4F2B4-1418-4353-BEE1-F1683AB39923}
[2011/12/09 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{821C0CBD-C44F-4E21-AC74-8E179180BB54}
[2011/12/04 12:53:30 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2011/12/04 12:39:00 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{192156B9-633E-4D75-B73C-433DCADE5F53}
[2011/12/04 12:36:53 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{E5495EDE-5C2A-43E9-9061-D725B18BCB62}
[2011/12/03 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Free Photo Converter
[2011/12/03 17:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Photo Converter
[2011/12/03 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\PixelApp Studio
[2011/12/03 17:13:06 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{385B3C65-32CB-4D7F-A24E-7D0F82724506}
[2011/12/03 17:12:34 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{E2EF3D74-EF48-453C-A1E8-FFC0E59B99E4}
[2011/12/03 11:50:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\MozillaControl
[2011/12/03 01:41:36 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/03 01:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GetRight
[2011/12/03 01:31:35 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\GetRight
[2011/12/03 01:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\GetRight
[2011/12/02 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2011/12/02 18:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/12/02 18:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/12/02 10:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2011/12/01 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\tjnet
[2011/12/01 17:11:47 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\magicJack
[2011/12/01 17:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2011/12/01 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\mjusbsp
[2011/11/30 21:35:38 | 000,750,984 | ---- | C] (IncrediMail LTD.) -- C:\Windows\System32\Magentic Screensaver.scr
[2011/11/30 21:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magentic by IncrediMail
[2011/11/30 21:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Magentic
[2011/11/30 21:33:22 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{A4E72C3E-66CD-4184-A2C3-89BC22C5F47E}
[2011/11/30 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/11/30 16:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2011/11/30 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/11/30 16:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/11/30 16:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/11/30 16:39:17 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\NCH Software
[2011/11/30 16:35:41 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2011/11/30 01:57:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\Mozilla
[2011/11/30 01:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/30 01:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
[2011/11/29 18:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\'Full Speed' Internet Booster + Performance Tests
[2011/11/29 18:09:05 | 000,000,000 | ---D | C] -- C:\Windows\'Full Speed' Internet Booster + Performance Tests
[2011/11/29 11:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2011/11/28 21:00:20 | 000,000,000 | ---D | C] -- C:\DownloaderData
[2011/11/28 20:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MovieToolBox
[2011/11/28 20:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Downloader
[2011/11/28 20:55:37 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\GetRightToGo
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 17:15:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
[2011/12/28 17:12:30 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/28 17:10:52 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001UA.job
[2011/12/28 17:10:15 | 000,773,632 | ---- | M] () -- C:\Users\Fenix1\Desktop\RogueKiller.exe
[2011/12/28 16:36:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 14:38:02 | 000,000,999 | ---- | M] () -- C:\Users\Fenix1\Desktop\magicJack.lnk
[2011/12/28 14:34:59 | 000,021,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 14:34:59 | 000,021,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 14:33:43 | 000,625,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/28 14:33:43 | 000,107,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/28 14:32:39 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/12/28 14:28:29 | 000,000,000 | ---- | M] () -- C:\Users\Fenix1\AppData\Local\WavXMapDrive.bat
[2011/12/28 14:28:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 14:27:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 14:27:20 | 1583,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 10:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001Core.job
[2011/12/28 01:54:10 | 000,000,787 | ---- | M] () -- C:\Users\Fenix1\Documents\shot1.jpg
[2011/12/28 00:05:26 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2011/12/27 22:19:40 | 000,001,087 | ---- | M] () -- C:\Users\Fenix1\Desktop\OTL.lnk
[2011/12/27 22:03:29 | 000,001,165 | ---- | M] () -- C:\Users\Fenix1\Desktop\RogueKiller.lnk
[2011/12/27 21:59:47 | 000,000,727 | ---- | M] () -- C:\Users\Fenix1\Desktop\unhide.lnk
[2011/12/27 18:53:29 | 000,325,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 18:39:04 | 000,002,682 | ---- | M] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/12/27 18:39:04 | 000,002,658 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/12/25 13:00:14 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/25 13:00:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/25 12:58:36 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/12/25 12:54:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 12:17:47 | 000,000,121 | ---- | M] () -- C:\Users\Fenix1\Desktop\RefreshIcons.bat
[2011/12/25 09:25:33 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/12/25 07:11:45 | 000,001,559 | ---- | M] () -- C:\Users\Fenix1\Desktop\shexview.lnk
[2011/12/25 06:34:42 | 000,001,086 | ---- | M] () -- C:\Users\Fenix1\Desktop\Regedit.lnk
[2011/12/25 05:11:50 | 000,001,084 | ---- | M] () -- C:\Users\Fenix1\Desktop\YouTube Downloader.lnk
[2011/12/25 05:10:27 | 000,001,835 | ---- | M] () -- C:\Users\Fenix1\Desktop\GetRight.lnk
[2011/12/25 04:19:20 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/24 06:27:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\wv2UTA.dat
[2011/12/23 16:49:53 | 002,100,280 | ---- | M] () -- C:\Users\Fenix1\RVCap.avi
[2011/12/23 14:58:33 | 000,013,354 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement3.htm
[2011/12/23 14:58:33 | 000,005,715 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement3.gif
[2011/12/23 13:01:06 | 000,105,397 | ---- | M] () -- C:\Users\Fenix1\Documents\Corruption Of America.html
[2011/12/21 18:31:01 | 000,012,803 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement.htm
[2011/12/21 18:31:01 | 000,005,714 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement.gif
[2011/12/21 14:58:31 | 004,281,108 | ---- | M] () -- C:\Users\Fenix1\Documents\Html.Files1.htm
[2011/12/21 14:43:44 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/12/21 13:03:45 | 000,001,002 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/21 12:20:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/20 15:39:02 | 054,006,627 | ---- | M] () -- C:\Users\Fenix1\This_Is_the_Video_the_Government_Doesn_t_Want_You_to_See_fim2.m4v
[2011/12/19 01:28:58 | 000,001,127 | ---- | M] () -- C:\Users\Fenix1\Desktop\stinger.lnk
[2011/12/16 15:37:05 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\Screen Grab Pro.lnk
[2011/12/16 15:36:30 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/12/16 15:33:21 | 000,148,208 | ---- | M] () -- C:\Users\Fenix1\Documents\(Fenix1-PC).html
[2011/12/16 15:27:57 | 000,002,038 | ---- | M] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/12/16 15:27:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/12/13 18:19:52 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011/12/13 16:17:13 | 000,007,680 | ---- | M] () -- C:\Users\Fenix1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 14:42:47 | 000,000,051 | ---- | M] () -- C:\Users\Fenix1\Desktop\Forex Street. The Foreign Exchange Market.URL
[2011/12/10 14:34:15 | 000,000,982 | ---- | M] () -- C:\Users\Fenix1\Desktop\Free Registry Defrag.lnk
[2011/12/10 10:39:35 | 000,001,241 | ---- | M] () -- C:\Users\Fenix1\Desktop\Procexplorer.lnk
[2011/12/10 09:15:17 | 003,284,332 | ---- | M] () -- C:\Users\Fenix1\Documents\Presidential Candidate Positions.pdf
[2011/12/05 16:27:26 | 000,001,178 | ---- | M] () -- C:\Users\Fenix1\Desktop\TCPOptimizer.lnk
[2011/12/04 20:14:37 | 000,000,794 | ---- | M] () -- C:\Users\Fenix1\Documents\mmme.jpg
[2011/12/04 13:43:10 | 000,000,062 | ---- | M] () -- C:\Users\Fenix1\Desktop\Plentyoffish.com.URL
[2011/12/04 12:53:41 | 000,001,547 | ---- | M] () -- C:\Users\Fenix1\Desktop\Interbank FX Trader 4.lnk
[2011/12/04 10:35:36 | 000,001,504 | ---- | M] () -- C:\Users\Fenix1\Desktop\wmplayer.lnk
[2011/12/03 16:23:20 | 001,640,630 | ---- | M] () -- C:\Users\Fenix1\Documents\Least ya know what i look like!.JPG
[2011/12/03 15:41:06 | 000,570,823 | ---- | M] () -- C:\Users\Fenix1\Documents\Google Background.jpg
[2011/12/03 01:40:33 | 000,464,176 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/12/03 01:40:33 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/12/03 00:53:46 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011/12/03 00:26:56 | 066,238,499 | ---- | M] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.wmv
[2011/11/30 16:19:04 | 000,000,241 | ---- | M] () -- C:\Users\Fenix1\AppData\Roaming\burnaware.ini
[2011/11/30 13:02:00 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/30 10:33:03 | 004,502,749 | ---- | M] () -- C:\Users\Fenix1\Documents\TeaPartyBudget.pdf
[2011/11/29 12:22:25 | 021,486,953 | ---- | M] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.flv
[2011/11/29 11:57:23 | 002,888,704 | ---- | M] () -- C:\rzcapture.avi
[2011/11/28 23:51:18 | 000,000,260 | ---- | M] () -- C:\Users\Fenix1\Documents\cc_20111128_235112.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 17:09:48 | 000,773,632 | ---- | C] () -- C:\Users\Fenix1\Desktop\RogueKiller.exe
[2011/12/28 10:52:07 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/12/28 01:54:35 | 000,000,787 | ---- | C] () -- C:\Users\Fenix1\Documents\shot1.jpg
[2011/12/27 22:19:03 | 000,001,087 | ---- | C] () -- C:\Users\Fenix1\Desktop\OTL.lnk
[2011/12/27 22:03:44 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/27 21:57:56 | 000,001,165 | ---- | C] () -- C:\Users\Fenix1\Desktop\RogueKiller.lnk
[2011/12/27 21:57:48 | 000,000,727 | ---- | C] () -- C:\Users\Fenix1\Desktop\unhide.lnk
[2011/12/27 18:39:04 | 000,002,682 | ---- | C] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/12/27 18:39:04 | 000,002,658 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/12/27 16:48:35 | 000,325,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 15:11:04 | 1583,222,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/25 13:00:14 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/25 12:54:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 12:17:44 | 000,000,121 | ---- | C] () -- C:\Users\Fenix1\Desktop\RefreshIcons.bat
[2011/12/25 07:31:00 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/12/25 07:11:45 | 000,001,559 | ---- | C] () -- C:\Users\Fenix1\Desktop\shexview.lnk
[2011/12/25 06:34:42 | 000,001,086 | ---- | C] () -- C:\Users\Fenix1\Desktop\Regedit.lnk
[2011/12/25 05:11:50 | 000,001,084 | ---- | C] () -- C:\Users\Fenix1\Desktop\YouTube Downloader.lnk
[2011/12/25 05:10:27 | 000,001,835 | ---- | C] () -- C:\Users\Fenix1\Desktop\GetRight.lnk
[2011/12/25 03:37:09 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/24 06:27:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\wv2UTA.dat
[2011/12/23 16:49:49 | 002,100,280 | ---- | C] () -- C:\Users\Fenix1\RVCap.avi
[2011/12/23 15:09:49 | 000,005,715 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement3.gif
[2011/12/23 15:09:44 | 000,013,354 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement3.htm
[2011/12/23 13:01:03 | 000,105,397 | ---- | C] () -- C:\Users\Fenix1\Documents\Corruption Of America.html
[2011/12/21 18:35:50 | 000,005,714 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement.gif
[2011/12/21 18:35:45 | 000,012,803 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement.htm
[2011/12/21 14:58:31 | 004,281,108 | ---- | C] () -- C:\Users\Fenix1\Documents\Html.Files1.htm
[2011/12/21 13:03:42 | 000,001,002 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/19 21:54:17 | 054,006,627 | ---- | C] () -- C:\Users\Fenix1\This_Is_the_Video_the_Government_Doesn_t_Want_You_to_See_fim2.m4v
[2011/12/19 01:27:37 | 000,001,127 | ---- | C] () -- C:\Users\Fenix1\Desktop\stinger.lnk
[2011/12/11 19:50:18 | 000,000,794 | ---- | C] () -- C:\Users\Fenix1\Documents\mmme.jpg
[2011/12/11 14:42:47 | 000,000,051 | ---- | C] () -- C:\Users\Fenix1\Desktop\Forex Street. The Foreign Exchange Market.URL
[2011/12/10 14:42:28 | 000,000,046 | ---- | C] () -- C:\Windows\System32\_WKERNEL.FRE
[2011/12/10 14:34:15 | 000,000,982 | ---- | C] () -- C:\Users\Fenix1\Desktop\Free Registry Defrag.lnk
[2011/12/10 14:33:55 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/12/10 14:33:40 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2011/12/10 13:26:54 | 003,284,332 | ---- | C] () -- C:\Users\Fenix1\Documents\Presidential Candidate Positions.pdf
[2011/12/10 10:38:09 | 000,001,241 | ---- | C] () -- C:\Users\Fenix1\Desktop\Procexplorer.lnk
[2011/12/05 16:27:26 | 000,001,178 | ---- | C] () -- C:\Users\Fenix1\Desktop\TCPOptimizer.lnk
[2011/12/04 13:43:10 | 000,000,062 | ---- | C] () -- C:\Users\Fenix1\Desktop\Plentyoffish.com.URL
[2011/12/04 10:35:36 | 000,001,504 | ---- | C] () -- C:\Users\Fenix1\Desktop\wmplayer.lnk
[2011/12/03 16:22:37 | 001,640,630 | ---- | C] () -- C:\Users\Fenix1\Documents\Least ya know what i look like!.JPG
[2011/12/03 15:41:05 | 000,570,823 | ---- | C] () -- C:\Users\Fenix1\Documents\Google Background.jpg
[2011/12/03 02:39:55 | 000,148,208 | ---- | C] () -- C:\Users\Fenix1\Documents\(Fenix1-PC).html
[2011/12/03 00:25:42 | 066,238,499 | ---- | C] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.wmv
[2011/12/02 23:42:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/02 23:33:59 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
[2011/12/01 17:10:37 | 000,000,999 | ---- | C] () -- C:\Users\Fenix1\Desktop\magicJack.lnk
[2011/12/01 17:10:37 | 000,000,985 | ---- | C] () -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
[2011/11/30 16:40:44 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2011/11/30 16:40:13 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audio Mixer.lnk
[2011/11/30 16:40:02 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2011/11/30 16:39:24 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/11/30 10:33:00 | 004,502,749 | ---- | C] () -- C:\Users\Fenix1\Documents\TeaPartyBudget.pdf
[2011/11/30 01:56:54 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/29 12:20:23 | 021,486,953 | ---- | C] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.flv
[2011/11/29 11:57:16 | 002,888,704 | ---- | C] () -- C:\rzcapture.avi
[2011/11/28 23:51:15 | 000,000,260 | ---- | C] () -- C:\Users\Fenix1\Documents\cc_20111128_235112.reg
[2011/11/18 01:07:17 | 000,007,624 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\resmon.resmoncfg
[2011/11/15 10:21:25 | 000,000,275 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/14 03:17:21 | 000,007,680 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 21:16:28 | 000,000,241 | ---- | C] () -- C:\Users\Fenix1\AppData\Roaming\burnaware.ini
[2011/11/13 11:05:52 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/11 23:28:00 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/11/11 23:24:53 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/11/11 21:57:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/11 03:19:46 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/11/10 17:58:23 | 002,212,096 | ---- | C] () -- C:\Windows\System32\wweb32.dll
[2011/11/08 16:38:54 | 000,000,000 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/09/08 20:56:51 | 000,031,232 | ---- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/08 20:56:31 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/08 20:56:31 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/08 20:56:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/08 20:56:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/08 20:50:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/05 21:08:20 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/04/19 00:00:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 21:33:16 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 11:21:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 11:21:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 11:21:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 11:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 11:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 11:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 11:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 11:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 11:21:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 11:21:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 11:21:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 11:20:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 11:20:58 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 11:20:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 11:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 11:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 11:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 11:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 11:20:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 11:20:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 11:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 11:20:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 11:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 11:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 11:20:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 11:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 11:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 11:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 11:20:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 16:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 17:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:05:48 | 000,625,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,084 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/25 02:43:58 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Applian FLV and Media Player
[2011/11/14 12:00:39 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Auslogics
[2011/12/24 03:12:56 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Babylon
[2011/12/25 02:43:40 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\eType
[2011/12/25 02:43:22 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Foxreal
[2011/12/03 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Free Photo Converter
[2011/11/12 06:01:50 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\G-Recorder
[2011/12/03 01:37:12 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\GetRight
[2011/12/03 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\GetRightToGo
[2011/12/10 11:07:59 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\LockHunter
[2011/12/28 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\mjusbsp
[2011/11/10 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Nullsoft
[2011/11/09 08:22:01 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\OpenCandy
[2011/11/17 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\PCFix
[2011/11/11 23:19:47 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\SMRecorder
[2011/12/28 00:27:05 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\SoftGrid Client
[2011/12/24 03:33:08 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Thinstall
[2011/11/12 12:55:57 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\TP
[2011/11/11 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Wave Systems Corp
[2011/11/11 18:17:06 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\WeatherBug
[2011/11/13 21:45:55 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Windows Live Writer
[2011/11/09 10:33:43 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\WinPatrol
[2011/11/30 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\xVideoServiceThief
[2011/12/28 00:05:10 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/10/06 00:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/02/04 04:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/04 04:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/05 23:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 02:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{17D25375-D81A-4446-86ED-98B39D949BDA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C170C70C-8D25-46DB-A63A-82E7459E0703}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 17:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 01 01 09 01 07 01 04 01 03 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 19:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >




And last but not least here's MBR!


Attached File  aswMBR.txt   2.12KB   93 downloads
  • 0

#5
fenix1
Posted 28 December 2011 - 06:59 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Tkink i sent ya an incomplete and innacurate OTL. Here's the complete log including the EXTRA. Guess i should have went for a Bachelors or Masters but all i am according to my old professor is a simple "mechanic" or "parts changer" as he called it. That was back in '95. Thing is back then here in the US parts changers were making $50 an hour...but not anymore. Anyways Essexboy hope ya can help me...THANKS MUCH!


OTL logfile created on: 12/28/2011 6:35:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fenix1\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.83% Memory free
4.41 Gb Paging File | 2.97 Gb Available in Paging File | 67.49% Paging File free
Paging file location(s): c:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.95 Gb Total Space | 104.20 Gb Free Space | 74.46% Space Free | Partition Type: NTFS
Drive D: | 140.04 Gb Total Space | 25.82 Gb Free Space | 18.44% Space Free | Partition Type: NTFS

Computer Name: FENIX1-PC | User Name: Fenix1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 17:15:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
PRC - [2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/11/17 11:03:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/15 13:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/01/24 16:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/03 14:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/04/19 01:30:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/11/17 15:18:10 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/17 14:17:30 | 000,434,176 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/17 18:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 19:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/04/15 21:33:16 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/17 15:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/11 19:21:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/02 14:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/06/03 14:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 17:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/02/17 18:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/03 01:40:33 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/12/03 01:40:33 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 06:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 06:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 04:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/15 21:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/03/11 16:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 15:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2005/04/21 15:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...65u2i5z47326284
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...65u2i5z47326284


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...65u2i5z47326284
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.google.com/
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111220&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Fenix1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Fenix1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2011/11/10 17:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/21 05:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/25 02:43:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/25 12:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/28 14:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 04:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 14:44:40 | 000,000,000 | ---D | M]

[2011/11/30 01:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Extensions
[2011/12/25 05:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Firefox\Profiles\7hu2limx.default\extensions
[2011/12/19 18:13:47 | 000,001,945 | ---- | M] () -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Firefox\Profiles\7hu2limx.default\searchplugins\bing-zugo.xml
[2011/12/25 04:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/25 12:59:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/10 17:58:22 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
() (No name found) -- C:\USERS\FENIX1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HU2LIMX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\FENIX1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HU2LIMX.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/24 03:12:59 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/27 22:06:17 | 000,001,018 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (GetRight IE Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111228034256.dll (McAfee, Inc.)
O2 - BHO: (no name) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3792762254-3201514299-365106432-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3792762254-3201514299-365106432-1001..\Run: [cdloader] C:\Users\Fenix1\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3792762254-3201514299-365106432-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C170C70C-8D25-46DB-A63A-82E7459E0703}: DhcpNameServer = 208.180.42.100 208.180.42.68
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (wxvault.dll) -C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 17:15:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
[2011/12/28 17:12:14 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Desktop\RK_Quarantine
[2011/12/28 14:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/12/28 14:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/12/28 12:32:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/12/27 23:55:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\ElevatedDiagnostics
[2011/12/27 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Desktop\RK Reports
[2011/12/27 21:22:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWNet.dll
[2011/12/27 20:36:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Nero
[2011/12/27 20:16:51 | 001,114,624 | ---- | C] (The Windows Club) -- C:\Windows\memorb.exe
[2011/12/27 18:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/12/27 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/12/27 18:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/12/27 18:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/12/27 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
[2011/12/25 16:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/12/25 13:00:14 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/12/25 13:00:14 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/25 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/25 13:00:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/12/25 13:00:11 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/12/25 13:00:09 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/25 13:00:08 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/25 12:59:45 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/25 12:59:44 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/12/25 12:54:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/25 12:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/25 08:01:29 | 000,000,000 | ---D | C] -- C:\Windows\PIF
[2011/12/25 07:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011/12/25 07:30:04 | 000,000,000 | ---D | C] -- C:\rei
[2011/12/25 07:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/12/25 05:05:11 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2011/12/25 03:46:16 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2011/12/25 03:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/12/24 23:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/24 23:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/24 20:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2011/12/24 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/12/24 18:51:42 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\McAfee
[2011/12/24 05:46:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\309c9d7b
[2011/12/24 05:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\ExpressFiles
[2011/12/24 03:33:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Thinstall
[2011/12/24 03:30:35 | 000,000,000 | ---D | C] -- C:\Games
[2011/12/24 03:12:59 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\Babylon
[2011/12/24 03:12:56 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Babylon
[2011/12/24 03:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/12/24 01:29:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/24 00:51:39 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Rockets
[2011/12/24 00:34:56 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{FA9C89FF-F8D7-4A63-8DAC-11F1273E91A9}
[2011/12/24 00:34:39 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{009F7A31-727A-4334-911C-1D23FCA9C072}
[2011/12/24 00:34:36 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\eType
[2011/12/23 20:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2011/12/23 20:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2011/12/23 19:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
[2011/12/23 19:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/12/19 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Applian FLV and Media Player
[2011/12/19 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Documents\Freecorder
[2011/12/19 18:13:24 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\FLVService
[2011/12/16 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bill2's Process Manager
[2011/12/16 15:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bill2's Process Manager
[2011/12/16 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bill2's Process Manager
[2011/12/16 15:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ainvo
[2011/12/15 03:00:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:00:49 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:00:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:00:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:00:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 22:43:53 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 22:43:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 22:43:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 22:43:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 22:43:17 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 22:43:16 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/13 18:19:52 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011/12/13 18:17:31 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/12/13 16:27:14 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{8116206C-A6D7-4E59-B75A-27B0C43DA522}
[2011/12/13 16:25:23 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{5D03D72D-B52B-48D7-902B-D24FBA0AF78C}
[2011/12/10 14:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Clean Expert
[2011/12/10 14:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2011/12/10 14:33:40 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2011/12/10 14:33:40 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2011/12/10 14:33:40 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2011/12/10 14:33:40 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2011/12/10 14:33:40 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF32.DLL
[2011/12/10 14:33:40 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF16.DLL
[2011/12/10 14:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2011/12/10 11:07:59 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\LockHunter
[2011/12/10 10:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2011/12/10 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2011/12/10 09:45:44 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{9DD9A7D5-C17A-45C4-AB63-521D7C67A2A2}
[2011/12/10 09:45:31 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{2CE4F2B4-1418-4353-BEE1-F1683AB39923}
[2011/12/09 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{821C0CBD-C44F-4E21-AC74-8E179180BB54}
[2011/12/04 12:53:30 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2011/12/04 12:39:00 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{192156B9-633E-4D75-B73C-433DCADE5F53}
[2011/12/04 12:36:53 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{E5495EDE-5C2A-43E9-9061-D725B18BCB62}
[2011/12/03 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Free Photo Converter
[2011/12/03 17:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Photo Converter
[2011/12/03 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\PixelApp Studio
[2011/12/03 17:13:06 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{385B3C65-32CB-4D7F-A24E-7D0F82724506}
[2011/12/03 17:12:34 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{E2EF3D74-EF48-453C-A1E8-FFC0E59B99E4}
[2011/12/03 11:50:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\MozillaControl
[2011/12/03 01:41:36 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/03 01:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GetRight
[2011/12/03 01:31:35 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\GetRight
[2011/12/03 01:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\GetRight
[2011/12/02 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2011/12/02 18:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/12/02 18:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/12/02 10:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2011/12/01 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\tjnet
[2011/12/01 17:11:47 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\magicJack
[2011/12/01 17:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2011/12/01 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\mjusbsp
[2011/11/30 21:35:38 | 000,750,984 | ---- | C] (IncrediMail LTD.) -- C:\Windows\System32\Magentic Screensaver.scr
[2011/11/30 21:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magentic by IncrediMail
[2011/11/30 21:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Magentic
[2011/11/30 21:33:22 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{A4E72C3E-66CD-4184-A2C3-89BC22C5F47E}
[2011/11/30 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/11/30 16:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2011/11/30 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/11/30 16:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/11/30 16:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/11/30 16:39:17 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\NCH Software
[2011/11/30 16:35:41 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2011/11/30 01:57:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\Mozilla
[2011/11/30 01:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/30 01:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
[2011/11/29 18:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\'Full Speed' Internet Booster + Performance Tests
[2011/11/29 18:09:05 | 000,000,000 | ---D | C] -- C:\Windows\'Full Speed' Internet Booster + Performance Tests
[2011/11/29 11:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2011/11/28 21:00:20 | 000,000,000 | ---D | C] -- C:\DownloaderData
[2011/11/28 20:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MovieToolBox
[2011/11/28 20:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Downloader
[2011/11/28 20:55:37 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\GetRightToGo
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 18:36:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 18:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001UA.job
[2011/12/28 17:45:14 | 000,000,512 | ---- | M] () -- C:\Users\Fenix1\Desktop\MBR.dat
[2011/12/28 17:36:04 | 000,001,122 | ---- | M] () -- C:\Users\Fenix1\Desktop\aswMBR - Shortcut.lnk
[2011/12/28 17:15:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
[2011/12/28 17:12:30 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/28 14:38:02 | 000,000,999 | ---- | M] () -- C:\Users\Fenix1\Desktop\magicJack.lnk
[2011/12/28 14:34:59 | 000,021,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 14:34:59 | 000,021,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 14:33:43 | 000,625,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/28 14:33:43 | 000,107,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/28 14:32:39 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/12/28 14:28:29 | 000,000,000 | ---- | M] () -- C:\Users\Fenix1\AppData\Local\WavXMapDrive.bat
[2011/12/28 14:28:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 14:27:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 14:27:20 | 1583,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 10:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001Core.job
[2011/12/28 01:54:10 | 000,000,787 | ---- | M] () -- C:\Users\Fenix1\Documents\shot1.jpg
[2011/12/28 00:05:26 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2011/12/27 22:03:29 | 000,001,165 | ---- | M] () -- C:\Users\Fenix1\Desktop\RogueKiller.lnk
[2011/12/27 21:59:47 | 000,000,727 | ---- | M] () -- C:\Users\Fenix1\Desktop\unhide.lnk
[2011/12/27 18:53:29 | 000,325,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 18:39:04 | 000,002,682 | ---- | M] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/12/27 18:39:04 | 000,002,658 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/12/25 13:00:14 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/25 13:00:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/25 12:58:36 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/12/25 12:54:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 12:17:47 | 000,000,121 | ---- | M] () -- C:\Users\Fenix1\Desktop\RefreshIcons.bat
[2011/12/25 09:25:33 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/12/25 07:11:45 | 000,001,559 | ---- | M] () -- C:\Users\Fenix1\Desktop\shexview.lnk
[2011/12/25 06:34:42 | 000,001,086 | ---- | M] () -- C:\Users\Fenix1\Desktop\Regedit.lnk
[2011/12/25 05:11:50 | 000,001,084 | ---- | M] () -- C:\Users\Fenix1\Desktop\YouTube Downloader.lnk
[2011/12/25 05:10:27 | 000,001,835 | ---- | M] () -- C:\Users\Fenix1\Desktop\GetRight.lnk
[2011/12/25 04:19:20 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/24 06:27:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\wv2UTA.dat
[2011/12/23 16:49:53 | 002,100,280 | ---- | M] () -- C:\Users\Fenix1\RVCap.avi
[2011/12/23 14:58:33 | 000,013,354 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement3.htm
[2011/12/23 14:58:33 | 000,005,715 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement3.gif
[2011/12/23 13:01:06 | 000,105,397 | ---- | M] () -- C:\Users\Fenix1\Documents\Corruption Of America.html
[2011/12/21 18:31:01 | 000,012,803 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement.htm
[2011/12/21 18:31:01 | 000,005,714 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement.gif
[2011/12/21 14:58:31 | 004,281,108 | ---- | M] () -- C:\Users\Fenix1\Documents\Html.Files1.htm
[2011/12/21 14:43:44 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/12/21 13:03:45 | 000,001,002 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/21 12:20:42 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/20 15:39:02 | 054,006,627 | ---- | M] () -- C:\Users\Fenix1\This_Is_the_Video_the_Government_Doesn_t_Want_You_to_See_fim2.m4v
[2011/12/19 01:28:58 | 000,001,127 | ---- | M] () -- C:\Users\Fenix1\Desktop\stinger.lnk
[2011/12/16 15:37:05 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\Screen Grab Pro.lnk
[2011/12/16 15:36:30 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/12/16 15:33:21 | 000,148,208 | ---- | M] () -- C:\Users\Fenix1\Documents\(Fenix1-PC).html
[2011/12/16 15:27:57 | 000,002,038 | ---- | M] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/12/16 15:27:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/12/13 18:19:52 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011/12/13 16:17:13 | 000,007,680 | ---- | M] () -- C:\Users\Fenix1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 14:42:47 | 000,000,051 | ---- | M] () -- C:\Users\Fenix1\Desktop\Forex Street. The Foreign Exchange Market.URL
[2011/12/10 14:34:15 | 000,000,982 | ---- | M] () -- C:\Users\Fenix1\Desktop\Free Registry Defrag.lnk
[2011/12/10 10:39:35 | 000,001,241 | ---- | M] () -- C:\Users\Fenix1\Desktop\Procexplorer.lnk
[2011/12/10 09:15:17 | 003,284,332 | ---- | M] () -- C:\Users\Fenix1\Documents\Presidential Candidate Positions.pdf
[2011/12/05 16:27:26 | 000,001,178 | ---- | M] () -- C:\Users\Fenix1\Desktop\TCPOptimizer.lnk
[2011/12/04 20:14:37 | 000,000,794 | ---- | M] () -- C:\Users\Fenix1\Documents\mmme.jpg
[2011/12/04 13:43:10 | 000,000,062 | ---- | M] () -- C:\Users\Fenix1\Desktop\Plentyoffish.com.URL
[2011/12/04 12:53:41 | 000,001,547 | ---- | M] () -- C:\Users\Fenix1\Desktop\Interbank FX Trader 4.lnk
[2011/12/04 10:35:36 | 000,001,504 | ---- | M] () -- C:\Users\Fenix1\Desktop\wmplayer.lnk
[2011/12/03 16:23:20 | 001,640,630 | ---- | M] () -- C:\Users\Fenix1\Documents\Least ya know what i look like!.JPG
[2011/12/03 15:41:06 | 000,570,823 | ---- | M] () -- C:\Users\Fenix1\Documents\Google Background.jpg
[2011/12/03 01:40:33 | 000,464,176 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/12/03 01:40:33 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/12/03 00:53:46 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011/12/03 00:26:56 | 066,238,499 | ---- | M] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.wmv
[2011/11/30 16:19:04 | 000,000,241 | ---- | M] () -- C:\Users\Fenix1\AppData\Roaming\burnaware.ini
[2011/11/30 13:02:00 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/30 10:33:03 | 004,502,749 | ---- | M] () -- C:\Users\Fenix1\Documents\TeaPartyBudget.pdf
[2011/11/29 12:22:25 | 021,486,953 | ---- | M] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.flv
[2011/11/29 11:57:23 | 002,888,704 | ---- | M] () -- C:\rzcapture.avi
[2011/11/28 23:51:18 | 000,000,260 | ---- | M] () -- C:\Users\Fenix1\Documents\cc_20111128_235112.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 17:45:14 | 000,000,512 | ---- | C] () -- C:\Users\Fenix1\Desktop\MBR.dat
[2011/12/28 17:35:13 | 000,001,122 | ---- | C] () -- C:\Users\Fenix1\Desktop\aswMBR - Shortcut.lnk
[2011/12/28 10:52:07 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/12/28 01:54:35 | 000,000,787 | ---- | C] () -- C:\Users\Fenix1\Documents\shot1.jpg
[2011/12/27 22:03:44 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/27 21:57:56 | 000,001,165 | ---- | C] () -- C:\Users\Fenix1\Desktop\RogueKiller.lnk
[2011/12/27 21:57:48 | 000,000,727 | ---- | C] () -- C:\Users\Fenix1\Desktop\unhide.lnk
[2011/12/27 18:39:04 | 000,002,682 | ---- | C] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/12/27 18:39:04 | 000,002,658 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/12/27 16:48:35 | 000,325,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 15:11:04 | 1583,222,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/25 13:00:14 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/25 12:54:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 12:17:44 | 000,000,121 | ---- | C] () -- C:\Users\Fenix1\Desktop\RefreshIcons.bat
[2011/12/25 07:31:00 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/12/25 07:11:45 | 000,001,559 | ---- | C] () -- C:\Users\Fenix1\Desktop\shexview.lnk
[2011/12/25 06:34:42 | 000,001,086 | ---- | C] () -- C:\Users\Fenix1\Desktop\Regedit.lnk
[2011/12/25 05:11:50 | 000,001,084 | ---- | C] () -- C:\Users\Fenix1\Desktop\YouTube Downloader.lnk
[2011/12/25 05:10:27 | 000,001,835 | ---- | C] () -- C:\Users\Fenix1\Desktop\GetRight.lnk
[2011/12/25 03:37:09 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/24 06:27:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\wv2UTA.dat
[2011/12/23 16:49:49 | 002,100,280 | ---- | C] () -- C:\Users\Fenix1\RVCap.avi
[2011/12/23 15:09:49 | 000,005,715 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement3.gif
[2011/12/23 15:09:44 | 000,013,354 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement3.htm
[2011/12/23 13:01:03 | 000,105,397 | ---- | C] () -- C:\Users\Fenix1\Documents\Corruption Of America.html
[2011/12/21 18:35:50 | 000,005,714 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement.gif
[2011/12/21 18:35:45 | 000,012,803 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement.htm
[2011/12/21 14:58:31 | 004,281,108 | ---- | C] () -- C:\Users\Fenix1\Documents\Html.Files1.htm
[2011/12/21 13:03:42 | 000,001,002 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/19 21:54:17 | 054,006,627 | ---- | C] () -- C:\Users\Fenix1\This_Is_the_Video_the_Government_Doesn_t_Want_You_to_See_fim2.m4v
[2011/12/19 01:27:37 | 000,001,127 | ---- | C] () -- C:\Users\Fenix1\Desktop\stinger.lnk
[2011/12/11 19:50:18 | 000,000,794 | ---- | C] () -- C:\Users\Fenix1\Documents\mmme.jpg
[2011/12/11 14:42:47 | 000,000,051 | ---- | C] () -- C:\Users\Fenix1\Desktop\Forex Street. The Foreign Exchange Market.URL
[2011/12/10 14:42:28 | 000,000,046 | ---- | C] () -- C:\Windows\System32\_WKERNEL.FRE
[2011/12/10 14:34:15 | 000,000,982 | ---- | C] () -- C:\Users\Fenix1\Desktop\Free Registry Defrag.lnk
[2011/12/10 14:33:55 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/12/10 14:33:40 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2011/12/10 13:26:54 | 003,284,332 | ---- | C] () -- C:\Users\Fenix1\Documents\Presidential Candidate Positions.pdf
[2011/12/10 10:38:09 | 000,001,241 | ---- | C] () -- C:\Users\Fenix1\Desktop\Procexplorer.lnk
[2011/12/05 16:27:26 | 000,001,178 | ---- | C] () -- C:\Users\Fenix1\Desktop\TCPOptimizer.lnk
[2011/12/04 13:43:10 | 000,000,062 | ---- | C] () -- C:\Users\Fenix1\Desktop\Plentyoffish.com.URL
[2011/12/04 10:35:36 | 000,001,504 | ---- | C] () -- C:\Users\Fenix1\Desktop\wmplayer.lnk
[2011/12/03 16:22:37 | 001,640,630 | ---- | C] () -- C:\Users\Fenix1\Documents\Least ya know what i look like!.JPG
[2011/12/03 15:41:05 | 000,570,823 | ---- | C] () -- C:\Users\Fenix1\Documents\Google Background.jpg
[2011/12/03 02:39:55 | 000,148,208 | ---- | C] () -- C:\Users\Fenix1\Documents\(Fenix1-PC).html
[2011/12/03 00:25:42 | 066,238,499 | ---- | C] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.wmv
[2011/12/02 23:42:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/02 23:33:59 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
[2011/12/01 17:10:37 | 000,000,999 | ---- | C] () -- C:\Users\Fenix1\Desktop\magicJack.lnk
[2011/12/01 17:10:37 | 000,000,985 | ---- | C] () -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
[2011/11/30 16:40:44 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2011/11/30 16:40:13 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audio Mixer.lnk
[2011/11/30 16:40:02 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2011/11/30 16:39:24 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/11/30 10:33:00 | 004,502,749 | ---- | C] () -- C:\Users\Fenix1\Documents\TeaPartyBudget.pdf
[2011/11/30 01:56:54 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/29 12:20:23 | 021,486,953 | ---- | C] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.flv
[2011/11/29 11:57:16 | 002,888,704 | ---- | C] () -- C:\rzcapture.avi
[2011/11/28 23:51:15 | 000,000,260 | ---- | C] () -- C:\Users\Fenix1\Documents\cc_20111128_235112.reg
[2011/11/18 01:07:17 | 000,007,624 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\resmon.resmoncfg
[2011/11/15 10:21:25 | 000,000,275 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/14 03:17:21 | 000,007,680 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 21:16:28 | 000,000,241 | ---- | C] () -- C:\Users\Fenix1\AppData\Roaming\burnaware.ini
[2011/11/13 11:05:52 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/11 23:28:00 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/11/11 23:24:53 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/11/11 21:57:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/11 03:19:46 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/11/10 17:58:23 | 002,212,096 | ---- | C] () -- C:\Windows\System32\wweb32.dll
[2011/11/08 16:38:54 | 000,000,000 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/09/08 20:56:51 | 000,031,232 | ---- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/08 20:56:31 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/08 20:56:31 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/08 20:56:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/08 20:56:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/08 20:50:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/05 21:08:20 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/04/19 00:00:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 21:33:16 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 11:21:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 11:21:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 11:21:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 11:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 11:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 11:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 11:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 11:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 11:21:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 11:21:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 11:21:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 11:20:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 11:20:58 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 11:20:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 11:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 11:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 11:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 11:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 11:20:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 11:20:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 11:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 11:20:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 11:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 11:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 11:20:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 11:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 11:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 11:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 11:20:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 16:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 17:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:05:48 | 000,625,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,084 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/25 02:43:58 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Applian FLV and Media Player
[2011/11/14 12:00:39 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Auslogics
[2011/12/24 03:12:56 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Babylon
[2011/12/25 02:43:40 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\eType
[2011/12/25 02:43:22 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Foxreal
[2011/12/03 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Free Photo Converter
[2011/11/12 06:01:50 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\G-Recorder
[2011/12/03 01:37:12 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\GetRight
[2011/12/03 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\GetRightToGo
[2011/12/10 11:07:59 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\LockHunter
[2011/12/28 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\mjusbsp
[2011/11/10 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Nullsoft
[2011/11/09 08:22:01 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\OpenCandy
[2011/11/17 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\PCFix
[2011/11/11 23:19:47 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\SMRecorder
[2011/12/28 00:27:05 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\SoftGrid Client
[2011/12/24 03:33:08 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Thinstall
[2011/11/12 12:55:57 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\TP
[2011/11/11 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Wave Systems Corp
[2011/11/11 18:17:06 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\WeatherBug
[2011/11/13 21:45:55 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Windows Live Writer
[2011/11/09 10:33:43 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\WinPatrol
[2011/11/30 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\xVideoServiceThief
[2011/12/28 00:05:10 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/10/06 00:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/02/04 04:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/04 04:20:17 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/05 23:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2010/11/20 02:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{17D25375-D81A-4446-86ED-98B39D949BDA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C170C70C-8D25-46DB-A63A-82E7459E0703}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2009/07/13 17:53:54 | 000,036,352 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 01 01 09 01 07 01 04 01 03 01 00 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2009/07/13 19:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >




And here's the EXTRA.


OTL Extras logfile created on: 12/28/2011 6:35:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fenix1\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.83% Memory free
4.41 Gb Paging File | 2.97 Gb Available in Paging File | 67.49% Paging File free
Paging file location(s): c:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.95 Gb Total Space | 104.20 Gb Free Space | 74.46% Space Free | Partition Type: NTFS
Drive D: | 140.04 Gb Total Space | 25.82 Gb Free Space | 18.44% Space Free | Partition Type: NTFS

Computer Name: FENIX1-PC | User Name: Fenix1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{10BC626E-DCC8-4509-958A-EC75CD323367}" = Smiley for WLW
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1DDF0BBC-440C-446E-BB6A-594D2FD44DC6}" = Protection Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3D1E03-D506-4163-B600-82EE27FC5A89}" = Microsoft Camera Codec Pack
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.61
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{581125F9-D1C6-4797-93BB-47A992D69AA8}" = Screen Grab Pro
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = Fingerprint Sensor Minimum Install
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CC23DEB-D22A-4345-9CFF-F8C602BCE792}" = Acer eLock Management
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Framework
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93A038DC-5F4C-4463-9847-E184E74951B6}" = Digital Cable Advisor
"{93E3AA65-716B-4CF0-867F-BA86D331ADFE}" = Wave Infrastructure Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A1FFD720-0806-40E9-9554-DB22D593FDEF}" = Acer PowerSaver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}" = Veriton ControlCenter
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Embassy Trust Suite - Acer Edition
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7B95F95-CFE6-44F8-9DDD-2754414E5DB9}" = Native Extensions 2.1 for Microsoft Silverlight
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED1CF08-037C-444F-8FE8-4806BD317D34}" = Ubee USB RNDIS and NDIS Driver
"{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}" = Acer QuickMigration
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{DC38FAD0-C4A5-436A-9C24-D29BBB8B2AC7}" = upekmsi
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}" = Photosynth 2.0110.0317.1042
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{e5de92c4-d28d-427b-a014-a3200e7980aa}" = Nero 9 Essentials
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F879E5D9-25CA-446B-80D2-F660BAC2A6AD}" = Free Photo Converter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.39 Free Edition
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"Bill2's Process Manager" = Bill2's Process Manager (UnInstall only)
"BurnAware Free_is1" = BurnAware Free 4.2
"CCleaner" = CCleaner
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"Doxillion" = Doxillion Document Converter
"Free Registry Defrag_is1" = Free Registry Defrag
"'Full Speed' Internet Booster + Performance Tests3.6" = 'Full Speed' Internet Booster + Performance Tests
"GetRight_is1" = GetRight
"G-Recorder" = G-Recorder (remove only)
"Guitar and Bass_is1" = Guitar and Bass
"HDMI" = Intel® Graphics Media Accelerator Driver
"IncrediMail" = IncrediMail 2.0
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"LockHunter_is1" = LockHunter version 1.0 beta 3, 32 bit edition
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Streets & Trips 2000" = Microsoft Expedia Streets & Trips 2000
"MixPad" = MixPad Audio Mixer
"MovieDownloader" = Movie Downloader
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSC" = McAfee Internet Security Suite
"NirSoft ShellExView" = NirSoft ShellExView
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Picasa 3" = Picasa 3
"Prism" = Prism Video File Converter
"RealPlayer 15.0" = RealPlayer
"Reimage Repair" = Reimage Repair
"Replay Video Capture5.4.2" = Replay Video Capture 5
"Switch" = Switch Sound File Converter
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TVWiz" = Intel® TV Wizard
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WordWeb" = WordWeb
"Works2kSetup" = Microsoft Works 2000 Setup Launcher
"Yahoo! Widget Engine" = Yahoo! Widgets

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3792762254-3201514299-365106432-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#6
Essexboy
Posted 29 December 2011 - 01:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have the shortcuts back ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/24 03:12:59 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
    O2 - BHO: (no name) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - No CLSID value found.
    O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O2 - BHO: (no name) - Disabled:{3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
    O2 - BHO: (no name) - Disabled:{31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
    O2 - BHO: (no name) - Disabled:{53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
    O2 - BHO: (no name) - Disabled:{AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
    [2011/12/24 05:46:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\309c9d7b
    [2011/12/24 03:12:59 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\Babylon
    [2011/12/24 03:12:56 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Babylon
    [2011/12/24 03:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

    :Files
    ipconfig /flushdns /c
    C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
fenix1
Posted 29 December 2011 - 02:52 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Attached File  OTL.1.Txt   128.44KB   107 downloadsEssexboy i ran the fix with OTL as instructed. It got to: "checking RscSs process" and hung...no response. I brought up Task Manager and clicked reboot and waited 10 minutes. Finally shut power off and waited 5 minutes and turned back on. Booted up with no icons but had a notepad file displayed about "moved files". Have attached file here. Also, ran OTL in "quick scan" and it wouldn't complete...it hung on "scanning processes". I ran it in full scan mode and it completed so i'll post it here for you. Also, before i contacted this site i ran Malwarebytes several days ago and it showed that this "Babylon" entry was malware along with several downloads from CNET. I used the program to delete them. I suppose when i did the Restore it placed them back on my C drive again. Anyways, thanks for helping me cause i haven't got a clue...CharlieAttached File  OTL Moved Files.txt   456bytes   97 downloads



OTL logfile created on: 12/29/2011 2:19:36 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fenix1\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.76% Memory free
4.41 Gb Paging File | 3.16 Gb Available in Paging File | 71.72% Paging File free
Paging file location(s): c:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.95 Gb Total Space | 102.96 Gb Free Space | 73.57% Space Free | Partition Type: NTFS
Drive D: | 140.04 Gb Total Space | 25.82 Gb Free Space | 18.44% Space Free | Partition Type: NTFS

Computer Name: FENIX1-PC | User Name: Fenix1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/29 14:18:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
PRC - [2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/11/17 11:03:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/15 13:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/01/24 16:16:52 | 004,657,424 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files\GetRight\GetRight.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/03 14:53:52 | 000,030,016 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2010/04/19 01:30:26 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/11/17 15:18:10 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/17 14:17:30 | 000,434,176 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/17 18:01:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 19:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/04/15 21:33:16 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/11/17 15:16:40 | 000,465,576 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/11 19:21:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/10/18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/09/14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/02 14:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/06/03 14:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 17:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 15:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/15 18:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/02/17 18:01:04 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/03 01:40:33 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/12/03 01:40:33 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 06:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 06:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 04:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/04/15 21:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/03/11 16:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 15:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2005/04/21 15:10:30 | 000,013,335 | ---- | M] (Microsystems Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...65u2i5z47326284
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...65u2i5z47326284

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...65u2i5z47326284
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...te=20111220&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Fenix1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Fenix1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fenix1\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2011/11/10 17:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/21 05:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/25 02:43:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/25 12:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/12/29 14:10:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 04:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 14:44:40 | 000,000,000 | ---D | M]

[2011/11/30 01:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Extensions
[2011/12/25 05:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Firefox\Profiles\7hu2limx.default\extensions
[2011/12/19 18:13:47 | 000,001,945 | ---- | M] () -- C:\Users\Fenix1\AppData\Roaming\Mozilla\Firefox\Profiles\7hu2limx.default\searchplugins\bing-zugo.xml
[2011/12/25 04:19:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/25 12:59:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/11/10 17:58:22 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
() (No name found) -- C:\USERS\FENIX1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HU2LIMX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\FENIX1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7HU2LIMX.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/29 13:45:13 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (GetRight IE Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20111228034256.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [cdloader] C:\Users\Fenix1\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C170C70C-8D25-46DB-A63A-82E7459E0703}: DhcpNameServer = 208.180.42.100 208.180.42.68
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (wxvault.dll) -C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) -C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 14:18:42 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
[2011/12/29 14:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/12/29 13:44:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 17:12:14 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Desktop\RK_Quarantine
[2011/12/28 14:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/12/28 12:32:21 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/12/27 23:55:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\ElevatedDiagnostics
[2011/12/27 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Desktop\RK Reports
[2011/12/27 21:22:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWNet.dll
[2011/12/27 20:36:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Nero
[2011/12/27 20:16:51 | 001,114,624 | ---- | C] (The Windows Club) -- C:\Windows\memorb.exe
[2011/12/27 18:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011/12/27 18:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011/12/27 18:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011/12/27 18:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/12/27 18:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
[2011/12/25 16:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/12/25 13:00:14 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/12/25 13:00:14 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/12/25 13:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/12/25 13:00:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/12/25 13:00:11 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/12/25 13:00:09 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/12/25 13:00:08 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/12/25 12:59:45 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/12/25 12:59:44 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/12/25 12:54:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/25 12:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/25 08:01:29 | 000,000,000 | ---D | C] -- C:\Windows\PIF
[2011/12/25 07:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2011/12/25 07:30:04 | 000,000,000 | ---D | C] -- C:\rei
[2011/12/25 07:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2011/12/25 05:05:11 | 000,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2011/12/25 03:46:16 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2011/12/25 03:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/12/24 23:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/12/24 23:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/24 20:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2011/12/24 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/12/24 18:51:42 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\McAfee
[2011/12/24 05:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\ExpressFiles
[2011/12/24 03:33:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Thinstall
[2011/12/24 03:30:35 | 000,000,000 | ---D | C] -- C:\Games
[2011/12/24 01:29:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/24 00:51:39 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Rockets
[2011/12/24 00:34:56 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{FA9C89FF-F8D7-4A63-8DAC-11F1273E91A9}
[2011/12/24 00:34:39 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{009F7A31-727A-4334-911C-1D23FCA9C072}
[2011/12/24 00:34:36 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\eType
[2011/12/23 20:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2011/12/23 20:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2011/12/23 19:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
[2011/12/23 19:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/12/19 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Applian FLV and Media Player
[2011/12/19 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\Documents\Freecorder
[2011/12/19 18:13:24 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\FLVService
[2011/12/16 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bill2's Process Manager
[2011/12/16 15:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bill2's Process Manager
[2011/12/16 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bill2's Process Manager
[2011/12/16 15:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Ainvo
[2011/12/15 03:00:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:00:49 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:00:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:00:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:00:46 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 22:43:53 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 22:43:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 22:43:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 22:43:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 22:43:17 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 22:43:16 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/13 18:19:52 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011/12/13 18:17:31 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/12/13 16:27:14 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{8116206C-A6D7-4E59-B75A-27B0C43DA522}
[2011/12/13 16:25:23 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{5D03D72D-B52B-48D7-902B-D24FBA0AF78C}
[2011/12/10 14:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Clean Expert
[2011/12/10 14:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2011/12/10 14:33:40 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\Windows\System32\wbocx.ocx
[2011/12/10 14:33:40 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2011/12/10 14:33:40 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2011/12/10 14:33:40 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2011/12/10 14:33:40 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF32.DLL
[2011/12/10 14:33:40 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\W95INF16.DLL
[2011/12/10 14:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2011/12/10 11:07:59 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\LockHunter
[2011/12/10 10:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
[2011/12/10 10:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2011/12/10 09:45:44 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{9DD9A7D5-C17A-45C4-AB63-521D7C67A2A2}
[2011/12/10 09:45:31 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{2CE4F2B4-1418-4353-BEE1-F1683AB39923}
[2011/12/09 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{821C0CBD-C44F-4E21-AC74-8E179180BB54}
[2011/12/04 12:53:30 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2011/12/04 12:39:00 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{192156B9-633E-4D75-B73C-433DCADE5F53}
[2011/12/04 12:36:53 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{E5495EDE-5C2A-43E9-9061-D725B18BCB62}
[2011/12/03 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\Free Photo Converter
[2011/12/03 17:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Photo Converter
[2011/12/03 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\PixelApp Studio
[2011/12/03 17:13:06 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{385B3C65-32CB-4D7F-A24E-7D0F82724506}
[2011/12/03 17:12:34 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{E2EF3D74-EF48-453C-A1E8-FFC0E59B99E4}
[2011/12/03 11:50:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\MozillaControl
[2011/12/03 01:41:36 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/03 01:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\GetRight
[2011/12/03 01:31:35 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\GetRight
[2011/12/03 01:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\GetRight
[2011/12/02 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2011/12/02 18:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/12/02 18:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/12/02 10:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2011/12/01 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\tjnet
[2011/12/01 17:11:47 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\magicJack
[2011/12/01 17:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2011/12/01 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\mjusbsp
[2011/11/30 21:35:38 | 000,750,984 | ---- | C] (IncrediMail LTD.) -- C:\Windows\System32\Magentic Screensaver.scr
[2011/11/30 21:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magentic by IncrediMail
[2011/11/30 21:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Magentic
[2011/11/30 21:33:22 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\{A4E72C3E-66CD-4184-A2C3-89BC22C5F47E}
[2011/11/30 16:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/11/30 16:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2011/11/30 16:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011/11/30 16:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/11/30 16:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/11/30 16:39:17 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Roaming\NCH Software
[2011/11/30 16:35:41 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2011/11/30 01:57:08 | 000,000,000 | ---D | C] -- C:\Users\Fenix1\AppData\Local\Mozilla
[2011/11/30 01:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/11/30 01:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
[2011/11/29 18:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\'Full Speed' Internet Booster + Performance Tests
[2011/11/29 18:09:05 | 000,000,000 | ---D | C] -- C:\Windows\'Full Speed' Internet Booster + Performance Tests
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/12/29 14:18:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fenix1\Desktop\OTL.exe
[2011/12/29 14:14:55 | 000,625,976 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/29 14:14:55 | 000,107,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/29 14:14:55 | 000,021,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 14:14:55 | 000,021,680 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 14:12:14 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/12/29 14:10:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001UA.job
[2011/12/29 14:08:25 | 000,000,999 | ---- | M] () -- C:\Users\Fenix1\Desktop\magicJack.lnk
[2011/12/29 14:08:08 | 000,000,000 | ---- | M] () -- C:\Users\Fenix1\AppData\Local\WavXMapDrive.bat
[2011/12/29 14:07:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 14:07:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 14:07:09 | 1583,222,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/29 13:45:13 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/29 13:36:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 12:50:57 | 000,005,661 | ---- | M] () -- C:\Users\Fenix1\Documents\INFLATION.htm
[2011/12/29 10:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001Core.job
[2011/12/29 00:26:31 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011/12/28 22:48:31 | 000,000,512 | ---- | M] () -- C:\Users\Fenix1\Desktop\MBR.dat
[2011/12/28 22:34:09 | 000,000,046 | ---- | M] () -- C:\Windows\System32\_WKERNEL.FRE
[2011/12/28 17:36:04 | 000,001,122 | ---- | M] () -- C:\Users\Fenix1\Desktop\aswMBR - Shortcut.lnk
[2011/12/28 17:12:30 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/28 01:54:10 | 000,000,787 | ---- | M] () -- C:\Users\Fenix1\Documents\shot1.jpg
[2011/12/27 21:59:47 | 000,000,727 | ---- | M] () -- C:\Users\Fenix1\Desktop\unhide.lnk
[2011/12/27 18:53:29 | 000,325,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 18:39:04 | 000,002,682 | ---- | M] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/12/27 18:39:04 | 000,002,658 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/12/25 13:00:14 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/25 13:00:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/25 12:58:36 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2011/12/25 12:54:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 12:17:47 | 000,000,121 | ---- | M] () -- C:\Users\Fenix1\Desktop\RefreshIcons.bat
[2011/12/25 09:25:33 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/12/25 07:11:45 | 000,001,559 | ---- | M] () -- C:\Users\Fenix1\Desktop\shexview.lnk
[2011/12/25 06:34:42 | 000,001,086 | ---- | M] () -- C:\Users\Fenix1\Desktop\Regedit.lnk
[2011/12/25 05:11:50 | 000,001,084 | ---- | M] () -- C:\Users\Fenix1\Desktop\YouTube Downloader.lnk
[2011/12/25 05:10:27 | 000,001,835 | ---- | M] () -- C:\Users\Fenix1\Desktop\GetRight.lnk
[2011/12/25 04:19:20 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/24 06:27:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\wv2UTA.dat
[2011/12/23 16:49:53 | 002,100,280 | ---- | M] () -- C:\Users\Fenix1\RVCap.avi
[2011/12/23 14:58:33 | 000,013,354 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement3.htm
[2011/12/23 14:58:33 | 000,005,715 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement3.gif
[2011/12/23 13:01:06 | 000,105,397 | ---- | M] () -- C:\Users\Fenix1\Documents\Corruption Of America.html
[2011/12/21 18:31:01 | 000,012,803 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement.htm
[2011/12/21 18:31:01 | 000,005,714 | ---- | M] () -- C:\Users\Fenix1\Documents\DetailedStatement.gif
[2011/12/21 14:58:31 | 004,281,108 | ---- | M] () -- C:\Users\Fenix1\Documents\Html.Files1.htm
[2011/12/21 14:43:44 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/12/21 13:03:45 | 000,001,002 | ---- | M] () -- C:\Windows\wininit.ini
[2011/12/20 15:39:02 | 054,006,627 | ---- | M] () -- C:\Users\Fenix1\This_Is_the_Video_the_Government_Doesn_t_Want_You_to_See_fim2.m4v
[2011/12/19 01:28:58 | 000,001,127 | ---- | M] () -- C:\Users\Fenix1\Desktop\stinger.lnk
[2011/12/16 15:37:05 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\Screen Grab Pro.lnk
[2011/12/16 15:36:30 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/12/16 15:33:21 | 000,148,208 | ---- | M] () -- C:\Users\Fenix1\Documents\(Fenix1-PC).html
[2011/12/16 15:27:57 | 000,002,038 | ---- | M] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/12/16 15:27:57 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/12/13 18:19:52 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011/12/13 16:17:13 | 000,007,680 | ---- | M] () -- C:\Users\Fenix1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 14:42:47 | 000,000,051 | ---- | M] () -- C:\Users\Fenix1\Desktop\Forex Street. The Foreign Exchange Market.URL
[2011/12/10 14:34:15 | 000,000,982 | ---- | M] () -- C:\Users\Fenix1\Desktop\Free Registry Defrag.lnk
[2011/12/10 10:39:35 | 000,001,241 | ---- | M] () -- C:\Users\Fenix1\Desktop\Procexplorer.lnk
[2011/12/10 09:15:17 | 003,284,332 | ---- | M] () -- C:\Users\Fenix1\Documents\Presidential Candidate Positions.pdf
[2011/12/05 16:27:26 | 000,001,178 | ---- | M] () -- C:\Users\Fenix1\Desktop\TCPOptimizer.lnk
[2011/12/04 20:14:37 | 000,000,794 | ---- | M] () -- C:\Users\Fenix1\Documents\mmme.jpg
[2011/12/04 13:43:10 | 000,000,062 | ---- | M] () -- C:\Users\Fenix1\Desktop\Plentyoffish.com.URL
[2011/12/04 12:53:41 | 000,001,547 | ---- | M] () -- C:\Users\Fenix1\Desktop\Interbank FX Trader 4.lnk
[2011/12/04 10:35:36 | 000,001,504 | ---- | M] () -- C:\Users\Fenix1\Desktop\wmplayer.lnk
[2011/12/03 16:23:20 | 001,640,630 | ---- | M] () -- C:\Users\Fenix1\Documents\Least ya know what i look like!.JPG
[2011/12/03 15:41:06 | 000,570,823 | ---- | M] () -- C:\Users\Fenix1\Documents\Google Background.jpg
[2011/12/03 01:40:33 | 000,464,176 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2011/12/03 01:40:33 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/12/03 01:40:33 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/12/03 00:53:46 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2011/12/03 00:26:56 | 066,238,499 | ---- | M] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.wmv
[2011/11/30 16:19:04 | 000,000,241 | ---- | M] () -- C:\Users\Fenix1\AppData\Roaming\burnaware.ini
[2011/11/30 13:02:00 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/30 10:33:03 | 004,502,749 | ---- | M] () -- C:\Users\Fenix1\Documents\TeaPartyBudget.pdf

========== Files Created - No Company Name ==========

[2011/12/29 12:50:54 | 000,005,661 | ---- | C] () -- C:\Users\Fenix1\Documents\INFLATION.htm
[2011/12/28 17:45:14 | 000,000,512 | ---- | C] () -- C:\Users\Fenix1\Desktop\MBR.dat
[2011/12/28 17:35:13 | 000,001,122 | ---- | C] () -- C:\Users\Fenix1\Desktop\aswMBR - Shortcut.lnk
[2011/12/28 10:52:07 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/12/28 01:54:35 | 000,000,787 | ---- | C] () -- C:\Users\Fenix1\Documents\shot1.jpg
[2011/12/27 22:03:44 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/27 21:57:48 | 000,000,727 | ---- | C] () -- C:\Users\Fenix1\Desktop\unhide.lnk
[2011/12/27 18:39:04 | 000,002,682 | ---- | C] () -- C:\Users\Fenix1\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2011/12/27 18:39:04 | 000,002,658 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2011/12/27 16:48:35 | 000,325,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/27 15:11:04 | 1583,222,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/25 13:00:14 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/12/25 12:54:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/25 12:17:44 | 000,000,121 | ---- | C] () -- C:\Users\Fenix1\Desktop\RefreshIcons.bat
[2011/12/25 07:31:00 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2011/12/25 07:11:45 | 000,001,559 | ---- | C] () -- C:\Users\Fenix1\Desktop\shexview.lnk
[2011/12/25 06:34:42 | 000,001,086 | ---- | C] () -- C:\Users\Fenix1\Desktop\Regedit.lnk
[2011/12/25 05:11:50 | 000,001,084 | ---- | C] () -- C:\Users\Fenix1\Desktop\YouTube Downloader.lnk
[2011/12/25 05:10:27 | 000,001,835 | ---- | C] () -- C:\Users\Fenix1\Desktop\GetRight.lnk
[2011/12/25 03:37:09 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/24 06:27:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\wv2UTA.dat
[2011/12/23 16:49:49 | 002,100,280 | ---- | C] () -- C:\Users\Fenix1\RVCap.avi
[2011/12/23 15:09:49 | 000,005,715 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement3.gif
[2011/12/23 15:09:44 | 000,013,354 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement3.htm
[2011/12/23 13:01:03 | 000,105,397 | ---- | C] () -- C:\Users\Fenix1\Documents\Corruption Of America.html
[2011/12/21 18:35:50 | 000,005,714 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement.gif
[2011/12/21 18:35:45 | 000,012,803 | ---- | C] () -- C:\Users\Fenix1\Documents\DetailedStatement.htm
[2011/12/21 14:58:31 | 004,281,108 | ---- | C] () -- C:\Users\Fenix1\Documents\Html.Files1.htm
[2011/12/21 13:03:42 | 000,001,002 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/19 21:54:17 | 054,006,627 | ---- | C] () -- C:\Users\Fenix1\This_Is_the_Video_the_Government_Doesn_t_Want_You_to_See_fim2.m4v
[2011/12/19 01:27:37 | 000,001,127 | ---- | C] () -- C:\Users\Fenix1\Desktop\stinger.lnk
[2011/12/11 19:50:18 | 000,000,794 | ---- | C] () -- C:\Users\Fenix1\Documents\mmme.jpg
[2011/12/11 14:42:47 | 000,000,051 | ---- | C] () -- C:\Users\Fenix1\Desktop\Forex Street. The Foreign Exchange Market.URL
[2011/12/10 14:42:28 | 000,000,046 | ---- | C] () -- C:\Windows\System32\_WKERNEL.FRE
[2011/12/10 14:34:15 | 000,000,982 | ---- | C] () -- C:\Users\Fenix1\Desktop\Free Registry Defrag.lnk
[2011/12/10 14:33:55 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2011/12/10 14:33:40 | 000,000,439 | ---- | C] () -- C:\Windows\System32\shfolder.inf
[2011/12/10 13:26:54 | 003,284,332 | ---- | C] () -- C:\Users\Fenix1\Documents\Presidential Candidate Positions.pdf
[2011/12/10 10:38:09 | 000,001,241 | ---- | C] () -- C:\Users\Fenix1\Desktop\Procexplorer.lnk
[2011/12/05 16:27:26 | 000,001,178 | ---- | C] () -- C:\Users\Fenix1\Desktop\TCPOptimizer.lnk
[2011/12/04 13:43:10 | 000,000,062 | ---- | C] () -- C:\Users\Fenix1\Desktop\Plentyoffish.com.URL
[2011/12/04 10:35:36 | 000,001,504 | ---- | C] () -- C:\Users\Fenix1\Desktop\wmplayer.lnk
[2011/12/03 16:22:37 | 001,640,630 | ---- | C] () -- C:\Users\Fenix1\Documents\Least ya know what i look like!.JPG
[2011/12/03 15:41:05 | 000,570,823 | ---- | C] () -- C:\Users\Fenix1\Documents\Google Background.jpg
[2011/12/03 02:39:55 | 000,148,208 | ---- | C] () -- C:\Users\Fenix1\Documents\(Fenix1-PC).html
[2011/12/03 00:25:42 | 066,238,499 | ---- | C] () -- C:\Users\Fenix1\Documents\One Nation Under God - Jon McNaughton.wmv
[2011/12/02 23:42:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/12/02 23:33:59 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk
[2011/12/01 17:10:37 | 000,000,999 | ---- | C] () -- C:\Users\Fenix1\Desktop\magicJack.lnk
[2011/12/01 17:10:37 | 000,000,985 | ---- | C] () -- C:\Users\Fenix1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
[2011/11/30 16:40:44 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2011/11/30 16:40:13 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audio Mixer.lnk
[2011/11/30 16:40:02 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2011/11/30 16:39:24 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2011/11/30 10:33:00 | 004,502,749 | ---- | C] () -- C:\Users\Fenix1\Documents\TeaPartyBudget.pdf
[2011/11/30 01:56:54 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/18 01:07:17 | 000,007,624 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\resmon.resmoncfg
[2011/11/15 10:21:25 | 000,000,275 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/14 03:17:21 | 000,007,680 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/13 21:16:28 | 000,000,241 | ---- | C] () -- C:\Users\Fenix1\AppData\Roaming\burnaware.ini
[2011/11/13 11:05:52 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/11 23:28:00 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/11/11 23:24:53 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/11/11 21:57:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/11 03:19:46 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/11/10 17:58:23 | 002,212,096 | ---- | C] () -- C:\Windows\System32\wweb32.dll
[2011/11/08 16:38:54 | 000,000,000 | ---- | C] () -- C:\Users\Fenix1\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/09/08 20:56:51 | 000,031,232 | ---- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/08 20:56:31 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/08 20:56:31 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/08 20:56:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/08 20:56:31 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/08 20:50:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/07/05 21:08:20 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/04/19 00:00:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2010/04/15 21:33:16 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2010/04/08 11:21:16 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2010/04/08 11:21:16 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2010/04/08 11:21:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2010/04/08 11:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2010/04/08 11:21:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2010/04/08 11:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2010/04/08 11:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2010/04/08 11:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2010/04/08 11:21:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2010/04/08 11:21:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2010/04/08 11:21:00 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2010/04/08 11:20:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2010/04/08 11:20:58 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2010/04/08 11:20:56 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2010/04/08 11:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2010/04/08 11:20:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2010/04/08 11:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2010/04/08 11:20:52 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2010/04/08 11:20:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2010/04/08 11:20:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2010/04/08 11:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2010/04/08 11:20:46 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2010/04/08 11:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2010/04/08 11:20:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2010/04/08 11:20:42 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2010/04/08 11:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2010/04/08 11:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2010/04/08 11:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2010/04/08 11:20:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/06 16:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 17:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:05:48 | 000,625,976 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,107,084 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/25 02:43:58 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Applian FLV and Media Player
[2011/11/14 12:00:39 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Auslogics
[2011/12/25 02:43:40 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\eType
[2011/12/25 02:43:22 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Foxreal
[2011/12/03 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Free Photo Converter
[2011/11/12 06:01:50 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\G-Recorder
[2011/12/03 01:37:12 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\GetRight
[2011/12/03 15:53:38 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\GetRightToGo
[2011/12/10 11:07:59 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\LockHunter
[2011/12/29 14:08:27 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\mjusbsp
[2011/11/10 19:20:46 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Nullsoft
[2011/11/09 08:22:01 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\OpenCandy
[2011/11/17 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\PCFix
[2011/11/11 23:19:47 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\SMRecorder
[2011/12/28 00:27:05 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\SoftGrid Client
[2011/12/24 03:33:08 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Thinstall
[2011/11/12 12:55:57 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\TP
[2011/11/11 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Wave Systems Corp
[2011/11/11 18:17:06 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\WeatherBug
[2011/11/13 21:45:55 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\Windows Live Writer
[2011/11/09 10:33:43 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\WinPatrol
[2011/11/30 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\Fenix1\AppData\Roaming\xVideoServiceThief
[2011/12/28 00:05:10 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >
  • 0

#8
Essexboy
Posted 29 December 2011 - 02:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see that you have both McAfee and Avast on your system, this is the one time when more is not better. Which is the main one you are using, if you let em know I will give you the removal tool for the other

Didn't know by default this fine OS only allows 4 icons after it runs weekly maintenance

Do you think thid id why you are losing the icons ? As I have windows 7 and sometime my desktop is full, but I always have at least 8 on there
  • 0

#9
fenix1
Posted 29 December 2011 - 06:34 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I really think Avast is better antivirus. Seems it has better scanning capabilities. According to a tech i spoke to windows 7 only allows 4 desktop icons. Anything more than that is considered "broken" and is removed as soon as troubleshooting is run supposedly every
Sunday at 1 p.m.. Where in [bleep] does MS get off telling me i can only have 4 icons i don't know! As much [bleep] as i've had trying to recover from this and yet STILL don't have ANY icons it brings to mind "class action lawsuit" as i've found many others are having the same problem. I think MS is negligent in the fact they didn't tell anyone bout this little "tweak'. Had i known this and been able to Disable Troubleshooting in the beginning i wouldn't have this problem now. Still don't have any icons or start menu. I am outraged! As i'm the ONLY person that has access to this machine i'd love to tell them what they could do with their "permissions" as well. If i can't find a solution to this problem i will be going back to Vista. At least i had it set up to where it ran perfectly. Guess i'm through complaining now, this is absolutely ridiculous. Anyways Essexboy i appreciate your' help and if ya have any ideas i really would love to hear from you...Thanks, Charlie
  • 0

#10
Macboatmaster
Posted 29 December 2011 - 07:27 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
I am not authorised to comment in any respect whatsoever on any aspect of this thread relating to Malware.

However, as it was me that responded to your original thread and suggested to you, that I thought you may be confused regarding HOW MANY shortcuts you could have, and the FOUR (no longer valid or corrupt) mentioned in the link I provided. .

I suggest you see this
http://windows.micro...rview#section_1

and then consider whether Microsoft would ever have designed Windows 7 to ONLY ALLOW four shortcuts. - as from the link above

Some people like a clean, uncluttered desktop with few or no icons. Others place dozens of icons on their desktop to give them quick access to frequently used programs, files, and folders.


I think it may be the Tech you spoke to - who is wrong

According to a tech i spoke to windows 7 only allows 4 desktop icons. Anything more than that is considered "broken" and is removed as soon as troubleshooting is run




PLEASE wait for my colleague Essexboy to respond
Essexboy
Hope you do not mind the interjection.
HNY for 2012
  • 0

Advertisements

#11
fenix1
Posted 29 December 2011 - 09:21 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Good ta hear from you Macboatmaster. I had no icons or start menu on desktop. I did have them in all my other files and folders including desktop folder. I couldn't create any shortcuts from them however. I ran the "fix" again and this time it completed. After reboot...now i have no graphics whatsoever anywhere! No pictures, videos, etc. nothing? Still only have titles on desktop...no icons and no start menu. Should i run OTL again?...Charlie
  • 0

#12
fenix1
Posted 30 December 2011 - 02:59 AM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Good news. I ran Rogue Killer again and somehow managed to get all my pictures, videos, and icons for my folders back but STILL don't have any on my Desktop or a Start Menu.
  • 0

#13
Essexboy
Posted 30 December 2011 - 12:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problems Mac and a happy new year to you :thumbsup:

Could you post the rogueKiller log from the last run with option 6 please. I feel there is something that I am not seeing so I will look deeper

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#14
fenix1
Posted 30 December 2011 - 11:24 PM

fenix1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Good ta hear from you Essexboy and a really Happy New Year to you and your'. Ran rogue Killer and Combo Fix. First ran Combo Fix it told me i was infected with "Rootkit Zero Access" and then rebooted and ran scan. Anyways, here is results of Rogue Killer :


'RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Fenix1 [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/30/2011 18:09:38

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] RogueKiller.exe -- C:\Users\Fenix1\Desktop\RogueKiller.exe -> KILLED [TermProc]

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 19 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 15 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt



And now here is Combo Fix :



ComboFix 11-12-30.02 - Fenix1 12/30/2011 22:14:26.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2013.1049 [GMT -6:00]
Running from: c:\users\Fenix1\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 08:40 . 2011-11-08 22:38 0 ----a-w- c:\users\Fenix1\AppData\Local\WavXMapDrive.bat
2011-12-14 16:14 . 2011-11-12 14:04 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-03 07:40 . 2011-11-20 05:59 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-03 07:40 . 2011-11-20 05:46 150856 ----a-w- c:\windows\system32\mfevtps.exe
2011-12-03 07:40 . 2011-03-13 17:20 464176 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-11-30 19:02 . 2011-11-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-17 17:03 . 2007-01-08 16:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-17 17:03 . 2006-10-20 21:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-14 01:44 . 2011-03-29 00:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-12 14:04 . 2011-11-12 14:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-12 14:04 . 2011-11-12 14:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-12 14:04 . 2011-11-12 14:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-12 06:00 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-12 00:17 . 2011-11-12 00:17 18944 ----a-r- c:\users\Fenix1\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-11-12 00:17 . 2011-11-12 00:17 11264 ----a-r- c:\users\Fenix1\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-11-11 06:29 . 2011-11-11 06:29 609280 ----a-w- c:\windows\system32\srkey.exe
2011-11-09 14:24 . 2011-11-09 14:24 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-09 14:24 . 2011-11-09 14:24 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-11-09 14:24 . 2011-11-09 14:24 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-11-09 14:24 . 2011-11-09 14:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-11-09 14:24 . 2011-11-09 14:24 161792 ----a-w- c:\windows\system32\msls31.dll
2011-11-09 14:24 . 2011-11-09 14:24 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-11-09 14:24 . 2011-11-09 14:24 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-11-09 14:24 . 2011-11-09 14:24 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-11-09 14:24 . 2011-11-09 14:24 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-11-09 14:24 . 2011-11-09 14:24 367104 ----a-w- c:\windows\system32\html.iec
2011-11-09 14:24 . 2011-11-09 14:24 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-11-09 14:24 . 2011-11-09 14:24 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-09 14:24 . 2011-11-09 14:24 152064 ----a-w- c:\windows\system32\wextract.exe
2011-11-09 14:24 . 2011-11-09 14:24 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-11-09 14:24 . 2011-11-09 14:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-09 14:24 . 2011-11-09 14:24 11776 ----a-w- c:\windows\system32\mshta.exe
2011-11-09 14:24 . 2011-11-09 14:24 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-31 03:51 . 2011-11-10 23:58 2212096 ----a-w- c:\windows\system32\wweb32.dll
2011-10-15 19:16 . 2011-11-20 05:59 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-15 19:16 . 2011-11-20 05:59 64880 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-15 19:16 . 2011-11-20 05:59 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-15 19:16 . 2011-11-20 05:59 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-15 19:16 . 2011-11-20 05:59 338176 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-15 19:16 . 2011-11-20 05:59 180816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-15 19:16 . 2011-11-20 05:59 165680 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-15 19:16 . 2011-03-13 17:20 121256 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-12-21 07:24 . 2011-12-25 10:19 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[7] 2009-07-14 . 338C86357871C167A96AB976519BF59E . 21584 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
.
[7] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\System32\drivers\asyncmac.sys
[7] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys
.
[7] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\System32\drivers\beep.sys
[7] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys
.
[7] 2009-07-14 . ADEF52CA1AEAE82B50DF86B56413107E . 42576 . . [6.1.7601.17514] . . c:\windows\System32\drivers\kbdclass.sys
[7] 2009-07-14 . ADEF52CA1AEAE82B50DF86B56413107E . 42576 . . [6.1.7601.17514] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\kbdclass.sys
[7] 2009-07-14 . ADEF52CA1AEAE82B50DF86B56413107E . 42576 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\kbdclass.sys
[7] 2009-07-14 . ADEF52CA1AEAE82B50DF86B56413107E . 42576 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\kbdclass.sys
.
[7] 2010-11-20 . E7C54812A2AAF43316EB6930C1FFA108 . 712576 . . [6.1.7600.16385] . . c:\windows\System32\drivers\ndis.sys
[7] 2010-11-20 . E7C54812A2AAF43316EB6930C1FFA108 . 712576 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys
[7] 2009-07-14 . 23759D175A0A9BAAF04D05047BC135A8 . 710720 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
.
[7] 2011-03-11 . A7266D82DB9675AFBDED39695B69EDAC . 1210752 . . [6.1.7600.20921] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[7] 2011-03-11 . 187002CE05693C306F43C873F821381F . 1210240 . . [6.1.7600.16778] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[7] 2011-03-11 . 81189C3D7763838E55C397759D49007A . 1211264 . . [6.1.7600.16385] . . c:\windows\System32\drivers\ntfs.sys
[7] 2011-03-11 . 81189C3D7763838E55C397759D49007A . 1211264 . . [6.1.7601.17577] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[7] 2011-03-11 . E2EDE3F02F95B896A1C7C6F0CC0C4083 . 1211264 . . [6.1.7601.21680] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys
[7] 2010-11-20 . 33C3093D09017CFE2E219F2472BFF6EB . 1211264 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[7] 2009-07-14 . 3795DCD21F740EE799FB7223234215AF . 1210432 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
.
[7] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\System32\drivers\null.sys
[7] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_a93c43a07c50a038\null.sys
.
[7] 2011-09-29 . 3C1C41E317710F74CEC1E7F0D5325993 . 1303920 . . [6.1.7601.21828] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[7] 2011-09-29 . 65D10B191C59C5501A1263FC33F6894B . 1290608 . . [6.1.7600.16385] . . c:\windows\System32\drivers\tcpip.sys
[7] 2011-09-29 . 65D10B191C59C5501A1263FC33F6894B . 1290608 . . [6.1.7601.17697] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[7] 2011-09-29 . 22F7E7CBCA308DEE3428B097D4F8A61C . 1301872 . . [6.1.7600.21060] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[7] 2011-09-29 . 56C198AC82EFA622DD93E9E43575F79C . 1285488 . . [6.1.7600.16889] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[7] 2011-04-25 . 6D4728CFF2724FF3A4654971D61D0F1C . 1301376 . . [6.1.7601.21712] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[7] 2011-04-25 . 0158D5E9982E9D6A90DFC802F618E130 . 1286016 . . [6.1.7600.16802] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[7] 2011-04-25 . 8861B9A06BA99C6E1D62D0C86DFAB86C . 1298816 . . [6.1.7600.20951] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[7] 2011-04-25 . 24326784DF8F3D5F5BBB9F878CE33C14 . 1290624 . . [6.1.7601.17603] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[7] 2010-11-20 . 37E8FA3779668837CA9E2C36D2415949 . 1290112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[7] 2009-07-14 . 2CC3D75488ABD3EC628BBB9A4FC84EFC . 1285712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
.
[7] 2010-11-20 . 6E11F33D14D020F58D5E02E4D67DFA19 . 102400 . . [6.1.7600.16385] . . c:\windows\System32\browser.dll
[7] 2010-11-20 . 6E11F33D14D020F58D5E02E4D67DFA19 . 102400 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_7af090a4fc408e78\browser.dll
[7] 2009-07-14 . 598E1280E7FF3744F4B8329366CC5635 . 102400 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_78bf7cdcff520ade\browser.dll
.
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\System32\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
.
[7] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\System32\netman.dll
[7] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll
.
[7] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[7] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[7] 2010-11-20 . E585445D5021971FAE10393F0F1C3961 . 585728 . . [7.5.7600.16385] . . c:\windows\System32\qmgr.dll
[7] 2010-11-20 . E585445D5021971FAE10393F0F1C3961 . 585728 . . [7.5.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll
[7] 2009-07-14 . 53F476476F55A27F580661BDE09C4EC4 . 589312 . . [7.5.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
.
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\System32\rpcss.dll
[7] 2010-11-20 . 7660F01D3B38ACA1747E397D21D790AF . 376832 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[7] 2009-07-14 . B82CD39E336973359D7C9BF911E8E84F . 376320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
.
[7] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\System32\services.exe
[7] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
[7] 2010-11-20 . 866A43013535DC8587C258E43579C764 . 317440 . . [6.1.7600.16385] . . c:\windows\System32\spoolsv.exe
[7] 2010-11-20 . 866A43013535DC8587C258E43579C764 . 317440 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[7] 2010-08-21 . D1BB750EB51694DE183E08B9C33BE5B2 . 316928 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe
[7] 2010-08-20 . 2FB4CE429488156B19C0D8E5C4552043 . 316928 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[7] 2009-07-14 . 49B6DD6AB3715B7A67965F17194E98A9 . 316416 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
.
[7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\System32\winlogon.exe
[7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[7] 2009-10-28 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16447] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[7] 2009-10-28 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.20560] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
.
[7] 2010-11-20 . 75B06ACD9D8DC0FE3603294E1899F496 . 47104 . . [7.5.7601.17514] . . c:\windows\System32\wuauclt.exe
[7] 2010-11-20 . 75B06ACD9D8DC0FE3603294E1899F496 . 47104 . . [7.5.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_c315782c0def9f8f\wuauclt.exe
[7] 2009-07-14 . B0DA80FF42A0819D162A86612896AAF2 . 47104 . . [7.3.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_3086c9dad36a69b3\wuauclt.exe
.
[7] 2010-11-20 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514] . . c:\windows\System32\drivers\tdx.sys
[7] 2010-11-20 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\System32\comctl32.dll
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
[7] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll
[7] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll
[7] 2010-08-21 . 70EF5DFEF7069164EACF7140C2CC6344 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
[7] 2010-08-21 . 4B8DD8541C0E26602005DD0137333615 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
[7] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll
[7] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll
[7] 2009-07-14 . 0FA436A553408CBEBA070E3182658DE3 . 1680896 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
.
[7] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] . . c:\windows\System32\cryptsvc.dll
[7] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[7] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
.
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\System32\es.dll
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll
.
[7] 2010-11-20 . 4A8E2F20809CC161107FAA94F6CF2685 . 118272 . . [6.1.7601.17514] . . c:\windows\System32\imm32.dll
[7] 2010-11-20 . 4A8E2F20809CC161107FAA94F6CF2685 . 118272 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll
[7] 2009-07-14 . 5DF8132ADF721329234403189FC94E16 . 118272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_5c2c7439dbbe9273\imm32.dll
.
[7] 2011-07-16 . 921F8B3FF01501C9934CCB3C270833D7 . 868352 . . [6.1.7601.21772] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[7] 2011-07-16 . 7E99A20C758ABB5AE89C7AEEA3A9AEB2 . 868352 . . [6.1.7600.16850] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll
[7] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7600.16385] . . c:\windows\System32\kernel32.dll
[7] 2011-07-16 . E570CBD732848438EAC574EB3442A2A8 . 868352 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll
[7] 2011-07-16 . 12DD18C6ECADEDB922E40B494D315206 . 868352 . . [6.1.7600.21010] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll
[7] 2010-11-20 . 5553784D774CA845380650E010BBDA2C . 857600 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
[7] 2009-12-08 . EB7B2309A2B16EEB73C2C13477FEF8FB . 857088 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll
[7] 2009-12-08 . 0369BA73CE6D918745579B24339765E8 . 857088 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll
[7] 2009-07-14 . 4605F7EE9805F7E1C98D6C959DD2949C . 857088 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll
.
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\System32\linkinfo.dll
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_383b884006a7a723\linkinfo.dll
.
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\System32\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_a9a96e9bbbd9f2bd\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_a9fcef03bb9bc457\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_a9d3afe7bbba66c9\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_a9bd1577bbcb7cc9\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_aa2b3c58d4fcfa7d\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_aa517c7cd4e1092d\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_aa899444d4b6a4c2\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_aba3727db8f1e8b5\lpk.dll
[7] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_ac2e0f92d20ea1d6\lpk.dll
.
[7] 2011-11-09 . 04E0CD31A63DFC0D73725A3D1768FB5A . 12275200 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_2bbde72a3c72808c\mshtml.dll
[7] 2011-11-03 . A21B983E40578D0E6CFA9864AC4E1219 . 12279808 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_2c39b32b559af042\mshtml.dll
[7] 2011-11-03 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16421] . . c:\windows\System32\mshtml.dll
[7] 2011-11-03 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_2bac15383c80eb1c\mshtml.dll
[7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll
[7] 2010-02-04 . 5F0851C767DE71C261283D423650FAC9 . 5958656 . . [8.00.7600.16444] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16444_none_2dfdf142fa5f7d16\mshtml.dll
[7] 2010-02-04 . FE1B4F611CFF0B442CEC979BE1CDDF77 . 5958656 . . [8.00.7600.20553] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20553_none_2e7bbdd813861f7a\mshtml.dll
[7] 2010-02-04 . F8F43D14BA21CF92D16B3A16A958778B . 5958656 . . [8.00.7600.16466] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16466_none_2dea51fefa6de7a6\mshtml.dll
[7] 2010-02-04 . 31F80311F487ABA186A10E551B212573 . 5959168 . . [8.00.7600.20579] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20579_none_2e6c1fbc1390ef66\mshtml.dll
[7] 2010-02-04 . 56F5053760581989A9BC7A47E916F661 . 5958656 . . [8.00.7600.16419] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16419_none_2e236278fa42a7f6\mshtml.dll
[7] 2010-02-04 . A89E3948B2EFC55F642FE1FE2CDA2D9E . 5958656 . . [8.00.7600.20521] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20521_none_2e9a2d08136f98f9\mshtml.dll
[7] 2009-12-19 . 96990605689B601287D4A83DD2B05F0B . 5962240 . . [8.00.7600.20600] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_2eaece7c136044e7\mshtml.dll
[7] 2009-12-19 . 6EE36579E69E37D2AB2926A40B16DBB3 . 5961728 . . [8.00.7600.16490] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_2dc3e07efa8ba36f\mshtml.dll
[7] 2009-07-14 . 43592D31AFF84DD957199248898D9430 . 5957632 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll
.
[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] . . c:\windows\System32\msvcrt.dll
[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] . . c:\windows\System32\mswsock.dll
[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[7] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
.
[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] . . c:\windows\System32\netlogon.dll
[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[7] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
.
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\System32\powrprof.dll
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] . . c:\windows\System32\scecli.dll
[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
[7] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
.
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\System32\sfc.dll
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[7] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] . . c:\windows\System32\tapisrv.dll
[7] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
[7] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe
[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[7] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
[7] 2011-11-09 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll
[7] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll
[7] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16421] . . c:\windows\System32\wininet.dll
[7] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll
[7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2009-12-19 . 23587164011EC849E58E229ABC49E239 . 977920 . . [8.00.7600.20600] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll
[7] 2009-12-19 . F1C359CE656BD76F90E0E6C4BC04A4BE . 977920 . . [8.00.7600.16490] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] . . c:\windows\System32\ws2_32.dll
[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[7] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
.
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ws2help.dll
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2010-02-04 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2010-02-04 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-10-06 . 00B0358734CAA32C39D181FE6916B178 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[7] 2009-10-06 . FC89FACA0473641CB625EDA9277D0885 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[7] 2009-07-14 . 8A4883F5E7AC37444F23279239553878 . 398336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] . . c:\windows\System32\ole32.dll
[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
[7] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll
[7] 2010-06-29 . 40E6BF57F6A923038B94C07387118089 . 1414144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll
[7] 2009-07-14 . 4ACB903AD1693858A918907358CBD9E4 . 1412608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll
.
[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] . . c:\windows\System32\usp10.dll
[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
[7] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll
.
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] . . c:\windows\System32\shsvcs.dll
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_cf37c7157b2fafed\shsvcs.dll
[7] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_cd06b34d7e412c53\shsvcs.dll
.
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] . . c:\windows\System32\wininit.exe
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[7] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\System32\regsvc.dll
[7] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll
.
[7] 2010-11-20 . A04BB13F8A72F8B6E8B4071723E4E336 . 750592 . . [6.1.7600.16385] . . c:\windows\System32\schedsvc.dll
[7] 2010-11-20 . A04BB13F8A72F8B6E8B4071723E4E336 . 750592 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_3108887cf54491c3\schedsvc.dll
[7] 2010-11-02 . DF1E5C82E4D09CF8105CC644980C4803 . 749056 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_2ed0aba2f85a86eb\schedsvc.dll
[7] 2010-11-02 . 0F7A8520F0895E6F0F1A0A3FD3EA40D4 . 749056 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_2f922742114f9827\schedsvc.dll
[7] 2009-07-14 . 3E8B0C453E25613A1F59762A5C42AA75 . 743424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_2ed774b4f8560e29\schedsvc.dll
.
[7] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\System32\ssdpsrv.dll
[7] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll
.
[7] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\System32\termsrv.dll
[7] 2010-11-20 . 382C804C92811BE57829D8E550A900E2 . 521216 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[7] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
.
[7] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\System32\hnetcfg.dll
[7] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll
.
[7] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\System32\appmgmts.dll
[7] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll
.
[7] 2009-07-14 . 507812C3054C21CEF746B6EE3D04DD6E . 53312 . . [6.1.7600.16385] . . c:\windows\System32\drivers\AGP440.sys
[7] 2009-07-14 . 507812C3054C21CEF746B6EE3D04DD6E . 53312 . . [6.1.7600.16385] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[7] 2009-07-14 . 507812C3054C21CEF746B6EE3D04DD6E . 53312 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[7] 2009-07-14 . 507812C3054C21CEF746B6EE3D04DD6E . 53312 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
.
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\System32\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[7] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[7] 2011-10-26 . FC9183A26D2AD7BD68F471262CF3946D . 3970928 . . [6.1.7601.21847] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21847_none_6ea3fd3d2b986563\ntkrnlpa.exe
[7] 2011-10-26 . 0E725E4D29CBA35E680DD51099EB6598 . 3970416 . . [6.1.7600.21077] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21077_none_6c9d06af2e8a8365\ntkrnlpa.exe
[7] 2011-10-26 . F2368C2A4B126B2EAEF1985116B88A1D . 3967856 . . [6.1.7601.17713] . . c:\windows\System32\ntkrnlpa.exe
[7] 2011-10-26 . F2368C2A4B126B2EAEF1985116B88A1D . 3967856 . . [6.1.7601.17713] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17713_none_6e36cf0e12660c6a\ntkrnlpa.exe
[7] 2011-10-26 . 0E5E92C8AA8ADA52D37D551E322BF1FA . 3957104 . . [6.1.7600.16905] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16905_none_6c5d42881535b73b\ntkrnlpa.exe
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe
[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe
[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe
[7] 2009-12-08 . 9961859237C15878493ADE2119991614 . 3954776 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntkrnlpa.exe
[7] 2009-12-08 . 92345529A07F31547D73FF6E32E1AFE9 . 3955288 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntkrnlpa.exe
[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
.
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\System32\upnphost.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll
.
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\System32\dsound.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] . . c:\windows\System32\d3d9.dll
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
[7] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll
.
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\System32\ddraw.dll
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\System32\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\System32\perfctrs.dll
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll
.
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\System32\version.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[7] 2011-11-09 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
[7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
.
[7] 2011-10-26 . EB58B25AF04D7C036E648E0406AAB431 . 3915120 . . [6.1.7601.21847] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21847_none_6ea3fd3d2b986563\ntoskrnl.exe
[7] 2011-10-26 . 8B5B4BEC86A77D10820E0BA21249A6B7 . 3915120 . . [6.1.7600.21077] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21077_none_6c9d06af2e8a8365\ntoskrnl.exe
[7] 2011-10-26 . 9DBEE8D5230881B583CF95F7C3BB8BB0 . 3912560 . . [6.1.7601.17713] . . c:\windows\System32\ntoskrnl.exe
[7] 2011-10-26 . 9DBEE8D5230881B583CF95F7C3BB8BB0 . 3912560 . . [6.1.7601.17713] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17713_none_6e36cf0e12660c6a\ntoskrnl.exe
[7] 2011-10-26 . 7539CEF9F7FF4DDAE24DAE5389DDE2C3 . 3901808 . . [6.1.7600.16905] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16905_none_6c5d42881535b73b\ntoskrnl.exe
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . DFB0E9F902FDAB7CD2E180E4072D45DD . 3902336 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2011-06-23 . 638A384E9968036D42BDBDE499A1C8B8 . 3911552 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe
[7] 2010-11-20 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[7] 2010-10-27 . 776201760B5692F10DDA3BE85B54F213 . 3901824 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[7] 2010-10-27 . C6169F5FDC8399E0C6C0729AB6EF2EF8 . 3911552 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[7] 2009-12-08 . 6C2EFFCA281F6F5044810890A0589596 . 3899992 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntoskrnl.exe
[7] 2009-12-08 . CB51AEB061A5454CFC59B0B68ACF53A4 . 3899464 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntoskrnl.exe
[7] 2009-07-14 . B9D673F7707219DFD264891A26C21ECB . 3899472 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
.
[7] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\System32\w32time.dll
[7] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll
.
[7] 2010-11-20 . E1FB3706030FB4578A0D72C2FC3689E4 . 463360 . . [6.1.7600.16385] . . c:\windows\System32\wiaservc.dll
[7] 2010-11-20 . E1FB3706030FB4578A0D72C2FC3689E4 . 463360 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_349ba4fd11957512\wiaservc.dll
[7] 2009-07-14 . A22825E7BB7018E8AF3E229A5AF17221 . 462336 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7600.16385_none_326a913514a6f178\wiaservc.dll
.
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\System32\midimap.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] . . c:\windows\System32\rasadhlp.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@ )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-06 02:22 . 2011-12-31 04:03 55284 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2011-12-30 10:58 41608 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-12-31 04:45 41608 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-08 23:19 . 2011-12-31 04:14 12918 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3792762254-3201514299-365106432-1001_UserData.bin
+ 2011-12-31 04:11 . 2009-07-13 23:11 80896 c:\windows\System32\drivers\i8042prt.sys
- 2009-07-13 23:11 . 2009-07-13 23:11 80896 c:\windows\System32\drivers\i8042prt.sys
- 2011-12-30 10:26 . 2011-12-30 10:26 13330 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-12-31 04:11 . 2011-12-31 04:11 13330 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-12-27 21:18 . 2011-12-30 09:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-27 21:18 . 2011-12-31 03:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-12-27 21:12 . 2011-12-31 04:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-27 21:12 . 2011-12-30 10:57 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-27 21:11 . 2011-12-31 04:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-27 21:11 . 2011-12-30 10:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-30 22:37 . 2011-12-30 22:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011123020111231\index.dat
- 2011-12-27 21:12 . 2011-12-30 10:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-27 21:12 . 2011-12-31 04:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-31 04:12 . 2011-12-31 04:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-31 04:12 . 2011-12-31 04:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-30 10:26 . 2011-12-30 10:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2011-12-30 10:34 625976 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-12-31 04:21 625976 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-12-31 04:21 107084 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2011-12-30 10:34 107084 c:\windows\System32\perfc009.dat
+ 2011-12-28 04:03 . 2011-12-31 00:10 111872 c:\windows\System32\drivers\TrueSight.sys
- 2011-12-28 04:03 . 2011-12-30 07:35 111872 c:\windows\System32\drivers\TrueSight.sys
- 2009-07-14 04:47 . 2011-12-30 10:25 276520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-12-31 04:11 276520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-09 22:55 . 2011-12-31 04:11 6958318 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792762254-3201514299-365106432-1001-12288.dat
+ 2011-12-20 00:30 . 2011-12-20 00:30 7976448 c:\windows\Installer\2a07dfb.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"cdloader"="c:\users\Fenix1\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Magentic"=c:\progra~1\Magentic\bin\Magentic.exe /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
R3 cpuz134;cpuz134;c:\users\Fenix1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 CrucialSMBusScan;CrucialSMBusScan;c:\users\Fenix1\AppData\Local\Temp\CrucialSMBusScan_V32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-03 87656]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-12 1343400]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-16 1803512]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [2008-03-11 22560]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-10-15 165680]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-10-15 64880]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [2008-03-11 87072]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-02-18 24576]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2011-01-28 214904]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 160608]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-03 150856]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-11-17 255744]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-10-15 57600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-10-15 338176]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-09 17:31]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-09 17:31]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001Core.job
- c:\users\Fenix1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 16:05]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3792762254-3201514299-365106432-1001UA.job
- c:\users\Fenix1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 16:05]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_x488g&r=170511114706p0465u2i5z47326284
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: DhcpNameServer = 208.180.42.100 208.180.42.68
FF - ProfilePath - c:\users\Fenix1\AppData\Roaming\Mozilla\Firefox\Profiles\7hu2limx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z149&form=ZGAADF&install_date=20111220&q=
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(452)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\progra~1\mcafee.com\agent\McUpdate.exe
.
**************************************************************************
.
Completion time: 2011-12-30 23:00:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-31 05:00
ComboFix2.txt 2011-12-30 11:15
.
Pre-Run: 109,170,257,920 bytes free
Post-Run: 108,871,086,080 bytes free
.
- - End Of File - - 72F3927CD9CF776B0CA74FB67ADCB84B



Don't understand how i can have icons in my files and folders and yet none on the desktop. Guess it has something specifically to do with the desktop?

  • 0

#15
Essexboy
Posted 31 December 2011 - 06:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download the McAfee removal tool to your desktop
From control panel > programs and features
Uninstall McAfee
Reboot
Run the McAfee removal tool
Reboot

Once done let me know what problems remain

Meanwhile I will have a rummage on my system to see if there is a setting restricting the number of icons on the desktop
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP