Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista Antivirus 2011 [Solved]

Started by matthewryan2004 , Dec 28 2011 03:13 PM

  • This topic is locked This topic is locked

#1
matthewryan2004
Posted 28 December 2011 - 03:13 PM

matthewryan2004

    New Member

  • Member
  • Pip
  • 8 posts
I was infected a couple weeks ago with the vista antivirus 2011 virus. I ran malwarebytes and I thought I had gotten rid of it. Ever since I have noticed my computer is running slower. Malwarebytes also detects a couple problems everytime I run it now. I have a mbam log and an OTL log.


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
matt :: NEWCOMP [administrator]

12/28/2011 3:54:57 PM
mbam-log-2011-12-28 (15-54-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173265
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





OTL logfile created on: 12/28/2011 4:03:07 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.28 Gb Total Space | 172.90 Gb Free Space | 47.60% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.27 Gb Free Space | 13.64% Space Free | Partition Type: NTFS

Computer Name: NEWCOMP | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 01:49:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/09 10:48:37 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/12/08 18:01:56 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/12/02 07:49:14 | 001,101,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/11/14 18:15:16 | 000,197,288 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/21 16:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2009/09/24 04:46:08 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/09/18 09:24:08 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009/08/21 08:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/07/07 19:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\System32\ANIWConnService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/07/03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 16:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/08 18:01:56 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/08 13:30:02 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/10 05:29:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 04:46:08 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/07/07 19:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 01:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/21 12:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2011/12/28 09:22:26 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AD025FD-8423-4606-B947-4E69B12D5401}\MpKsldb6a97fd.sys -- (MpKsldb6a97fd)
DRV - [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/10/22 22:07:25 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/01 10:44:21 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/17 08:51:04 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091015.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 08:51:04 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/17 08:51:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys -- (EraserUtilDrvI9)
DRV - [2009/09/17 08:51:04 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091015.050\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/26 19:26:38 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090923.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/08/03 09:56:10 | 000,735,232 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/03/17 11:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/03/06 17:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/12/07 10:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 10:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/08/08 04:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?rlz=1V1IPYX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10211&home=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/?rlz=1V1IPYX"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {70df8d13-bdd3-448e-944c-efde21b77161}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {AAA46C78-D425-4A1D-8F71-B87748C37071}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://www.google.co...rlz=1V2IPYX&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/09 10:51:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 01:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/09 11:05:52 | 000,000,000 | ---D | M]

[2009/09/24 05:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2011/12/08 13:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions
[2010/07/23 20:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/01 05:34:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/02 16:41:57 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/12/08 13:29:32 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/05/22 08:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\nostmp
[2009/10/14 03:10:56 | 000,004,554 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\aim-search.xml
[2010/12/20 15:51:43 | 000,002,568 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\askcom.xml
[2011/01/14 01:29:56 | 000,001,919 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\bing-zugo.xml
[2011/12/10 13:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/24 01:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
File not found (No name found) --
[2011/12/24 01:49:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/12/09 10:59:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/11/10 15:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
[2011/12/24 01:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/08/02 16:41:56 | 000,003,195 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Complitly.xml
[2011/12/24 01:49:44 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml
[2010/07/25 16:43:47 | 000,001,469 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober216825805.xml
[2009/04/07 12:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober126335147.gif
[2010/05/20 23:29:13 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober126335147.src

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\matt\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe ()
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [HotKeyMan] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 09:35:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{23072c0b-d99b-11de-b075-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{23072c0b-d99b-11de-b075-001e901df623}\Shell\AutoRun\command - "" = O:\setup.exe
O33 - MountPoints2\{ca3201f7-cf63-11de-b48d-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{ca3201f7-cf63-11de-b48d-001e901df623}\Shell\AutoRun\command - "" = M:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\matt\AppData\Roaming\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 14:57:47 | 000,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFRafShellEx.dll
[2011/12/28 14:57:43 | 000,233,472 | ---- | C] (FUJIFILM Corporation) -- C:\Windows\System32\RFCLauncher.exe
[2011/12/28 14:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\RAF
[2011/12/28 14:57:19 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\FUJIFILM
[2011/12/28 14:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUJIFILM
[2011/12/28 14:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FUJIFILM
[2011/12/28 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\FUJIFILM
[2011/12/28 09:21:17 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\tshirts
[2011/12/27 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\elyrics
[2011/12/27 15:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/20 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Logitech
[2011/12/20 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Logishrd
[2011/12/18 20:06:25 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\postcards
[2011/12/18 01:54:56 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\20bucks
[2011/12/11 21:26:59 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\hidden photos
[2011/12/09 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\newcoins
[2011/12/09 13:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/12/09 11:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/09 11:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/09 11:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/09 10:51:43 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Real
[2011/12/09 10:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/09 10:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/12/09 10:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/12/09 10:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2011/12/09 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\The Weather Channel
[2011/12/09 10:28:14 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Secunia PSI
[2011/12/09 10:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/12/08 13:30:41 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\adaware
[2011/12/08 13:30:35 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/08 13:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/12/08 13:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/12/08 13:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/12/08 13:28:57 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/08 13:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/08 13:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/08 13:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/08 13:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/08 13:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/08 09:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/05 11:36:27 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Launch-n-Go
[2011/12/05 11:36:24 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Workspace Macro Pro
[2011/12/05 11:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Workspace Macro Pro 6.5
[2011/12/05 11:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace Macro Pro 6.5
[2011/12/05 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Workspace Macro
[2011/12/05 11:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Workspace Macro 4.6
[2011/12/05 11:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace Macro 4.6
[2011/12/05 11:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Automation Macro Recorder
[2011/12/05 11:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Automation Macro Recorder
[2011/12/05 11:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Free Labs
[2011/12/02 12:29:09 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\XENU
[2010/08/05 11:07:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\matt\AppData\Roaming\pcouffin.sys
[2010/06/02 17:48:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2010/06/02 17:48:24 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2010/06/02 17:48:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2010/06/02 17:48:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2010/06/02 17:48:24 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2010/06/02 17:48:24 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2010/06/02 17:48:24 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2010/06/02 17:48:24 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2010/06/02 17:48:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2010/06/02 17:48:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2010/06/02 17:48:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2010/06/02 17:48:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2010/06/02 17:48:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/12/28 15:56:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 15:56:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 15:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/28 15:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/28 15:54:28 | 000,000,892 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 15:30:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/28 15:10:59 | 000,169,472 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 15:00:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/12/28 14:56:18 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\MyFinePix Studio.lnk
[2011/12/28 14:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/28 14:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/28 13:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/28 13:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/28 13:30:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 12:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/28 12:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/28 11:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/28 11:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/28 10:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/28 10:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/28 09:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/28 09:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/28 09:10:36 | 000,003,284 | ---- | M] () -- C:\Users\matt\AppData\Roaming\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/12/28 09:10:29 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/28 09:10:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 09:10:28 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/28 07:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/28 07:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/28 06:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/28 06:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/28 06:54:31 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/12/28 05:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/28 05:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/28 04:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/28 04:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/28 03:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/28 03:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/28 02:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/28 02:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/28 01:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/28 01:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/28 00:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/28 00:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/27 23:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At49.job
[2011/12/27 23:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/27 22:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/27 22:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/27 21:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/27 21:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/27 20:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/27 20:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/27 19:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/27 19:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/27 18:56:01 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/27 18:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/27 17:56:05 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/27 17:56:05 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/27 16:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/27 16:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/27 03:29:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/26 21:03:21 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - matt.job
[2011/12/25 13:29:18 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/23 12:47:03 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/23 12:47:03 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/23 12:39:15 | 000,960,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/22 13:30:23 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/22 13:30:23 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/17 22:38:57 | 000,050,464 | ---- | M] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2011/12/13 12:09:52 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/12 21:36:11 | 000,001,873 | ---- | M] () -- C:\Users\matt\Desktop\System Mechanic.lnk
[2011/12/12 02:35:20 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe
[2011/12/12 02:35:02 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe
[2011/12/12 01:52:12 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/09 12:35:55 | 000,000,332 | ---- | M] () -- C:\Windows\SysMech.INI
[2011/12/09 11:05:40 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/09 10:51:26 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/09 10:44:48 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/12/09 10:36:26 | 000,000,020 | ---- | M] () -- C:\Users\matt\defogger_reenable
[2011/12/09 10:27:07 | 000,000,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/08 13:30:18 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/08 13:30:16 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/12/08 13:28:59 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/08 13:21:18 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 13:21:10 | 000,001,917 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/08 11:22:39 | 000,000,000 | ---- | M] () -- C:\ProgramData\3r5jO05.dat
[2011/12/08 09:40:08 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/07 19:36:07 | 001,008,120 | ---- | M] () -- C:\Users\matt\Desktop\iExplorer.exe
[2011/12/07 19:06:02 | 000,011,886 | -HS- | M] () -- C:\Users\matt\AppData\Local\pshpdm0h1loo1mfe5pww1k168t3s
[2011/12/07 19:06:02 | 000,011,886 | -HS- | M] () -- C:\ProgramData\pshpdm0h1loo1mfe5pww1k168t3s
[2011/12/05 11:36:14 | 000,000,819 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
[2011/12/05 11:36:13 | 000,000,846 | ---- | M] () -- C:\Users\matt\Desktop\Workspace Macro Pro 6.5.lnk
[2011/12/05 11:35:49 | 003,964,864 | ---- | M] () -- C:\Users\matt\Desktop\WrkSpc-MacroPro-setup650.exe
[2011/12/05 11:33:09 | 000,000,806 | ---- | M] () -- C:\Users\matt\Desktop\Workspace Macro 4.6.lnk
[2011/12/05 11:32:46 | 001,814,222 | ---- | M] () -- C:\Users\matt\Desktop\WrkSpc-Macro-setup460.exe
[2011/12/05 11:30:51 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\Windows Automation Macro Recorder.lnk
[2011/12/05 11:25:40 | 000,417,792 | ---- | M] () -- C:\Users\matt\Desktop\macrorecorderseup.msi
[2011/12/02 12:29:01 | 000,437,129 | ---- | M] () -- C:\Users\matt\Desktop\XENU.ZIP
[2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/12/28 15:54:28 | 000,000,892 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 15:00:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/12/28 14:56:18 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\MyFinePix Studio.lnk
[2011/12/23 12:40:15 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/23 12:39:15 | 000,960,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/11 13:30:43 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/11 13:30:43 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/09 11:05:40 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/12/09 10:51:26 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/09 10:44:48 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\The Weather Channel Desktop .lnk
[2011/12/09 10:36:04 | 000,000,020 | ---- | C] () -- C:\Users\matt\defogger_reenable
[2011/12/09 10:27:07 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/09 10:27:07 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/12/08 16:38:14 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/08 13:28:59 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/12/08 13:21:18 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 13:21:10 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/08 13:21:10 | 000,001,917 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/08 13:19:51 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 13:19:50 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 11:22:39 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At49.job
[2011/12/08 11:22:39 | 000,000,000 | ---- | C] () -- C:\ProgramData\3r5jO05.dat
[2011/12/08 11:22:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/08 11:22:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/08 11:22:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/08 11:22:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/08 11:22:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/08 11:22:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/08 11:22:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/08 11:22:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/08 11:22:38 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/08 11:22:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/08 11:22:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/08 11:22:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/08 11:22:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/08 11:22:37 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/08 11:22:37 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/08 11:22:37 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/08 11:22:37 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/08 11:22:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/08 11:22:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/08 11:22:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/08 11:22:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/08 11:22:36 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/08 11:22:36 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/08 11:22:36 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/08 11:22:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/08 11:22:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/08 11:22:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/08 11:22:35 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/08 11:22:35 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/08 11:22:35 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/08 11:22:35 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/08 11:22:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/08 11:22:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/08 11:22:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/08 11:22:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/08 11:22:34 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/08 11:22:34 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/08 11:22:34 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/08 11:22:34 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/08 11:22:33 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/08 11:22:33 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/08 11:22:33 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/08 11:22:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/08 11:22:32 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/08 11:22:32 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/08 11:22:31 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/08 11:22:30 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/08 09:40:08 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/08 09:31:47 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/07 19:37:21 | 001,008,120 | ---- | C] () -- C:\Users\matt\Desktop\iExplorer.exe
[2011/12/07 19:00:12 | 000,011,886 | -HS- | C] () -- C:\Users\matt\AppData\Local\pshpdm0h1loo1mfe5pww1k168t3s
[2011/12/07 19:00:12 | 000,011,886 | -HS- | C] () -- C:\ProgramData\pshpdm0h1loo1mfe5pww1k168t3s
[2011/12/05 11:36:14 | 000,000,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
[2011/12/05 11:36:13 | 000,000,846 | ---- | C] () -- C:\Users\matt\Desktop\Workspace Macro Pro 6.5.lnk
[2011/12/05 11:35:29 | 003,964,864 | ---- | C] () -- C:\Users\matt\Desktop\WrkSpc-MacroPro-setup650.exe
[2011/12/05 11:33:09 | 000,000,806 | ---- | C] () -- C:\Users\matt\Desktop\Workspace Macro 4.6.lnk
[2011/12/05 11:32:37 | 001,814,222 | ---- | C] () -- C:\Users\matt\Desktop\WrkSpc-Macro-setup460.exe
[2011/12/05 11:30:51 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\Windows Automation Macro Recorder.lnk
[2011/12/05 11:25:38 | 000,417,792 | ---- | C] () -- C:\Users\matt\Desktop\macrorecorderseup.msi
[2011/12/02 12:28:58 | 000,437,129 | ---- | C] () -- C:\Users\matt\Desktop\XENU.ZIP
[2011/09/24 10:03:24 | 000,003,284 | ---- | C] () -- C:\Users\matt\AppData\Roaming\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/09/24 10:00:04 | 000,000,258 | ---- | C] () -- C:\Users\matt\AppData\Roaming\ANICONFIG_{FC26C250-359E-4755-8105-6FB8644A5484}.ini
[2011/09/24 09:59:20 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ANIWConnService.exe
[2011/09/24 09:59:00 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2011/09/24 09:59:00 | 000,217,088 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2011/09/24 09:59:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2011/09/24 09:59:00 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2011/09/24 09:58:43 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2011/09/24 09:58:12 | 000,733,184 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2011/09/24 09:58:12 | 000,237,568 | ---- | C] () -- C:\Windows\System32\ANIWPS.exe
[2011/09/24 09:47:15 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2011/09/24 09:47:14 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/09/12 18:45:59 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/08/03 17:32:51 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/08/03 17:32:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/26 23:08:34 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/14 13:50:00 | 000,000,332 | ---- | C] () -- C:\Windows\SysMech.INI
[2011/04/12 19:03:38 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2011/03/19 10:06:02 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/19 10:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/10 02:08:52 | 000,050,464 | ---- | C] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2011/03/08 18:55:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010/12/15 11:18:39 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/10 19:36:44 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/09 17:41:56 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/08/05 11:08:57 | 000,000,668 | ---- | C] () -- C:\Users\matt\AppData\Roaming\vso_ts_preview.xml
[2010/08/05 11:07:55 | 000,087,608 | ---- | C] () -- C:\Users\matt\AppData\Roaming\inst.exe
[2010/08/05 11:07:55 | 000,007,887 | ---- | C] () -- C:\Users\matt\AppData\Roaming\pcouffin.cat
[2010/08/05 11:07:55 | 000,001,144 | ---- | C] () -- C:\Users\matt\AppData\Roaming\pcouffin.inf
[2010/08/01 11:25:23 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/20 16:40:49 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/06/09 19:35:14 | 000,000,120 | ---- | C] () -- C:\Users\matt\AppData\Local\Rtelacega.dat
[2010/06/09 19:35:14 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\Tputubetogu.bin
[2010/06/05 23:15:25 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2010/06/02 17:48:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2010/05/24 20:35:45 | 000,472,576 | ---- | C] () -- C:\Windows\uninstall.exe
[2010/05/24 20:35:45 | 000,069,720 | ---- | C] () -- C:\Windows\uninstall.dat
[2010/04/22 13:24:54 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/02/28 10:00:14 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2009/10/07 23:19:02 | 000,169,472 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/27 03:27:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/27 03:27:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 04:43:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/27 14:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/08/27 14:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/08/27 14:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/08/25 13:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 12:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 11:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/02 12:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/06/02 12:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/06/02 12:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/06/02 12:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/06/02 12:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/06/02 12:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/06/02 12:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/06/02 12:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 17:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 17:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 17:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/18 09:35:44 | 000,000,060 | ---- | C] () -- C:\Windows\System32\HP_Demo.ini
[2008/04/18 09:27:44 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/04/18 09:23:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/04/18 09:21:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/18 09:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/10/15 14:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 14:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe

========== LOP Check ==========

[2009/10/13 04:28:30 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Absolute Poker
[2009/10/14 03:10:27 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\acccore
[2011/08/02 16:41:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Aquarius Soft
[2010/08/08 03:28:25 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Ashtons. Family Resort
[2009/10/31 21:13:50 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\CasualForge
[2011/08/02 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Complitly
[2011/12/08 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DAEMON Tools Lite
[2011/09/06 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\dekovir
[2009/11/06 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DivoGames
[2010/05/16 06:55:19 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Facebook
[2010/08/01 01:27:11 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Flood Light Games
[2010/08/01 21:15:33 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Floodlight Games
[2011/12/08 13:23:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Free Download Manager
[2009/11/14 14:58:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Got Game Entertainment
[2010/05/23 06:04:27 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\GrabPro
[2010/08/10 03:20:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\gtk-2.0
[2011/08/02 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Hulubulu
[2011/12/09 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\iolo
[2011/03/13 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\IrfanView
[2010/12/02 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Lionhead Studios
[2011/11/08 03:51:11 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Microsys
[2010/07/25 16:43:39 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Oberon Media
[2011/03/10 02:33:52 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\OpenOffice.org
[2011/03/13 01:14:19 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Orbit
[2010/05/19 05:56:48 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\PlayFirst
[2010/06/06 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Pogo
[2011/06/14 08:31:50 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Red Alert 3
[2011/03/21 16:42:16 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Smilebox
[2009/09/23 23:56:54 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Snapfish
[2011/03/10 02:08:54 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Template
[2010/10/25 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Ubisoft
[2011/10/01 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\uTorrent
[2010/05/23 07:29:15 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\ValuSoft
[2010/12/23 17:43:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Vso
[2009/09/25 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\WinBatch
[2011/11/19 13:32:32 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Windows Live Writer
[2010/07/30 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\YoudaGames
[2010/12/16 11:16:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\YouDataAIR.CDA5CEB063BC2A22C44BAA035F25F65FCCDA2208.1
[2011/12/25 13:29:18 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/12/27 03:29:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/28 04:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/12/28 04:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/12/28 05:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/12/28 05:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/28 06:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/12/28 06:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/12/28 07:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/12/28 07:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/12/28 09:10:28 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/12/28 09:10:29 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/12/28 00:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/12/28 09:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/12/28 09:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/12/28 10:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/12/28 10:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/12/28 11:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/12/28 11:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/12/28 12:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/12/28 12:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/12/28 13:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/12/28 13:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/12/28 00:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/28 14:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/12/28 14:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/12/28 15:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/12/28 15:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/12/27 16:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/12/27 16:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/12/27 17:56:05 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/12/27 17:56:05 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/12/27 18:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/12/27 18:56:01 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/12/28 01:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/12/27 19:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/12/27 19:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/12/27 20:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/12/27 20:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/12/27 21:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/12/27 21:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/12/27 22:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/12/27 22:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/12/27 23:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/12/27 23:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At49.job
[2011/12/28 01:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/12/28 02:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/12/28 02:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/12/28 03:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/28 03:56:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/12/23 12:28:19 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:80AC2AE7
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:9026FFAC
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D0AB0B4A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1C6D843F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:417B6FAC

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 28 December 2011 - 03:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of this run could you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/07 19:06:02 | 000,011,886 | -HS- | M] () -- C:\Users\matt\AppData\Local\pshpdm0h1loo1mfe5pww1k168t3s
    [2011/12/07 19:06:02 | 000,011,886 | -HS- | M] () -- C:\ProgramData\pshpdm0h1loo1mfe5pww1k168t3s
    [2011/12/08 11:22:39 | 000,000,000 | ---- | M] () -- C:\ProgramData\3r5jO05.dat

    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
matthewryan2004
Posted 28 December 2011 - 10:29 PM

matthewryan2004

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 21:04:16
-----------------------------
21:04:16.287 OS Version: Windows 6.0.6002 Service Pack 2
21:04:16.287 Number of processors: 2 586 0x6B02
21:04:16.287 ComputerName: NEWCOMP UserName: matt
21:04:19.048 Initialize success
21:04:36.224 AVAST engine defs: 11122801
21:04:40.639 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
21:04:40.654 Disk 0 Vendor: ST340082 3.CH Size: 381554MB BusType: 6
21:04:42.667 Disk 0 MBR read successfully
21:04:42.682 Disk 0 MBR scan
21:04:42.698 Disk 0 unknown MBR code
21:04:42.729 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 371997 MB offset 63
21:04:42.776 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9554 MB offset 761850495
21:04:42.791 Disk 0 scanning sectors +781417665
21:04:42.932 Disk 0 scanning C:\Windows\system32\drivers
21:05:13.929 Service scanning
21:05:14.849 Service MpKslfbb4927c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AD025FD-8423-4606-B947-4E69B12D5401}\MpKslfbb4927c.sys **LOCKED** 32
21:05:14.865 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:05:15.629 Modules scanning
21:05:34.755 Disk 0 trace - called modules:
21:05:34.786 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
21:05:34.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ca78e0]
21:05:34.786 3 CLASSPNP.SYS[8072e8b3] -> nt!IofCallDriver -> [0x85090b68]
21:05:34.802 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\00000064[0x84c77030]
21:05:36.268 AVAST engine scan C:\Windows
21:05:50.605 AVAST engine scan C:\Windows\system32
21:08:27.166 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
21:11:50.029 AVAST engine scan C:\Windows\system32\drivers
21:12:14.801 AVAST engine scan C:\Users\matt
21:37:54.304 Disk 0 MBR has been saved successfully to "C:\Users\matt\Documents\MBR.dat"
21:37:54.398 The log file has been saved successfully to "C:\Users\matt\Documents\aswMBR.txt"


aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-28 21:45:54
-----------------------------
21:45:54.347 OS Version: Windows 6.0.6002 Service Pack 2
21:45:54.347 Number of processors: 2 586 0x6B02
21:45:54.347 ComputerName: NEWCOMP UserName: matt
21:45:55.299 Initialize success
21:46:04.129 AVAST engine defs: 11122801
21:46:07.420 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
21:46:07.420 Disk 0 Vendor: ST340082 3.CH Size: 381554MB BusType: 6
21:46:09.526 Disk 0 MBR read successfully
21:46:09.526 Disk 0 MBR scan
21:46:09.573 Disk 0 unknown MBR code
21:46:09.589 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 371997 MB offset 63
21:46:09.635 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9554 MB offset 761850495
21:46:09.682 Disk 0 scanning sectors +781417665
21:46:09.885 Disk 0 scanning C:\Windows\system32\drivers
21:46:46.108 Service scanning
21:46:46.919 Service MpKslfbb4927c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AD025FD-8423-4606-B947-4E69B12D5401}\MpKslfbb4927c.sys **LOCKED** 32
21:46:46.919 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:46:47.746 Modules scanning
21:47:21.286 Disk 0 trace - called modules:
21:47:21.302 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys SYMTDI.SYS tcpip.sys NETIO.SYS usbhub.sys
21:47:21.317 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ca78e0]
21:47:21.317 3 CLASSPNP.SYS[8072e8b3] -> nt!IofCallDriver -> [0x85090b68]
21:47:21.333 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\00000064[0x84c77030]
21:47:22.238 AVAST engine scan C:\Windows
21:47:55.793 AVAST engine scan C:\Windows\system32
21:49:59.049 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
21:54:35.419 AVAST engine scan C:\Windows\system32\drivers
21:55:41.055 AVAST engine scan C:\Users\matt
22:55:42.278 AVAST engine scan C:\ProgramData
23:23:57.920 Scan finished successfully
23:28:31.161 Disk 0 MBR has been saved successfully to "C:\Users\matt\Documents\MBR.dat"
23:28:31.284 The log file has been saved successfully to "C:\Users\matt\Documents\aswMBR.txt"
  • 0

#4
Essexboy
Posted 29 December 2011 - 01:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One to kill thaqt aswMBR found then a quick MBAM run. On completion could you let me know how the system is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Windows\system32\jureg.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Update and run Malwarebytes, posting the resultant log
  • 0

#5
matthewryan2004
Posted 29 December 2011 - 02:55 PM

matthewryan2004

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
computer still seems to be running slow, but as long as it's clean i'm not too concerned.

OTL logfile created on: 12/29/2011 3:41:52 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.28 Gb Total Space | 170.12 Gb Free Space | 46.83% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.27 Gb Free Space | 13.64% Space Free | Partition Type: NTFS

Computer Name: NEWCOMP | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 18:01:56 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/12/02 07:49:14 | 001,101,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/21 16:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2009/09/24 04:46:08 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/09/18 09:24:08 | 001,708,032 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2009/08/21 08:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/07/07 19:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\System32\ANIWConnService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/07/03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 16:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/08 18:01:56 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/12/08 13:30:02 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/10 05:29:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 04:46:08 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/07/07 19:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 01:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/21 12:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2011/12/29 15:29:57 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE5DCEAD-B2B4-4487-8B29-CBA855A4FBB9}\MpKsl02628c22.sys -- (MpKsl02628c22)
DRV - [2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/10/22 22:07:25 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/01 10:44:21 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/17 08:51:04 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091015.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 08:51:04 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/17 08:51:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 08:51:04 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091015.050\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/26 19:26:38 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090923.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/08/03 09:56:10 | 000,735,232 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/03/17 11:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/03/06 17:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/12/07 10:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 10:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/08/08 04:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/?rlz=1V1IPYX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10211&home=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/?rlz=1V1IPYX"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {70df8d13-bdd3-448e-944c-efde21b77161}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {AAA46C78-D425-4A1D-8F71-B87748C37071}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..keyword.URL: "http://www.google.co...rlz=1V2IPYX&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/09 10:51:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 01:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/09 11:05:52 | 000,000,000 | ---D | M]

[2009/09/24 05:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2011/12/08 13:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions
[2010/07/23 20:31:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/01 05:34:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/02 16:41:57 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011/12/08 13:29:32 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/05/22 08:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\nostmp
[2009/10/14 03:10:56 | 000,004,554 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\aim-search.xml
[2010/12/20 15:51:43 | 000,002,568 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\askcom.xml
[2011/01/14 01:29:56 | 000,001,919 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\bing-zugo.xml
[2011/12/10 13:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/24 01:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
File not found (No name found) --
[2011/12/24 01:49:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/12/09 10:59:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/11/10 15:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
[2011/12/24 01:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/08/02 16:41:56 | 000,003,195 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Complitly.xml
[2011/12/24 01:49:44 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml
[2010/07/25 16:43:47 | 000,001,469 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober216825805.xml
[2009/04/07 12:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober126335147.gif
[2010/05/20 23:29:13 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober126335147.src

O1 HOSTS File: ([2011/12/29 15:09:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\matt\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Device Detection] C:\Program Files\FUJIFILM\MyFinePix Studio\dd.exe ()
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 09:35:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{23072c0b-d99b-11de-b075-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{23072c0b-d99b-11de-b075-001e901df623}\Shell\AutoRun\command - "" = O:\setup.exe
O33 - MountPoints2\{ca3201f7-cf63-11de-b48d-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{ca3201f7-cf63-11de-b48d-001e901df623}\Shell\AutoRun\command - "" = M:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 15:27:21 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/12/29 15:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/12/29 15:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/12/29 09:51:53 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\monstersteel
[2011/12/28 18:33:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 14:57:47 | 000,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFRafShellEx.dll
[2011/12/28 14:57:43 | 000,233,472 | ---- | C] (FUJIFILM Corporation) -- C:\Windows\System32\RFCLauncher.exe
[2011/12/28 14:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\RAF
[2011/12/28 14:57:19 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\FUJIFILM
[2011/12/28 14:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUJIFILM
[2011/12/28 14:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FUJIFILM
[2011/12/28 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\FUJIFILM
[2011/12/28 09:21:17 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\tshirts
[2011/12/27 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\elyrics
[2011/12/27 15:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/20 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Logitech
[2011/12/20 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Logishrd
[2011/12/18 20:06:25 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\postcards
[2011/12/18 01:54:56 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\20bucks
[2011/12/11 21:26:59 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\hidden photos
[2011/12/09 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\newcoins
[2011/12/09 13:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/12/09 11:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/09 11:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/09 11:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/09 10:51:43 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Real
[2011/12/09 10:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/09 10:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/12/09 10:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/12/09 10:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2011/12/09 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\The Weather Channel
[2011/12/09 10:28:14 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Secunia PSI
[2011/12/09 10:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/12/08 13:30:41 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\adaware
[2011/12/08 13:30:35 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/08 13:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2011/12/08 13:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/12/08 13:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2011/12/08 13:28:57 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/12/08 13:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/12/08 13:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/08 13:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/08 13:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/08 13:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/08 09:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/05 11:36:27 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Launch-n-Go
[2011/12/05 11:36:24 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Workspace Macro Pro
[2011/12/05 11:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Workspace Macro Pro 6.5
[2011/12/05 11:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace Macro Pro 6.5
[2011/12/05 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Workspace Macro
[2011/12/05 11:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Workspace Macro 4.6
[2011/12/05 11:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace Macro 4.6
[2011/12/05 11:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Automation Macro Recorder
[2011/12/05 11:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Automation Macro Recorder
[2011/12/05 11:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Free Labs
[2011/12/02 12:29:09 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\XENU
[2010/08/05 11:07:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\matt\AppData\Roaming\pcouffin.sys
[2010/06/02 17:48:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2010/06/02 17:48:24 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2010/06/02 17:48:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2010/06/02 17:48:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2010/06/02 17:48:24 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2010/06/02 17:48:24 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2010/06/02 17:48:24 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2010/06/02 17:48:24 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2010/06/02 17:48:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2010/06/02 17:48:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2010/06/02 17:48:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2010/06/02 17:48:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2010/06/02 17:48:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/12/29 15:30:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 15:27:21 | 000,000,802 | ---- | M] () -- C:\Users\matt\Desktop\Free Window Registry Repair.lnk
[2011/12/29 15:25:39 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/29 15:25:39 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/29 15:22:22 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/12/29 15:22:22 | 000,003,284 | ---- | M] () -- C:\Users\matt\AppData\Roaming\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/12/29 15:18:29 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 15:18:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 15:18:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 15:18:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 15:09:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/28 23:28:31 | 000,000,512 | ---- | M] () -- C:\Users\matt\Documents\MBR.dat
[2011/12/28 21:58:13 | 000,172,032 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 20:59:27 | 338,857,777 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/28 18:48:17 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/28 18:48:17 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/28 15:54:28 | 000,000,892 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 15:00:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/12/26 21:03:21 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - matt.job
[2011/12/23 12:39:15 | 000,960,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/17 22:38:57 | 000,050,464 | ---- | M] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2011/12/13 12:09:52 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/12 21:36:11 | 000,001,873 | ---- | M] () -- C:\Users\matt\Desktop\System Mechanic.lnk
[2011/12/12 02:35:20 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe
[2011/12/12 02:35:02 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe
[2011/12/12 01:52:12 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/09 12:35:55 | 000,000,332 | ---- | M] () -- C:\Windows\SysMech.INI
[2011/12/09 10:51:26 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/09 10:36:26 | 000,000,020 | ---- | M] () -- C:\Users\matt\defogger_reenable
[2011/12/09 10:27:07 | 000,000,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/08 13:30:18 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/08 13:30:16 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/12/08 13:21:18 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 13:21:10 | 000,001,917 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/08 09:40:08 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/07 19:36:07 | 001,008,120 | ---- | M] () -- C:\Users\matt\Desktop\iExplorer.exe
[2011/12/05 11:36:14 | 000,000,819 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
[2011/12/05 11:33:09 | 000,000,806 | ---- | M] () -- C:\Users\matt\Desktop\Workspace Macro 4.6.lnk
[2011/12/02 12:29:01 | 000,437,129 | ---- | M] () -- C:\Users\matt\Desktop\XENU.ZIP
[2011/12/02 07:49:14 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/12/29 15:27:21 | 000,000,802 | ---- | C] () -- C:\Users\matt\Desktop\Free Window Registry Repair.lnk
[2011/12/28 21:37:54 | 000,000,512 | ---- | C] () -- C:\Users\matt\Documents\MBR.dat
[2011/12/28 20:59:27 | 338,857,777 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/28 15:54:28 | 000,000,892 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 15:00:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/12/23 12:39:15 | 000,960,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/11 13:30:43 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/11 13:30:43 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/09 10:51:26 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/09 10:36:04 | 000,000,020 | ---- | C] () -- C:\Users\matt\defogger_reenable
[2011/12/09 10:27:07 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/09 10:27:07 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/12/08 16:38:14 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/12/08 13:21:18 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 13:21:10 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/08 13:21:10 | 000,001,917 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/08 13:19:51 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 13:19:50 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 09:40:08 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/08 09:31:47 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/07 19:37:21 | 001,008,120 | ---- | C] () -- C:\Users\matt\Desktop\iExplorer.exe
[2011/12/05 11:36:14 | 000,000,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
[2011/12/05 11:33:09 | 000,000,806 | ---- | C] () -- C:\Users\matt\Desktop\Workspace Macro 4.6.lnk
[2011/12/02 12:28:58 | 000,437,129 | ---- | C] () -- C:\Users\matt\Desktop\XENU.ZIP
[2011/09/24 10:03:24 | 000,003,284 | ---- | C] () -- C:\Users\matt\AppData\Roaming\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/09/24 10:00:04 | 000,000,258 | ---- | C] () -- C:\Users\matt\AppData\Roaming\ANICONFIG_{FC26C250-359E-4755-8105-6FB8644A5484}.ini
[2011/09/24 09:59:20 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ANIWConnService.exe
[2011/09/24 09:59:00 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2011/09/24 09:59:00 | 000,217,088 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2011/09/24 09:59:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2011/09/24 09:59:00 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2011/09/24 09:58:43 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2011/09/24 09:58:12 | 000,733,184 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2011/09/24 09:58:12 | 000,237,568 | ---- | C] () -- C:\Windows\System32\ANIWPS.exe
[2011/09/24 09:47:15 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2011/09/24 09:47:14 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/09/12 18:45:59 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/08/03 17:32:51 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/08/03 17:32:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/26 23:08:34 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/14 13:50:00 | 000,000,332 | ---- | C] () -- C:\Windows\SysMech.INI
[2011/04/12 19:03:38 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2011/03/19 10:06:02 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/19 10:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/10 02:08:52 | 000,050,464 | ---- | C] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2011/03/08 18:55:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010/12/15 11:18:39 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/10 19:36:44 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/09 17:41:56 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/08/05 11:08:57 | 000,000,668 | ---- | C] () -- C:\Users\matt\AppData\Roaming\vso_ts_preview.xml
[2010/08/05 11:07:55 | 000,087,608 | ---- | C] () -- C:\Users\matt\AppData\Roaming\inst.exe
[2010/08/05 11:07:55 | 000,007,887 | ---- | C] () -- C:\Users\matt\AppData\Roaming\pcouffin.cat
[2010/08/05 11:07:55 | 000,001,144 | ---- | C] () -- C:\Users\matt\AppData\Roaming\pcouffin.inf
[2010/08/01 11:25:23 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/20 16:40:49 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/06/09 19:35:14 | 000,000,120 | ---- | C] () -- C:\Users\matt\AppData\Local\Rtelacega.dat
[2010/06/09 19:35:14 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\Tputubetogu.bin
[2010/06/05 23:15:25 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2010/06/02 17:48:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2010/05/24 20:35:45 | 000,472,576 | ---- | C] () -- C:\Windows\uninstall.exe
[2010/05/24 20:35:45 | 000,069,720 | ---- | C] () -- C:\Windows\uninstall.dat
[2010/04/22 13:24:54 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/02/28 10:00:14 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2009/10/07 23:19:02 | 000,172,032 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/27 03:27:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/27 03:27:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 04:43:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/27 14:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/08/27 14:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/08/27 14:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/08/25 13:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 12:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 11:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/02 12:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/06/02 12:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/06/02 12:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/06/02 12:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/06/02 12:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/06/02 12:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/06/02 12:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/06/02 12:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 17:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 17:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 17:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/18 09:35:44 | 000,000,060 | ---- | C] () -- C:\Windows\System32\HP_Demo.ini
[2008/04/18 09:27:44 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/04/18 09:23:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/04/18 09:21:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/18 09:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/10/15 14:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 14:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe

========== LOP Check ==========

[2009/10/13 04:28:30 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Absolute Poker
[2009/10/14 03:10:27 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\acccore
[2011/08/02 16:41:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Aquarius Soft
[2010/08/08 03:28:25 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Ashtons. Family Resort
[2009/10/31 21:13:50 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\CasualForge
[2011/08/02 16:41:47 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Complitly
[2011/12/08 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DAEMON Tools Lite
[2011/09/06 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\dekovir
[2009/11/06 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DivoGames
[2010/05/16 06:55:19 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Facebook
[2010/08/01 01:27:11 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Flood Light Games
[2010/08/01 21:15:33 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Floodlight Games
[2011/12/08 13:23:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Free Download Manager
[2009/11/14 14:58:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Got Game Entertainment
[2010/05/23 06:04:27 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\GrabPro
[2010/08/10 03:20:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\gtk-2.0
[2011/08/02 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Hulubulu
[2011/12/09 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\iolo
[2011/03/13 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\IrfanView
[2010/12/02 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Lionhead Studios
[2011/11/08 03:51:11 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Microsys
[2010/07/25 16:43:39 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Oberon Media
[2011/03/10 02:33:52 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\OpenOffice.org
[2011/03/13 01:14:19 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Orbit
[2010/05/19 05:56:48 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\PlayFirst
[2010/06/06 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Pogo
[2011/06/14 08:31:50 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Red Alert 3
[2011/03/21 16:42:16 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Smilebox
[2009/09/23 23:56:54 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Snapfish
[2011/03/10 02:08:54 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Template
[2010/10/25 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Ubisoft
[2011/10/01 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\uTorrent
[2010/05/23 07:29:15 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\ValuSoft
[2010/12/23 17:43:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Vso
[2009/09/25 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\WinBatch
[2011/11/19 13:32:32 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Windows Live Writer
[2010/07/30 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\YoudaGames
[2010/12/16 11:16:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\YouDataAIR.CDA5CEB063BC2A22C44BAA035F25F65FCCDA2208.1
[2011/12/29 15:15:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:80AC2AE7
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:9026FFAC
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D0AB0B4A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1C6D843F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:417B6FAC

< End of report >


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
matt :: NEWCOMP [administrator]

12/29/2011 3:47:56 PM
mbam-log-2011-12-29 (15-47-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 172945
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
Essexboy
Posted 29 December 2011 - 03:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now start to tidy up and see if we can make the system faster - where is it slowest ? When browsing or on start up ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10211&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10211&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10211&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.search...si=10211&home=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10211&home=1
    FF - prefs.js..browser.search.defaultengine: "Complitly"
    FF - prefs.js..browser.search.selectedEngine: "Search the Web"
    FF - prefs.js..extensions.enabledItems: {70df8d13-bdd3-448e-944c-efde21b77161}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {AAA46C78-D425-4A1D-8F71-B87748C37071}:1.9.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    [2011/08/02 16:41:57 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2011/08/02 16:41:56 | 000,003,195 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Complitly.xml
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
    O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\matt\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
matthewryan2004
Posted 30 December 2011 - 12:48 PM

matthewryan2004

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I ran the OTL fix, and afterwards my computer was possessed. Upon rebooting, the computer took about 10 minutes to start up. I lost internet access also. My wireless adapter stopped responding. I tried reinstalling the adapter software and it still would not work. After about a couple hours of trying to get my computer to do anything, I restarted in safe mode. I ran Iolo System Mechanic and did a full scan. Every file on my computer was misaligned which is odd because I regularly run system mechanic. There were numerous registry errors. I tried multiple times to do a system restore and I kept receiving error messages. I finally did a registry restore to a date in November and the internet started working again and the computer start up time was considerably less. I have spent most of today running several diagnostic tools trying to clean up any problems. MBAM now found 2 problems just like before I posted on the forum. Also, the aswMBR scan had a couple items in red that were not present before. I am including an OTL, MBAM, and aswMBR scan.



OTL logfile created on: 12/30/2011 12:28:04 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.28 Gb Total Space | 177.74 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.27 Gb Free Space | 13.64% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.80% Space Free | Partition Type: UDF

Computer Name: NEWCOMP | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 20:55:11 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\matt\Pictures\aswMBR.exe
PRC - [2011/12/24 01:49:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/08 18:01:56 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2011/05/21 16:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2009/09/24 04:46:08 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/07/03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/21 16:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (ANIWConnService)
SRV - [2011/12/08 18:01:56 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/11/10 05:29:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 04:46:08 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 14:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 01:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/21 12:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2009/10/22 22:07:25 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/01 10:44:21 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/17 08:51:04 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091015.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 08:51:04 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/17 08:51:04 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 08:51:04 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091015.050\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/26 19:26:38 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090923.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/08/03 09:56:10 | 000,735,232 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/03/17 11:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/03/06 17:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/22 13:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/12/07 10:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 10:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/08/08 04:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.h...lion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.search...si=10211&home=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.search...si=10211&home=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...m/?rlz=1V1IPYX"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/29 18:48:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/24 01:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/09 11:05:52 | 000,000,000 | ---D | M]

[2009/09/24 05:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2011/12/29 18:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions
[2011/12/29 18:48:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/29 18:48:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/22 08:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\extensions\nostmp
[2009/10/14 03:10:56 | 000,004,554 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\aim-search.xml
[2010/12/20 15:51:43 | 000,002,568 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\askcom.xml
[2011/01/14 01:29:56 | 000,001,919 | ---- | M] () -- C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\bing-zugo.xml
[2011/12/10 13:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/24 01:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
File not found (No name found) --
[2011/12/24 01:49:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/12/09 10:59:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/11/10 15:46:38 | 000,002,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
[2011/12/24 01:49:44 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/12/24 01:49:44 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml
[2010/07/25 16:43:47 | 000,001,469 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober216825805.xml
[2009/04/07 12:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober126335147.gif
[2010/05/20 23:29:13 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober126335147.src

O1 HOSTS File: ([2011/12/29 17:54:26 | 000,000,352 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - No CLSID value found.
O2 - BHO: (no name) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HotKeyMan] File not found
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/18 09:35:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{23072c0b-d99b-11de-b075-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{23072c0b-d99b-11de-b075-001e901df623}\Shell\AutoRun\command - "" = O:\setup.exe
O33 - MountPoints2\{ca3201f7-cf63-11de-b48d-001e901df623}\Shell - "" = AutoRun
O33 - MountPoints2\{ca3201f7-cf63-11de-b48d-001e901df623}\Shell\AutoRun\command - "" = M:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\matt\AppData\Roaming\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 11:41:25 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/29 15:27:21 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/12/29 15:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2011/12/29 15:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair
[2011/12/29 09:51:53 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\monstersteel
[2011/12/28 18:33:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 14:57:47 | 000,208,896 | ---- | C] (FUJI PHOTO FILM CO., LTD.) -- C:\Windows\System32\FFRafShellEx.dll
[2011/12/28 14:57:43 | 000,233,472 | ---- | C] (FUJIFILM Corporation) -- C:\Windows\System32\RFCLauncher.exe
[2011/12/28 14:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\RAF
[2011/12/28 14:57:19 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\FUJIFILM
[2011/12/28 14:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUJIFILM
[2011/12/28 14:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FUJIFILM
[2011/12/28 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\FUJIFILM
[2011/12/28 09:21:17 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\tshirts
[2011/12/27 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\elyrics
[2011/12/27 15:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/20 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Logitech
[2011/12/20 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Logishrd
[2011/12/18 20:06:25 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\postcards
[2011/12/18 01:54:56 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\20bucks
[2011/12/11 21:26:59 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\hidden photos
[2011/12/09 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\newcoins
[2011/12/09 13:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/12/09 11:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/09 11:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/09 11:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/12/09 10:51:43 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Real
[2011/12/09 10:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/12/09 10:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/12/09 10:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
[2011/12/09 10:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2011/12/09 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\The Weather Channel
[2011/12/09 10:28:14 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Secunia PSI
[2011/12/09 10:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/12/08 13:30:35 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/08 13:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2011/12/08 13:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/12/08 13:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/12/08 13:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/08 13:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/12/08 09:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/05 11:36:27 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Launch-n-Go
[2011/12/05 11:36:24 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Workspace Macro Pro
[2011/12/05 11:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Workspace Macro Pro 6.5
[2011/12/05 11:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace Macro Pro 6.5
[2011/12/05 11:33:25 | 000,000,000 | ---D | C] -- C:\Users\matt\Documents\Workspace Macro
[2011/12/05 11:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace Macro 4.6
[2011/12/05 11:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Automation Macro Recorder
[2011/12/05 11:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Automation Macro Recorder
[2011/12/05 11:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\Free Labs
[2011/12/02 12:29:09 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\XENU
[2010/08/05 11:07:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\matt\AppData\Roaming\pcouffin.sys
[2010/06/02 17:48:24 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2010/06/02 17:48:24 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2010/06/02 17:48:24 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2010/06/02 17:48:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2010/06/02 17:48:24 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2010/06/02 17:48:24 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2010/06/02 17:48:24 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2010/06/02 17:48:24 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2010/06/02 17:48:24 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2010/06/02 17:48:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2010/06/02 17:48:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2010/06/02 17:48:23 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2010/06/02 17:48:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/12/30 11:45:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765277965-891785485-1232435216-1000UA.job
[2011/12/30 11:45:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765277965-891785485-1232435216-1000Core.job
[2011/12/30 11:41:27 | 000,002,001 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/30 11:14:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 11:14:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 05:52:21 | 000,000,332 | ---- | M] () -- C:\Windows\SysMech.INI
[2011/12/30 05:19:00 | 000,618,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/30 05:19:00 | 000,108,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/30 05:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 17:54:26 | 000,000,352 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/29 17:36:18 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/29 16:30:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 15:27:21 | 000,000,802 | ---- | M] () -- C:\Users\matt\Desktop\Free Window Registry Repair.lnk
[2011/12/29 15:22:22 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/12/29 15:22:22 | 000,003,284 | ---- | M] () -- C:\Users\matt\AppData\Roaming\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/12/29 15:18:29 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/28 23:28:31 | 000,000,512 | ---- | M] () -- C:\Users\matt\Documents\MBR.dat
[2011/12/28 21:58:13 | 000,172,032 | ---- | M] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 18:48:17 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/12/28 18:48:17 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/12/28 15:54:28 | 000,000,892 | ---- | M] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 15:00:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/12/26 21:03:21 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - matt.job
[2011/12/23 12:39:15 | 000,960,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/17 22:38:57 | 000,050,464 | ---- | M] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2011/12/13 12:09:52 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/12 21:36:11 | 000,001,873 | ---- | M] () -- C:\Users\matt\Desktop\System Mechanic.lnk
[2011/12/12 02:35:20 | 000,029,696 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe
[2011/12/12 02:35:02 | 000,011,776 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe
[2011/12/12 01:52:12 | 002,083,464 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/09 10:51:26 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/09 10:36:26 | 000,000,020 | ---- | M] () -- C:\Users\matt\defogger_reenable
[2011/12/09 10:27:07 | 000,000,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/08 13:30:18 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/12/08 13:21:18 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 09:40:08 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/07 19:36:07 | 001,008,120 | ---- | M] () -- C:\Users\matt\Desktop\iExplorer.exe
[2011/12/02 12:29:01 | 000,437,129 | ---- | M] () -- C:\Users\matt\Desktop\XENU.ZIP

========== Files Created - No Company Name ==========

[2011/12/30 11:40:35 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765277965-891785485-1232435216-1000UA.job
[2011/12/30 11:40:34 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3765277965-891785485-1232435216-1000Core.job
[2011/12/29 16:56:42 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/12/29 15:27:21 | 000,000,802 | ---- | C] () -- C:\Users\matt\Desktop\Free Window Registry Repair.lnk
[2011/12/28 21:37:54 | 000,000,512 | ---- | C] () -- C:\Users\matt\Documents\MBR.dat
[2011/12/28 15:54:28 | 000,000,892 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 15:00:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/12/23 12:39:15 | 000,960,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/11 13:30:43 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/11 13:30:43 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/12/09 10:51:26 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/12/09 10:36:04 | 000,000,020 | ---- | C] () -- C:\Users\matt\defogger_reenable
[2011/12/09 10:27:07 | 000,000,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/09 10:27:07 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/12/08 13:21:18 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/08 13:21:10 | 000,002,001 | ---- | C] () -- C:\Users\matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/08 13:21:10 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/08 13:19:51 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 13:19:50 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 09:40:08 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/08 09:31:47 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/07 19:37:21 | 001,008,120 | ---- | C] () -- C:\Users\matt\Desktop\iExplorer.exe
[2011/12/02 12:28:58 | 000,437,129 | ---- | C] () -- C:\Users\matt\Desktop\XENU.ZIP
[2011/09/24 10:03:24 | 000,003,284 | ---- | C] () -- C:\Users\matt\AppData\Roaming\ANIWZCS{FC26C250-359E-4755-8105-6FB8644A5484}
[2011/09/24 10:00:04 | 000,000,258 | ---- | C] () -- C:\Users\matt\AppData\Roaming\ANICONFIG_{FC26C250-359E-4755-8105-6FB8644A5484}.ini
[2011/09/24 09:47:15 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2011/09/24 09:47:14 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2011/09/12 18:45:59 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/08/03 17:32:51 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/08/03 17:32:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/26 23:08:34 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/14 13:50:00 | 000,000,332 | ---- | C] () -- C:\Windows\SysMech.INI
[2011/04/12 19:03:38 | 000,088,576 | R--- | C] () -- C:\Windows\rauninst.exe
[2011/03/19 10:06:02 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/03/19 10:04:28 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/03/10 02:08:52 | 000,050,464 | ---- | C] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2011/03/08 18:55:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2010/12/15 11:18:39 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/10 19:36:44 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/09 17:41:56 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/08/05 11:08:57 | 000,000,668 | ---- | C] () -- C:\Users\matt\AppData\Roaming\vso_ts_preview.xml
[2010/08/05 11:07:55 | 000,087,608 | ---- | C] () -- C:\Users\matt\AppData\Roaming\inst.exe
[2010/08/05 11:07:55 | 000,007,887 | ---- | C] () -- C:\Users\matt\AppData\Roaming\pcouffin.cat
[2010/08/05 11:07:55 | 000,001,144 | ---- | C] () -- C:\Users\matt\AppData\Roaming\pcouffin.inf
[2010/08/01 11:25:23 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/07/20 16:40:49 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/06/09 19:35:14 | 000,000,120 | ---- | C] () -- C:\Users\matt\AppData\Local\Rtelacega.dat
[2010/06/09 19:35:14 | 000,000,000 | ---- | C] () -- C:\Users\matt\AppData\Local\Tputubetogu.bin
[2010/06/05 23:15:25 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2010/06/02 17:48:25 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2010/05/24 20:35:45 | 000,472,576 | ---- | C] () -- C:\Windows\uninstall.exe
[2010/05/24 20:35:45 | 000,069,720 | ---- | C] () -- C:\Windows\uninstall.dat
[2010/04/22 13:24:54 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010/03/02 19:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010/02/28 10:00:14 | 000,000,680 | ---- | C] () -- C:\Users\matt\AppData\Local\d3d9caps.dat
[2009/10/07 23:19:02 | 000,172,032 | ---- | C] () -- C:\Users\matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/27 03:27:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/27 03:27:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 04:43:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/27 14:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/08/27 14:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/08/27 14:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/08/25 13:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 12:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 11:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/08/02 23:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/02 12:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/06/02 12:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/06/02 12:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/06/02 12:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/06/02 12:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/06/02 12:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/06/02 12:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/06/02 12:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 17:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 17:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 17:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/18 09:35:44 | 000,000,060 | ---- | C] () -- C:\Windows\System32\HP_Demo.ini
[2008/04/18 09:27:44 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/04/18 09:23:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/04/18 09:21:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/18 09:21:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,618,578 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,982 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/10/15 14:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 14:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe

========== LOP Check ==========

[2011/12/29 18:48:08 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Absolute Poker
[2009/10/14 03:10:27 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\acccore
[2011/08/02 16:41:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Aquarius Soft
[2010/08/08 03:28:25 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Ashtons. Family Resort
[2009/10/31 21:13:50 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\CasualForge
[2011/12/29 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Complitly
[2011/12/08 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DAEMON Tools Lite
[2011/09/06 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\dekovir
[2009/11/06 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\DivoGames
[2011/12/29 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Facebook
[2010/08/01 01:27:11 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Flood Light Games
[2010/08/01 21:15:33 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Floodlight Games
[2011/12/08 13:23:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Free Download Manager
[2009/11/14 14:58:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Got Game Entertainment
[2010/05/23 06:04:27 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\GrabPro
[2011/12/29 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\gtk-2.0
[2011/08/02 16:35:02 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Hulubulu
[2011/12/30 05:43:07 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\iolo
[2011/03/13 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\IrfanView
[2010/12/02 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Lionhead Studios
[2011/11/08 03:51:11 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Microsys
[2011/03/10 02:33:52 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\OpenOffice.org
[2011/03/13 01:14:19 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Orbit
[2010/05/19 05:56:48 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\PlayFirst
[2010/06/06 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Pogo
[2011/06/14 08:31:50 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Red Alert 3
[2011/12/29 18:48:13 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Smilebox
[2009/09/23 23:56:54 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Snapfish
[2011/03/10 02:08:54 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Template
[2010/10/25 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Ubisoft
[2011/10/01 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\uTorrent
[2010/05/23 07:29:15 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\ValuSoft
[2010/12/23 17:43:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Vso
[2009/09/25 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\WinBatch
[2011/11/19 13:32:32 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Windows Live Writer
[2010/07/30 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\YoudaGames
[2010/12/16 11:16:57 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\YouDataAIR.CDA5CEB063BC2A22C44BAA035F25F65FCCDA2208.1
[2011/12/29 17:36:18 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/12/29 16:51:44 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:80AC2AE7
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:9026FFAC
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D0AB0B4A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:1C6D843F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:9AB56A06
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:417B6FAC

< End of report >






Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.30.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
matt :: NEWCOMP [administrator]

12/30/2011 12:09:02 PM
mbam-log-2011-12-30 (12-09-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 172269
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-30 12:28:32
-----------------------------
12:28:32.702 OS Version: Windows 6.0.6002 Service Pack 2
12:28:32.702 Number of processors: 2 586 0x6B02
12:28:32.703 ComputerName: NEWCOMP UserName: matt
12:28:35.049 Initialize success
12:28:40.547 AVAST engine defs: 11123000
12:28:44.596 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
12:28:44.600 Disk 0 Vendor: ST340082 3.CH Size: 381554MB BusType: 6
12:28:46.663 Disk 0 MBR read successfully
12:28:46.666 Disk 0 MBR scan
12:28:46.696 Disk 0 unknown MBR code
12:28:46.708 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 371997 MB offset 63
12:28:46.745 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9554 MB offset 761850495
12:28:46.789 Disk 0 scanning sectors +781417665
12:28:46.985 Disk 0 scanning C:\Windows\system32\drivers
12:29:13.866 Service scanning
12:29:14.586 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:29:15.177 Modules scanning
12:29:44.134 Disk 0 trace - called modules:
12:29:44.149 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84c471f8]<<
12:29:44.150 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8567d548]
12:29:44.150 3 CLASSPNP.SYS[896938b3] -> nt!IofCallDriver -> [0x83e76958]
12:29:44.151 5 acpi.sys[8073b6bc] -> nt!IofCallDriver -> \Device\00000063[0x84ccba10]
12:29:44.151 \Driver\nvstor32[0x84cce980] -> IRP_MJ_CREATE -> 0x84c471f8
12:29:47.107 AVAST engine scan C:\Windows
12:30:24.436 AVAST engine scan C:\Windows\system32
12:34:29.223 AVAST engine scan C:\Windows\system32\drivers
12:35:09.439 AVAST engine scan C:\Users\matt
13:31:03.137 AVAST engine scan C:\ProgramData
13:47:02.637 Scan finished successfully
13:47:28.156 Disk 0 MBR has been saved successfully to "C:\Users\matt\Documents\MBR.dat"
13:47:28.163 The log file has been saved successfully to "C:\Users\matt\Documents\aswMBR.txt"
  • 0

#8
Essexboy
Posted 30 December 2011 - 01:25 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The two MBAM elements are neither here nor there as they are user applied settings

But aswMBR is not quite right. The sptd is not a problem it is the unknown

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#9
matthewryan2004
Posted 30 December 2011 - 01:46 PM

matthewryan2004

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
14:44:17.0775 3568 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:44:18.0104 3568 ============================================================
14:44:18.0104 3568 Current date / time: 2011/12/30 14:44:18.0104
14:44:18.0104 3568 SystemInfo:
14:44:18.0104 3568
14:44:18.0104 3568 OS Version: 6.0.6002 ServicePack: 2.0
14:44:18.0104 3568 Product type: Workstation
14:44:18.0104 3568 ComputerName: NEWCOMP
14:44:18.0104 3568 UserName: matt
14:44:18.0104 3568 Windows directory: C:\Windows
14:44:18.0104 3568 System windows directory: C:\Windows
14:44:18.0104 3568 Processor architecture: Intel x86
14:44:18.0104 3568 Number of processors: 2
14:44:18.0104 3568 Page size: 0x1000
14:44:18.0104 3568 Boot type: Normal boot
14:44:18.0104 3568 ============================================================
14:44:18.0521 3568 Initialize success
14:44:23.0454 5032 ============================================================
14:44:23.0454 5032 Scan started
14:44:23.0454 5032 Mode: Manual; SigCheck; TDLFS;
14:44:23.0454 5032 ============================================================
14:44:24.0149 5032 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:44:24.0256 5032 ACPI - ok
14:44:24.0320 5032 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:44:24.0347 5032 adp94xx - ok
14:44:24.0416 5032 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:44:24.0438 5032 adpahci - ok
14:44:24.0463 5032 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:44:24.0484 5032 adpu160m - ok
14:44:24.0510 5032 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:44:24.0530 5032 adpu320 - ok
14:44:24.0567 5032 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:44:24.0607 5032 AFD - ok
14:44:24.0670 5032 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:44:24.0688 5032 agp440 - ok
14:44:24.0739 5032 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:44:24.0758 5032 aic78xx - ok
14:44:24.0772 5032 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:44:24.0789 5032 aliide - ok
14:44:24.0798 5032 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:44:24.0816 5032 amdagp - ok
14:44:24.0826 5032 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:44:24.0843 5032 amdide - ok
14:44:24.0873 5032 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:44:24.0908 5032 AmdK7 - ok
14:44:24.0918 5032 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
14:44:24.0952 5032 AmdK8 - ok
14:44:24.0976 5032 anodlwf (48e008cf2edcf8fc91a9d3507865a51d) C:\Windows\system32\DRIVERS\anodlwf.sys
14:44:25.0004 5032 anodlwf - ok
14:44:25.0099 5032 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:44:25.0117 5032 arc - ok
14:44:25.0126 5032 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:44:25.0146 5032 arcsas - ok
14:44:25.0174 5032 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:25.0205 5032 AsyncMac - ok
14:44:25.0231 5032 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:44:25.0248 5032 atapi - ok
14:44:25.0283 5032 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:44:25.0314 5032 Beep - ok
14:44:25.0352 5032 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:44:25.0385 5032 blbdrive - ok
14:44:25.0420 5032 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:44:25.0457 5032 bowser - ok
14:44:25.0467 5032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:44:25.0496 5032 BrFiltLo - ok
14:44:25.0504 5032 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:44:25.0532 5032 BrFiltUp - ok
14:44:25.0564 5032 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:44:25.0617 5032 Brserid - ok
14:44:25.0629 5032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:44:25.0680 5032 BrSerWdm - ok
14:44:25.0695 5032 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:44:25.0746 5032 BrUsbMdm - ok
14:44:25.0762 5032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:44:25.0817 5032 BrUsbSer - ok
14:44:25.0830 5032 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:44:25.0882 5032 BTHMODEM - ok
14:44:25.0925 5032 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:44:25.0959 5032 cdfs - ok
14:44:26.0007 5032 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:44:26.0037 5032 cdrom - ok
14:44:26.0050 5032 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:44:26.0083 5032 circlass - ok
14:44:26.0117 5032 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:44:26.0145 5032 CLFS - ok
14:44:26.0165 5032 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:44:26.0183 5032 cmdide - ok
14:44:26.0201 5032 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys
14:44:26.0217 5032 COH_Mon - ok
14:44:26.0230 5032 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:44:26.0247 5032 Compbatt - ok
14:44:26.0265 5032 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\Windows\system32\drivers\CO_Mon.sys
14:44:26.0282 5032 CO_Mon - ok
14:44:26.0324 5032 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:44:26.0341 5032 crcdisk - ok
14:44:26.0371 5032 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:44:26.0404 5032 Crusoe - ok
14:44:26.0456 5032 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:44:26.0491 5032 DfsC - ok
14:44:26.0529 5032 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:44:26.0548 5032 disk - ok
14:44:26.0593 5032 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:44:26.0619 5032 drmkaud - ok
14:44:26.0629 5032 dtsoftbus01 - ok
14:44:26.0686 5032 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:44:26.0718 5032 DXGKrnl - ok
14:44:26.0765 5032 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:44:26.0799 5032 E1G60 - ok
14:44:26.0842 5032 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:44:26.0862 5032 Ecache - ok
14:44:26.0965 5032 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:44:27.0026 5032 eeCtrl - ok
14:44:27.0141 5032 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys
14:44:27.0159 5032 ElRawDisk - ok
14:44:27.0188 5032 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:44:27.0213 5032 elxstor - ok
14:44:27.0297 5032 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:44:27.0316 5032 EraserUtilRebootDrv - ok
14:44:27.0395 5032 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:44:27.0426 5032 ErrDev - ok
14:44:27.0490 5032 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:44:27.0514 5032 exfat - ok
14:44:27.0525 5032 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:44:27.0555 5032 fastfat - ok
14:44:27.0565 5032 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:44:27.0597 5032 fdc - ok
14:44:27.0625 5032 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:44:27.0644 5032 FileInfo - ok
14:44:27.0653 5032 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:44:27.0686 5032 Filetrace - ok
14:44:27.0698 5032 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:27.0733 5032 flpydisk - ok
14:44:27.0777 5032 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:44:27.0797 5032 FltMgr - ok
14:44:27.0833 5032 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
14:44:27.0851 5032 fssfltr - ok
14:44:27.0864 5032 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:44:27.0893 5032 Fs_Rec - ok
14:44:27.0913 5032 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:44:27.0935 5032 gagp30kx - ok
14:44:27.0991 5032 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:28.0071 5032 HDAudBus - ok
14:44:28.0091 5032 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:44:28.0141 5032 HidBth - ok
14:44:28.0151 5032 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:44:28.0204 5032 HidIr - ok
14:44:28.0236 5032 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:44:28.0263 5032 HidUsb - ok
14:44:28.0333 5032 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:44:28.0350 5032 HpCISSs - ok
14:44:28.0423 5032 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
14:44:28.0459 5032 HSF_DP - ok
14:44:28.0491 5032 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
14:44:28.0514 5032 HSXHWBS2 - ok
14:44:28.0555 5032 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:44:28.0604 5032 HTTP - ok
14:44:28.0646 5032 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:44:28.0663 5032 i2omp - ok
14:44:28.0672 5032 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:28.0702 5032 i8042prt - ok
14:44:28.0715 5032 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:44:28.0736 5032 iaStorV - ok
14:44:28.0842 5032 IDSvix86 (74f2b7d99b8613eac36edf22a2ab3b08) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090923.001\IDSvix86.sys
14:44:28.0866 5032 IDSvix86 - ok
14:44:28.0944 5032 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:44:28.0961 5032 iirsp - ok
14:44:29.0091 5032 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
14:44:29.0155 5032 IntcAzAudAddService - ok
14:44:29.0211 5032 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:44:29.0227 5032 intelide - ok
14:44:29.0261 5032 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:44:29.0294 5032 intelppm - ok
14:44:29.0328 5032 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:29.0363 5032 IpFilterDriver - ok
14:44:29.0393 5032 IpInIp - ok
14:44:29.0419 5032 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:44:29.0454 5032 IPMIDRV - ok
14:44:29.0478 5032 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:44:29.0513 5032 IPNAT - ok
14:44:29.0536 5032 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:44:29.0568 5032 IRENUM - ok
14:44:29.0607 5032 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:44:29.0626 5032 isapnp - ok
14:44:29.0694 5032 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:44:29.0716 5032 iScsiPrt - ok
14:44:29.0761 5032 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:44:29.0778 5032 iteatapi - ok
14:44:29.0794 5032 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:44:29.0811 5032 iteraid - ok
14:44:29.0827 5032 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:29.0846 5032 kbdclass - ok
14:44:29.0888 5032 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:44:29.0915 5032 kbdhid - ok
14:44:29.0959 5032 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:44:29.0985 5032 KSecDD - ok
14:44:30.0088 5032 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:44:30.0120 5032 lltdio - ok
14:44:30.0161 5032 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:44:30.0180 5032 LSI_FC - ok
14:44:30.0203 5032 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:44:30.0221 5032 LSI_SAS - ok
14:44:30.0244 5032 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:44:30.0263 5032 LSI_SCSI - ok
14:44:30.0293 5032 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:44:30.0327 5032 luafv - ok
14:44:30.0378 5032 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
14:44:30.0393 5032 mcdbus ( UnsignedFile.Multi.Generic ) - warning
14:44:30.0393 5032 mcdbus - detected UnsignedFile.Multi.Generic (1)
14:44:30.0432 5032 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:44:30.0461 5032 mdmxsdk - ok
14:44:30.0511 5032 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:44:30.0529 5032 megasas - ok
14:44:30.0565 5032 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:44:30.0591 5032 MegaSR - ok
14:44:30.0618 5032 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:44:30.0654 5032 Modem - ok
14:44:30.0677 5032 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:44:30.0711 5032 monitor - ok
14:44:30.0735 5032 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:44:30.0754 5032 mouclass - ok
14:44:30.0787 5032 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:44:30.0820 5032 mouhid - ok
14:44:30.0851 5032 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:44:30.0869 5032 MountMgr - ok
14:44:30.0894 5032 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:44:30.0914 5032 mpio - ok
14:44:30.0956 5032 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:44:30.0984 5032 mpsdrv - ok
14:44:31.0018 5032 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:44:31.0036 5032 Mraid35x - ok
14:44:31.0084 5032 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:44:31.0107 5032 MRxDAV - ok
14:44:31.0160 5032 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:31.0199 5032 mrxsmb - ok
14:44:31.0260 5032 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:31.0284 5032 mrxsmb10 - ok
14:44:31.0344 5032 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:31.0365 5032 mrxsmb20 - ok
14:44:31.0414 5032 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:44:31.0432 5032 msahci - ok
14:44:31.0469 5032 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:44:31.0488 5032 msdsm - ok
14:44:31.0514 5032 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:44:31.0548 5032 Msfs - ok
14:44:31.0564 5032 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:44:31.0580 5032 msisadrv - ok
14:44:31.0636 5032 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:31.0667 5032 MSKSSRV - ok
14:44:31.0676 5032 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:31.0709 5032 MSPCLOCK - ok
14:44:31.0718 5032 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:44:31.0752 5032 MSPQM - ok
14:44:31.0792 5032 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:44:31.0811 5032 MsRPC - ok
14:44:31.0843 5032 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:44:31.0861 5032 mssmbios - ok
14:44:31.0869 5032 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:44:31.0903 5032 MSTEE - ok
14:44:31.0934 5032 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:44:31.0953 5032 Mup - ok
14:44:31.0998 5032 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:32.0022 5032 NativeWifiP - ok
14:44:32.0101 5032 NAVENG (78d629767dbcdbb1ee888f4fda841acd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091015.050\NAVENG.SYS
14:44:32.0119 5032 NAVENG - ok
14:44:32.0200 5032 NAVEX15 (6176ce576509ee71bac1b61fc8f1f138) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20091015.050\NAVEX15.SYS
14:44:32.0277 5032 NAVEX15 - ok
14:44:32.0368 5032 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:44:32.0398 5032 NDIS - ok
14:44:32.0453 5032 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:32.0480 5032 NdisTapi - ok
14:44:32.0527 5032 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:32.0559 5032 Ndisuio - ok
14:44:32.0622 5032 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:32.0654 5032 NdisWan - ok
14:44:32.0663 5032 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:44:32.0692 5032 NDProxy - ok
14:44:32.0721 5032 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:44:32.0754 5032 NetBIOS - ok
14:44:32.0808 5032 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:44:32.0838 5032 netbt - ok
14:44:33.0125 5032 netr28u (1569349e4e9558238e4260c3668325ff) C:\Windows\system32\DRIVERS\Dnetr28u.sys
14:44:33.0177 5032 netr28u - ok
14:44:33.0266 5032 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:44:33.0284 5032 nfrd960 - ok
14:44:33.0338 5032 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:44:33.0366 5032 Npfs - ok
14:44:33.0391 5032 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:44:33.0423 5032 nsiproxy - ok
14:44:33.0475 5032 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:44:33.0534 5032 Ntfs - ok
14:44:33.0575 5032 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:44:33.0628 5032 ntrigdigi - ok
14:44:33.0636 5032 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:44:33.0668 5032 Null - ok
14:44:33.0739 5032 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:44:33.0778 5032 NVENETFD - ok
14:44:33.0979 5032 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:44:34.0454 5032 nvlddmkm - ok
14:44:34.0509 5032 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:44:34.0529 5032 nvraid - ok
14:44:34.0577 5032 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
14:44:34.0597 5032 nvrd32 - ok
14:44:34.0606 5032 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
14:44:34.0639 5032 nvsmu - ok
14:44:34.0649 5032 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:44:34.0666 5032 nvstor - ok
14:44:34.0693 5032 nvstor32 (1a649b87a7b7c1220a2b16b121f2198e) C:\Windows\system32\drivers\nvstor32.sys
14:44:34.0712 5032 nvstor32 - ok
14:44:34.0743 5032 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:44:34.0762 5032 nv_agp - ok
14:44:34.0772 5032 NwlnkFlt - ok
14:44:34.0785 5032 NwlnkFwd - ok
14:44:34.0831 5032 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:44:34.0858 5032 ohci1394 - ok
14:44:34.0875 5032 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:44:34.0930 5032 Parport - ok
14:44:34.0964 5032 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:44:34.0988 5032 partmgr - ok
14:44:34.0999 5032 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:44:35.0057 5032 Parvdm - ok
14:44:35.0092 5032 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:44:35.0116 5032 pci - ok
14:44:35.0137 5032 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:44:35.0156 5032 pciide - ok
14:44:35.0202 5032 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:44:35.0224 5032 pcmcia - ok
14:44:35.0253 5032 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
14:44:35.0288 5032 pcouffin - ok
14:44:35.0370 5032 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:44:35.0435 5032 PEAUTH - ok
14:44:35.0627 5032 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:35.0660 5032 PptpMiniport - ok
14:44:35.0770 5032 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:44:35.0803 5032 Processor - ok
14:44:35.0961 5032 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
14:44:36.0003 5032 Ps2 - ok
14:44:36.0074 5032 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:44:36.0102 5032 PSched - ok
14:44:36.0370 5032 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
14:44:36.0388 5032 PxHelp20 - ok
14:44:36.0467 5032 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:44:36.0533 5032 ql2300 - ok
14:44:36.0684 5032 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:44:36.0703 5032 ql40xx - ok
14:44:37.0073 5032 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:44:37.0094 5032 QWAVEdrv - ok
14:44:37.0217 5032 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:37.0250 5032 RasAcd - ok
14:44:37.0313 5032 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:37.0347 5032 Rasl2tp - ok
14:44:37.0448 5032 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:37.0475 5032 RasPppoe - ok
14:44:37.0599 5032 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:37.0620 5032 RasSstp - ok
14:44:37.0729 5032 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:37.0760 5032 rdbss - ok
14:44:37.0782 5032 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:37.0813 5032 RDPCDD - ok
14:44:37.0903 5032 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:44:37.0940 5032 rdpdr - ok
14:44:37.0974 5032 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:44:38.0011 5032 RDPENCDD - ok
14:44:38.0097 5032 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:44:38.0127 5032 RDPWD - ok
14:44:38.0234 5032 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:38.0267 5032 rspndr - ok
14:44:38.0379 5032 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:44:38.0398 5032 sbp2port - ok
14:44:38.0639 5032 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:44:38.0689 5032 secdrv - ok
14:44:39.0131 5032 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:44:39.0181 5032 Serenum - ok
14:44:39.0224 5032 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:44:39.0276 5032 Serial - ok
14:44:39.0299 5032 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:44:39.0334 5032 sermouse - ok
14:44:39.0360 5032 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:44:39.0387 5032 sffdisk - ok
14:44:39.0397 5032 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:44:39.0429 5032 sffp_mmc - ok
14:44:39.0439 5032 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:44:39.0471 5032 sffp_sd - ok
14:44:39.0507 5032 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:44:39.0559 5032 sfloppy - ok
14:44:39.0576 5032 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:44:39.0597 5032 sisagp - ok
14:44:39.0608 5032 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:44:39.0627 5032 SiSRaid2 - ok
14:44:39.0638 5032 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:44:39.0657 5032 SiSRaid4 - ok
14:44:39.0699 5032 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:44:39.0729 5032 Smb - ok
14:44:39.0839 5032 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:44:39.0864 5032 SPBBCDrv - ok
14:44:39.0962 5032 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:44:39.0982 5032 spldr - ok
14:44:40.0062 5032 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
14:44:40.0063 5032 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
14:44:40.0112 5032 sptd ( LockedFile.Multi.Generic ) - warning
14:44:40.0112 5032 sptd - detected LockedFile.Multi.Generic (1)
14:44:40.0175 5032 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
14:44:40.0196 5032 SRTSP - ok
14:44:40.0248 5032 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
14:44:40.0269 5032 SRTSPL - ok
14:44:40.0303 5032 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
14:44:40.0321 5032 SRTSPX - ok
14:44:40.0372 5032 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:44:40.0418 5032 srv - ok
14:44:40.0444 5032 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:44:40.0468 5032 srv2 - ok
14:44:40.0497 5032 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:40.0520 5032 srvnet - ok
14:44:40.0565 5032 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:44:40.0581 5032 swenum - ok
14:44:40.0598 5032 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:44:40.0616 5032 Symc8xx - ok
14:44:40.0642 5032 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\Windows\System32\Drivers\SYMDNS.SYS
14:44:40.0658 5032 SYMDNS - ok
14:44:40.0681 5032 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:44:40.0700 5032 SymEvent - ok
14:44:40.0711 5032 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\Windows\System32\Drivers\SYMFW.SYS
14:44:40.0730 5032 SYMFW - ok
14:44:40.0740 5032 SymIM (8eab28dd6cd25355b951ae460fa86b48) C:\Windows\system32\DRIVERS\SymIMv.sys
14:44:40.0756 5032 SymIM - ok
14:44:40.0766 5032 SymIMMP - ok
14:44:40.0778 5032 SYMNDISV (c94eaca4b522012ee0691f1e79c42a7d) C:\Windows\System32\Drivers\SYMNDISV.SYS
14:44:40.0797 5032 SYMNDISV - ok
14:44:40.0807 5032 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\Windows\System32\Drivers\SYMREDRV.SYS
14:44:40.0824 5032 SYMREDRV - ok
14:44:40.0859 5032 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\Windows\System32\Drivers\SYMTDI.SYS
14:44:40.0880 5032 SYMTDI - ok
14:44:40.0923 5032 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:44:40.0940 5032 Sym_hi - ok
14:44:40.0950 5032 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:44:40.0968 5032 Sym_u3 - ok
14:44:41.0041 5032 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
14:44:41.0082 5032 Tcpip - ok
14:44:41.0116 5032 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:41.0159 5032 Tcpip6 - ok
14:44:41.0169 5032 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
14:44:41.0204 5032 tcpipreg - ok
14:44:41.0222 5032 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:44:41.0256 5032 TDPIPE - ok
14:44:41.0266 5032 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:44:41.0300 5032 TDTCP - ok
14:44:41.0324 5032 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:44:41.0355 5032 tdx - ok
14:44:41.0375 5032 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:44:41.0394 5032 TermDD - ok
14:44:41.0431 5032 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:41.0464 5032 tssecsrv - ok
14:44:41.0496 5032 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:44:41.0530 5032 tunmp - ok
14:44:41.0568 5032 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:41.0590 5032 tunnel - ok
14:44:41.0607 5032 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:44:41.0627 5032 uagp35 - ok
14:44:41.0650 5032 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:44:41.0680 5032 udfs - ok
14:44:41.0700 5032 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:44:41.0723 5032 uliagpkx - ok
14:44:41.0757 5032 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:44:41.0777 5032 uliahci - ok
14:44:41.0787 5032 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:44:41.0808 5032 UlSata - ok
14:44:41.0821 5032 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:44:41.0840 5032 ulsata2 - ok
14:44:41.0851 5032 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:44:41.0884 5032 umbus - ok
14:44:41.0929 5032 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:41.0958 5032 usbccgp - ok
14:44:41.0968 5032 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:44:42.0020 5032 usbcir - ok
14:44:42.0055 5032 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:44:42.0083 5032 usbehci - ok
14:44:42.0113 5032 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:42.0143 5032 usbhub - ok
14:44:42.0153 5032 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:44:42.0180 5032 usbohci - ok
14:44:42.0198 5032 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:42.0231 5032 usbprint - ok
14:44:42.0249 5032 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:44:42.0277 5032 usbscan - ok
14:44:42.0297 5032 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:42.0327 5032 USBSTOR - ok
14:44:42.0348 5032 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:44:42.0375 5032 usbuhci - ok
14:44:42.0392 5032 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:42.0426 5032 vga - ok
14:44:42.0437 5032 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:44:42.0470 5032 VgaSave - ok
14:44:42.0481 5032 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:44:42.0499 5032 viaagp - ok
14:44:42.0510 5032 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:44:42.0543 5032 ViaC7 - ok
14:44:42.0553 5032 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:44:42.0571 5032 viaide - ok
14:44:42.0589 5032 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:44:42.0607 5032 volmgr - ok
14:44:42.0641 5032 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:44:42.0664 5032 volmgrx - ok
14:44:42.0688 5032 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:44:42.0710 5032 volsnap - ok
14:44:42.0753 5032 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:44:42.0772 5032 vsmraid - ok
14:44:42.0793 5032 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:44:42.0844 5032 WacomPen - ok
14:44:42.0864 5032 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:42.0892 5032 Wanarp - ok
14:44:42.0897 5032 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:42.0926 5032 Wanarpv6 - ok
14:44:42.0943 5032 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:44:42.0963 5032 Wd - ok
14:44:43.0002 5032 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:44:43.0030 5032 Wdf01000 - ok
14:44:43.0135 5032 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:44:43.0167 5032 winachsf - ok
14:44:43.0245 5032 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:44:43.0272 5032 WmiAcpi - ok
14:44:43.0302 5032 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:43.0337 5032 ws2ifsl - ok
14:44:43.0387 5032 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:44:43.0421 5032 WUDFRd - ok
14:44:43.0451 5032 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
14:44:43.0470 5032 XAudio - ok
14:44:43.0500 5032 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
14:44:43.0676 5032 \Device\Harddisk0\DR0 - ok
14:44:43.0680 5032 Boot (0x1200) (818d43d2ceeda7e76af03697bb901309) \Device\Harddisk0\DR0\Partition0
14:44:43.0681 5032 \Device\Harddisk0\DR0\Partition0 - ok
14:44:43.0687 5032 Boot (0x1200) (cd16b025b7fff37efc7c641f890f3215) \Device\Harddisk0\DR0\Partition1
14:44:43.0689 5032 \Device\Harddisk0\DR0\Partition1 - ok
14:44:43.0691 5032 ============================================================
14:44:43.0691 5032 Scan finished
14:44:43.0691 5032 ============================================================
14:44:43.0706 4120 Detected object count: 2
14:44:43.0706 4120 Actual detected object count: 2
14:44:49.0013 4120 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:49.0013 4120 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:49.0015 4120 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:44:49.0015 4120 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:44:50.0693 4556 Deinitialize success
  • 0

#10
Essexboy
Posted 30 December 2011 - 01:56 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmmm the unknown is still causing me concern

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements

#11
matthewryan2004
Posted 30 December 2011 - 02:46 PM

matthewryan2004

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The computer seems to be running okay. After the rebook and after combo fix completed, the computer started up rather fast compared to the past couple days. The internet seems to be a little faster than usual. Here is the combo fix log. Combo Fix said I was infected with ZeroAccess.


ComboFix 11-12-30.01 - matt 12/30/2011 15:26:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.2141 [GMT -5:00]
Running from: c:\users\matt\Desktop\New Folder (3)\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\matt\AppData\Local\{AAA46C78-D425-4A1D-8F71-B87748C37071}
c:\users\matt\AppData\Local\{AAA46C78-D425-4A1D-8F71-B87748C37071}\chrome.manifest
c:\users\matt\AppData\Local\{AAA46C78-D425-4A1D-8F71-B87748C37071}\chrome\content\overlay.xul
c:\users\matt\AppData\Local\{AAA46C78-D425-4A1D-8F71-B87748C37071}\install.rdf
c:\users\matt\AppData\Roaming\inst.exe
c:\users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\searchplugins\bing-zugo.xml
c:\users\matt\AppData\Roaming\vso_ts_preview.xml
c:\windows\$NtUninstallKB54047$
c:\windows\$NtUninstallKB54047$\1328297164
c:\windows\$NtUninstallKB54047$\2676771987\@
c:\windows\$NtUninstallKB54047$\2676771987\bckfg.tmp
c:\windows\$NtUninstallKB54047$\2676771987\cfg.ini
c:\windows\$NtUninstallKB54047$\2676771987\Desktop.ini
c:\windows\$NtUninstallKB54047$\2676771987\keywords
c:\windows\$NtUninstallKB54047$\2676771987\kwrd.dll
c:\windows\$NtUninstallKB54047$\2676771987\L\qnbwvoto
c:\windows\$NtUninstallKB54047$\2676771987\lsflt7.ver
c:\windows\$NtUninstallKB54047$\2676771987\U\00000001.@
c:\windows\$NtUninstallKB54047$\2676771987\U\00000002.@
c:\windows\$NtUninstallKB54047$\2676771987\U\00000004.@
c:\windows\$NtUninstallKB54047$\2676771987\U\80000000.@
c:\windows\$NtUninstallKB54047$\2676771987\U\80000004.@
c:\windows\$NtUninstallKB54047$\2676771987\U\80000032.@
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 20:36 . 2011-12-30 20:36 -------- d-----w- c:\users\matt\AppData\Local\temp
2011-12-30 20:36 . 2011-12-30 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-30 20:22 . 2011-12-30 20:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0B0D948-B2A9-4AAC-B084-54DBF4981111}\offreg.dll
2011-12-30 10:26 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0B0D948-B2A9-4AAC-B084-54DBF4981111}\mpengine.dll
2011-12-29 20:29 . 2011-11-21 07:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE5DCEAD-B2B4-4487-8B29-CBA855A4FBB9}\mpengine.dll
2011-12-29 20:27 . 2011-12-29 20:34 -------- d-----w- c:\program files\Free Window Registry Repair
2011-12-28 23:33 . 2011-12-28 23:33 -------- d-----w- C:\_OTL
2011-12-28 19:57 . 2006-07-12 19:39 208896 ----a-w- c:\windows\system32\FFRafShellEx.dll
2011-12-28 19:57 . 2011-12-28 19:57 -------- d-----w- c:\program files\RAF
2011-12-28 19:57 . 2010-02-10 19:26 233472 ----a-w- c:\windows\system32\RFCLauncher.exe
2011-12-28 19:57 . 2011-12-28 19:57 -------- d-----w- c:\users\matt\AppData\Local\FUJIFILM
2011-12-28 19:56 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2011-12-28 19:56 . 2011-12-28 19:56 -------- d-----w- c:\programdata\FUJIFILM
2011-12-28 19:55 . 2011-12-28 19:55 -------- d-----w- c:\program files\FUJIFILM
2011-12-27 20:29 . 2011-12-27 20:29 -------- d-----w- c:\program files\ESET
2011-12-21 03:51 . 2011-12-21 03:51 -------- d-----w- c:\users\matt\AppData\Roaming\Logishrd
2011-12-21 03:51 . 2011-12-21 03:51 -------- d-----w- c:\users\matt\AppData\Roaming\Logitech
2011-12-14 22:47 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 22:47 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 22:47 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:47 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:47 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 22:47 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:47 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-09 18:08 . 2011-12-09 18:09 -------- d-----w- c:\program files\Microsoft Games
2011-12-09 15:51 . 2011-12-09 15:51 -------- d-----w- c:\users\matt\AppData\Local\Real
2011-12-09 15:51 . 2011-12-09 15:51 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-12-09 15:51 . 2011-12-09 15:51 -------- d-----w- c:\program files\Common Files\xing shared
2011-12-09 15:50 . 2011-12-09 15:50 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-12-09 15:50 . 2011-12-09 15:50 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-12-09 15:48 . 2011-12-09 15:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-12-09 15:44 . 2011-12-09 15:44 -------- d-----w- c:\program files\The Weather Channel FW
2011-12-09 15:43 . 2011-12-09 15:43 -------- d-----w- c:\users\matt\AppData\Local\The Weather Channel
2011-12-09 15:33 . 2011-11-21 07:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-09 15:28 . 2011-12-09 15:28 -------- d-----w- c:\users\matt\AppData\Local\Secunia PSI
2011-12-09 15:27 . 2011-12-09 15:27 -------- d-----w- c:\program files\Secunia
2011-12-08 18:30 . 2011-12-08 18:30 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-08 18:29 . 2011-12-08 18:29 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-08 18:29 . 2011-12-08 18:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Sunbelt Software
2011-12-08 18:28 . 2011-12-08 18:28 -------- d-----w- c:\program files\Lavasoft
2011-12-08 18:28 . 2011-12-29 23:13 -------- d-----w- c:\programdata\Lavasoft
2011-12-08 18:19 . 2011-12-08 18:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2011-12-08 14:39 . 2011-12-08 14:39 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48E7EF22-7A82-4595-B7E0-25F1F3854793}\gapaengine.dll
2011-12-08 14:31 . 2011-12-08 14:32 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-08 14:30 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-05 16:36 . 2011-12-05 16:36 -------- d-----w- c:\program files\Workspace Macro Pro 6.5
2011-12-05 16:32 . 2011-12-29 23:19 -------- d-----w- c:\program files\Workspace Macro 4.6
2011-12-05 16:30 . 2011-12-05 16:30 -------- d-----w- c:\program files\Windows Automation Macro Recorder
2011-12-05 16:26 . 2011-12-05 16:26 -------- d-----w- c:\program files\Free Labs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 07:35 . 2011-03-08 23:59 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2011-12-12 07:35 . 2011-03-08 23:59 11776 ----a-w- c:\windows\system32\smrgdf.exe
2011-12-12 06:52 . 2011-06-15 17:57 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2011-12-10 20:24 . 2010-05-25 10:53 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 18:08 . 2009-09-27 08:27 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2011-12-09 16:44 . 2011-05-19 02:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-09 15:59 . 2010-07-28 05:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-09 15:48 . 2008-04-18 14:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-15 19:29 . 2009-10-03 06:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-12-24 06:49 . 2011-05-22 13:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-12-12 606904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\users\matt\AppData\Roaming\iolo\
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aquarius Soft PC Keyboard Hotkey Pro.lnk]
backup=c:\windows\pss\Aquarius Soft PC Keyboard Hotkey Pro.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Big Buttons
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-10-17 19:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-12-11 15:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-08-05 15:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
2011-12-12 06:47 606904 ----a-w- c:\program files\iolo\Common\Lib\ioloLManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
2006-11-21 16:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
2006-12-11 15:11 291760 ----a-w- c:\program files\Lexmark 2400 Series\lxcrmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-11-05 01:04 6174008 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayFactory]
2010-04-28 18:31 541185 ----a-w- c:\program files\PS Tray Factory\PSTrayFactory.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-23 721904]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090923.001\IDSvix86.sys [2009-08-27 272432]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-12-08 722616]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-09-17 102448]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-08-03 735232]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-05 47360]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 18:19]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 18:19]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765277965-891785485-1232435216-1000Core.job
- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 16:40]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765277965-891785485-1232435216-1000UA.job
- c:\users\matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 16:40]
.
2011-12-27 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - matt.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 11:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.searchcompletion.com/?si=10211&home=1
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E3636AD2-E74D-49BA-9A06-2433A5EEAED3}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\m3l18iy2.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-HotKeyMan - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-FileHippo - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-30 15:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-12-30 15:38:47
ComboFix-quarantined-files.txt 2011-12-30 20:38
.
Pre-Run: 191,377,854,464 bytes free
Post-Run: 191,290,650,624 bytes free
.
- - End Of File - - CB87ED35C00C0F2DEDEC93A8063AEEE0
  • 0

#12
Essexboy
Posted 30 December 2011 - 02:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like the zero access has changed slightly.. need to change the areas where I look, and it also explains the earlier problems

OK a quick sweep for orphans and then see what problems remain

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
matthewryan2004
Posted 30 December 2011 - 03:00 PM

matthewryan2004

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The scan was clean.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.30.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
matt :: NEWCOMP [administrator]

12/30/2011 3:54:56 PM
mbam-log-2011-12-30 (15-54-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178837
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
Essexboy
Posted 30 December 2011 - 03:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems do you have remaining ?
  • 0

#15
matthewryan2004
Posted 30 December 2011 - 03:20 PM

matthewryan2004

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I rebooted and the start up time was considerably faster than prior to my first forum post. The internet seems to be working faster. I'm very happy with my computer's performance at this time. What should I do to prevent future infections?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP