Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware removal help [Closed]

Started by stijpn , Jan 24 2012 11:33 PM

  • This topic is locked This topic is locked

#1
stijpn
Posted 24 January 2012 - 11:33 PM

stijpn

    New Member

  • Member
  • Pip
  • 1 posts
Hi

I have a pop up advertisment come onto my pc after i log in. It pops up before i open my browser. I usually have to go to task manager to end the process but it keeps popping up evry few minutes.Since then my pc runs very slow.

I have run malwarebytes and it shows 5 issues which i remove and resart my pc but it keeps coming back. I'm using Windows 7.

Here is the malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
bbailey :: RN-LT1 [administrator]

Protection: Enabled

1/25/2012 1:36:24 PM
mbam-log-2012-01-25 (13-36-24).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 172432
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS (Trojan.PMovie) -> Data: C:\Users\bbailey\UserProfile\SystemBoot.lnk -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS (Trojan.PMovie) -> Data: C:\Users\bbailey\SoftRecovery\RegWrite.lnk -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\bbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegWrite.lnk (Trojan.PMovie.Trace) -> Quarantined and deleted successfully.
C:\Users\bbailey\UserProfile\SystemBoot.lnk (Trojan.PMovie) -> Quarantined and deleted successfully.
C:\Users\bbailey\SoftRecovery\RegWrite.lnk (Trojan.PMovie) -> Quarantined and deleted successfully.

(end)


Here is the OTL log:

OTL logfile created on: 1/25/2012 2:16:18 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = \\rn-fs2\Users$\bbailey\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.92 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 53.88% Memory free
5.84 Gb Paging File | 3.83 Gb Available in Paging File | 65.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 151.59 Gb Free Space | 70.31% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.53 Gb Free Space | 77.24% Space Free | Partition Type: FAT32

Computer Name: RN-LT1 | User Name: bbailey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 14:09:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
PRC - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/01/13 01:04:45 | 000,307,312 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2011/08/17 14:07:54 | 002,944,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/24 13:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
PRC - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe
PRC - [2010/04/21 12:12:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/21 12:12:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/06 02:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/11/21 07:10:06 | 000,124,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
PRC - [2009/11/21 06:39:16 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
PRC - [2009/11/21 06:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
PRC - [2009/11/21 06:38:56 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
PRC - [2009/11/20 04:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
PRC - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
PRC - [2009/11/20 02:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
PRC - [2009/11/12 06:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/11/05 06:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/09/05 05:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/05 05:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/19 09:55:28 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2012/01/05 14:06:43 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/05 14:06:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/29 01:21:31 | 000,092,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/12/29 01:21:31 | 000,077,880 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2011/11/28 22:51:51 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/11/28 22:50:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/11/25 17:58:35 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/11/25 17:58:34 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/11/25 17:58:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/11/25 17:58:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/11/25 17:58:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/11/25 17:58:08 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/11/25 17:57:50 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/11/25 17:57:42 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/11/25 17:57:40 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/11/25 17:57:30 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/11/25 17:57:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/11/25 17:57:19 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/11/25 17:57:14 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/11/25 17:56:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/26 22:33:02 | 000,877,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2011/08/01 11:02:36 | 000,886,272 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/31 19:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/11/04 17:58:06 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/09/05 05:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/25 05:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
MOD - [2009/07/25 05:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
MOD - [2009/06/11 06:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/10 04:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
MOD - [2008/01/10 04:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\icessl32.dll
MOD - [2008/01/10 04:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
MOD - [2008/01/10 04:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (Hp.Skyroom.Windows.Service)
SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/01/08 21:50:50 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012/01/08 21:50:50 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/17 14:08:20 | 000,133,176 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/05 17:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/07/16 14:54:06 | 000,300,880 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2010/07/13 14:00:20 | 000,095,800 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP FastLook\HPDayStarterService.exe -- (HPDayStarterService)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/04/21 12:12:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/04/21 12:12:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/21 12:12:34 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/04/21 12:12:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/06 02:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/11/20 02:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
SRV - [2009/11/12 00:42:40 | 000,277,096 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/11/05 06:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/11/05 06:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/10/22 10:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009/09/05 05:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/04 05:32:22 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 10:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - [2012/01/19 09:55:30 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2012/01/19 09:34:48 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel®
DRV - [2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/08 18:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 18:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/18 07:09:40 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120124.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/10/18 07:09:40 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120124.008\NAVENG.SYS -- (NAVENG)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/06/22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011/05/27 16:07:50 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/05/04 17:18:50 | 000,266,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2011/03/15 17:17:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/03/15 17:17:20 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2011/02/25 13:50:52 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/03 16:55:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2010/04/21 12:12:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/04/21 12:12:36 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/04/21 12:12:36 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/04/21 12:12:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/04/21 12:12:34 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/04/21 12:12:34 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/04/21 12:12:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/04/21 12:12:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/21 12:12:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/02/27 22:01:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/11/12 00:43:00 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/11/12 00:42:52 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/11/12 00:42:50 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/11/12 00:42:48 | 000,110,520 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/10/29 09:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/10/27 06:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/09/29 06:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/18 05:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/08/04 05:32:22 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/21 07:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 08:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 08:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/26 08:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/26 08:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/26 08:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 23:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/29 01:13:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/01/24 04:34:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/23 19:16:15 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\bbailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.120.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\bbailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\bbailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.120.1_0\
CHR - Extension: Skype Click to Call = C:\Users\bbailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

O1 HOSTS File: ([2012/01/12 13:46:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [RegWriteNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\SoftRecovery\RegWrite.lnk ()
O4 - HKCU..\Run: [SystemBootNQtdP6TDS6cn0vSDlYFgIHWxSydqQbiS] C:\Users\bbailey\UserProfile\SystemBoot.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://cdn2.zone.msn...k.cab102118.cab (MSN Games – Matchmaking)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/...bGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4E1318B0-53F0-4274-99FB-F5621625340D} http://rdnariw2k302/...raPrintCtrl.exe (OperaPrintControl Object)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DAAC8ECF-DB09-4821-8126-E2C9499A20BA} http://rdnariw2k302/installregterm.exe (RegTerminalSrv Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = radisson.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F839DFF8-444A-4499-9279-19F3E7C857C4}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/25 14:09:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/25 13:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/25 13:35:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/25 13:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/24 11:24:47 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
[2012/01/23 20:37:14 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\AVG
[2012/01/23 19:59:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/01/23 19:16:41 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\AVG2012
[2012/01/23 19:16:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/01/23 19:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/23 19:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/01/23 19:15:25 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\AVG
[2012/01/23 19:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/01/23 19:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/23 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\MusicNet
[2012/01/23 17:49:06 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\PackageAware
[2012/01/21 04:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/01/21 04:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/01/21 04:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/01/21 04:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2012/01/21 04:50:10 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\NCH Software
[2012/01/21 00:50:27 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Skype
[2012/01/21 00:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/21 00:50:19 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/01/21 00:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/01/21 00:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/20 22:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/19 10:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/01/19 09:55:59 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/01/14 06:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/01/14 06:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/01/14 06:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/01/12 13:53:01 | 000,000,000 | -H-D | C] -- C:\Users\bbailey\UserProfile
[2012/01/12 13:53:01 | 000,000,000 | -H-D | C] -- C:\Users\bbailey\SoftRecovery
[2012/01/12 13:50:53 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/01/12 13:46:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/12 13:43:32 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\temp
[2012/01/11 03:12:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/11 03:12:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/11 03:12:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/11 03:11:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/08 21:52:05 | 012,705,884 | ---- | C] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:52:05 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:52:05 | 000,495,708 | ---- | C] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:52:00 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/08 21:51:20 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:51:18 | 000,934,912 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:51:18 | 000,531,968 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:51:18 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/01/07 07:24:43 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/07 06:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/06 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/06 23:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/06 23:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/06 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/06 23:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/06 08:47:14 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/06 08:32:20 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/01/06 08:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2012/01/06 04:56:33 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Apps
[2012/01/05 23:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2012/01/05 13:30:31 | 000,000,000 | ---D | C] -- C:\a4a5b20479313b238579215fc2
[2012/01/03 08:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2012/01/03 08:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/02 12:59:38 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\IObit
[2012/01/02 12:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/02 12:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/01/02 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Malwarebytes
[2012/01/02 10:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/31 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2011/12/31 08:39:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\PokerStars
[2011/12/31 08:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011/12/31 08:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe
[2011/12/31 08:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2011/12/31 08:02:27 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\windows\System32\SynTPCo9.dll
[2011/12/29 13:39:41 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\My Documents\Outlook Files
[2011/12/29 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Roxio
[2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/29 05:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/29 04:57:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro
[2011/12/29 04:57:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Panicware
[2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panicware
[2011/12/29 04:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Panicware
[2011/12/29 01:24:22 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Downloaded Installations
[2011/12/29 01:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
[2011/12/29 01:21:13 | 000,000,000 | ---D | C] -- \\rn-fs2\Users$\bbailey\Desktop\RT
[2011/12/29 01:21:09 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Hewlett-Packard Company
[2011/12/29 01:17:31 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\InstallShield
[2011/12/29 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/12/29 01:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Uninstall
[2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Pictures
[2011/12/29 01:13:52 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Desktop
[2011/12/29 01:13:52 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Programs
[2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Videos
[2011/12/29 01:13:51 | 000,000,000 | R--D | C] -- C:\Users\bbailey\Music
[2011/12/29 01:13:38 | 000,000,000 | ---D | C] -- C:\windows\DPDrv
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hant
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\zh-Hans
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\ja
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\it
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\fr
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\es
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\de
[2011/12/29 01:13:37 | 000,000,000 | ---D | C] -- C:\windows\System32\cs
[2011/12/28 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\ElevatedDiagnostics
[2011/12/28 08:23:04 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Babylon
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Local\Babylon
[2011/12/28 08:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/12/28 08:22:48 | 000,000,000 | ---D | C] -- C:\Users\bbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Reader
[2011/01/03 21:55:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2011/01/03 21:55:50 | 000,211,840 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2012/01/25 14:21:07 | 000,001,026 | ---- | M] () -- C:\Users\bbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegWrite.lnk
[2012/01/25 14:09:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- \\rn-fs2\Users$\bbailey\Desktop\OTL.exe
[2012/01/25 14:03:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/25 13:49:00 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 13:49:00 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 13:41:58 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/25 13:41:09 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/01/25 13:41:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/25 13:40:57 | 2352,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/25 13:35:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 10:38:32 | 087,359,242 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012/01/24 17:36:00 | 000,032,653 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012/01/23 19:26:10 | 000,621,032 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavifw.avm
[2012/01/23 19:16:15 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/21 04:50:18 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2012/01/21 02:04:13 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/21 00:50:20 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/20 22:34:30 | 000,002,189 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/19 10:30:02 | 000,015,872 | ---- | M] () -- C:\windows\System32\results.xml
[2012/01/19 09:55:29 | 001,921,265 | ---- | M] () -- C:\windows\System32\iglhxa32.cpa
[2012/01/19 09:55:29 | 000,867,020 | ---- | M] () -- C:\windows\System32\igkrng575.bin
[2012/01/19 09:55:29 | 000,076,392 | ---- | M] () -- C:\windows\System32\iglhxs32.vp
[2012/01/19 09:55:29 | 000,059,244 | ---- | M] () -- C:\windows\System32\iglhxc32.vp
[2012/01/19 09:55:29 | 000,059,020 | ---- | M] () -- C:\windows\System32\iglhxg32.vp
[2012/01/19 09:55:29 | 000,058,683 | ---- | M] () -- C:\windows\System32\iglhxo32.vp
[2012/01/19 09:55:29 | 000,001,074 | ---- | M] () -- C:\windows\System32\iglhxa32.vp
[2012/01/19 09:55:28 | 013,903,872 | ---- | M] () -- C:\windows\System32\ig4icd32.dll
[2012/01/19 09:55:28 | 000,128,204 | ---- | M] () -- C:\windows\System32\igcompkrng575.bin
[2012/01/19 09:55:28 | 000,105,608 | ---- | M] () -- C:\windows\System32\igfcg575m.bin
[2012/01/19 09:55:28 | 000,094,208 | ---- | M] () -- C:\windows\System32\IccLibDll.dll
[2012/01/19 09:55:28 | 000,004,096 | ---- | M] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2012/01/19 09:55:27 | 000,211,217 | ---- | M] () -- C:\windows\System32\Gfxres.th-TH.resources
[2012/01/19 09:55:27 | 000,198,037 | ---- | M] () -- C:\windows\System32\Gfxres.el-GR.resources
[2012/01/19 09:55:27 | 000,182,649 | ---- | M] () -- C:\windows\System32\Gfxres.ru-RU.resources
[2012/01/19 09:55:27 | 000,156,192 | ---- | M] () -- C:\windows\System32\Gfxres.ar-SA.resources
[2012/01/19 09:55:27 | 000,153,129 | ---- | M] () -- C:\windows\System32\Gfxres.ja-JP.resources
[2012/01/19 09:55:27 | 000,148,981 | ---- | M] () -- C:\windows\System32\Gfxres.he-IL.resources
[2012/01/19 09:55:27 | 000,140,212 | ---- | M] () -- C:\windows\System32\Gfxres.it-IT.resources
[2012/01/19 09:55:27 | 000,138,707 | ---- | M] () -- C:\windows\System32\Gfxres.ko-KR.resources
[2012/01/19 09:55:27 | 000,137,840 | ---- | M] () -- C:\windows\System32\Gfxres.de-DE.resources
[2012/01/19 09:55:27 | 000,137,641 | ---- | M] () -- C:\windows\System32\Gfxres.es-ES.resources
[2012/01/19 09:55:27 | 000,136,584 | ---- | M] () -- C:\windows\System32\Gfxres.ro-RO.resources
[2012/01/19 09:55:27 | 000,135,654 | ---- | M] () -- C:\windows\System32\Gfxres.fr-FR.resources
[2012/01/19 09:55:27 | 000,135,357 | ---- | M] () -- C:\windows\System32\Gfxres.tr-TR.resources
[2012/01/19 09:55:27 | 000,134,821 | ---- | M] () -- C:\windows\System32\Gfxres.pt-BR.resources
[2012/01/19 09:55:27 | 000,134,407 | ---- | M] () -- C:\windows\System32\Gfxres.nl-NL.resources
[2012/01/19 09:55:27 | 000,134,373 | ---- | M] () -- C:\windows\System32\Gfxres.hu-HU.resources
[2012/01/19 09:55:27 | 000,133,841 | ---- | M] () -- C:\windows\System32\Gfxres.sv-SE.resources
[2012/01/19 09:55:27 | 000,133,683 | ---- | M] () -- C:\windows\System32\Gfxres.pt-PT.resources
[2012/01/19 09:55:27 | 000,133,381 | ---- | M] () -- C:\windows\System32\Gfxres.cs-CZ.resources
[2012/01/19 09:55:27 | 000,133,149 | ---- | M] () -- C:\windows\System32\Gfxres.pl-PL.resources
[2012/01/19 09:55:27 | 000,132,887 | ---- | M] () -- C:\windows\System32\Gfxres.fi-FI.resources
[2012/01/19 09:55:27 | 000,132,785 | ---- | M] () -- C:\windows\System32\Gfxres.sk-SK.resources
[2012/01/19 09:55:27 | 000,131,840 | ---- | M] () -- C:\windows\System32\Gfxres.hr-HR.resources
[2012/01/19 09:55:27 | 000,128,998 | ---- | M] () -- C:\windows\System32\Gfxres.sl-SI.resources
[2012/01/19 09:55:27 | 000,128,802 | ---- | M] () -- C:\windows\System32\Gfxres.nb-NO.resources
[2012/01/19 09:55:27 | 000,128,542 | ---- | M] () -- C:\windows\System32\Gfxres.da-DK.resources
[2012/01/19 09:55:27 | 000,124,056 | ---- | M] () -- C:\windows\System32\Gfxres.en-US.resources
[2012/01/19 09:55:27 | 000,117,657 | ---- | M] () -- C:\windows\System32\Gfxres.zh-TW.resources
[2012/01/19 09:55:27 | 000,116,368 | ---- | M] () -- C:\windows\System32\Gfxres.zh-CN.resources
[2012/01/13 12:19:14 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForbbailey.job
[2012/01/12 13:46:04 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/01/10 07:46:59 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/01/10 07:46:47 | 000,661,410 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/10 07:46:47 | 000,121,296 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/10 01:05:38 | 585,239,942 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/08 21:50:51 | 001,953,792 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stlang.dll
[2012/01/08 21:50:51 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\windows\sttray.exe
[2012/01/08 21:50:51 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\System32\drivers\stwrt.sys
[2012/01/08 21:50:50 | 012,705,884 | ---- | M] (IDT, Inc.) -- C:\windows\System32\idtcpl.cpl
[2012/01/08 21:50:50 | 000,934,912 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapo.dll
[2012/01/08 21:50:50 | 000,531,968 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stapi32.dll
[2012/01/08 21:50:50 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\windows\System32\stcplx.dll
[2012/01/08 21:50:50 | 000,179,712 | ---- | M] (IDT, Inc.) -- C:\windows\System32\staco.dll
[2012/01/06 23:25:09 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/06 23:19:01 | 000,002,503 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/06 23:19:01 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/06 18:28:46 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/01/06 02:58:59 | 000,001,047 | ---- | M] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/06 02:58:59 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/05 13:16:35 | 000,007,426 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/03 08:47:22 | 001,541,924 | ---- | M] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/29 04:41:27 | 000,002,560 | ---- | M] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 02:48:36 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/29 01:21:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
[2011/12/28 08:22:57 | 000,001,490 | ---- | M] () -- C:\user.js

========== Files Created - No Company Name ==========

[2012/01/25 13:50:02 | 000,001,026 | ---- | C] () -- C:\Users\bbailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegWrite.lnk
[2012/01/25 13:35:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/25 10:38:32 | 087,359,242 | ---- | C] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012/01/24 17:36:00 | 000,032,653 | ---- | C] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012/01/23 19:26:10 | 000,621,032 | ---- | C] () -- C:\windows\System32\drivers\AVG\iavifw.avm
[2012/01/23 19:16:15 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/01/21 04:50:18 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
[2012/01/21 04:50:18 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2012/01/21 00:50:20 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/20 22:34:30 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/20 22:34:30 | 000,002,189 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/19 09:56:10 | 000,076,392 | ---- | C] () -- C:\windows\System32\iglhxs32.vp
[2012/01/19 09:56:10 | 000,059,020 | ---- | C] () -- C:\windows\System32\iglhxg32.vp
[2012/01/19 09:56:10 | 000,058,683 | ---- | C] () -- C:\windows\System32\iglhxo32.vp
[2012/01/19 09:56:09 | 001,921,265 | ---- | C] () -- C:\windows\System32\iglhxa32.cpa
[2012/01/19 09:56:09 | 000,059,244 | ---- | C] () -- C:\windows\System32\iglhxc32.vp
[2012/01/19 09:56:09 | 000,001,074 | ---- | C] () -- C:\windows\System32\iglhxa32.vp
[2012/01/19 09:56:08 | 000,867,020 | ---- | C] () -- C:\windows\System32\igkrng575.bin
[2012/01/19 09:55:58 | 000,105,608 | ---- | C] () -- C:\windows\System32\igfcg575m.bin
[2012/01/19 09:55:49 | 000,128,204 | ---- | C] () -- C:\windows\System32\igcompkrng575.bin
[2012/01/19 09:55:48 | 013,903,872 | ---- | C] () -- C:\windows\System32\ig4icd32.dll
[2012/01/19 09:55:47 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2012/01/19 09:55:43 | 000,117,657 | ---- | C] () -- C:\windows\System32\Gfxres.zh-TW.resources
[2012/01/19 09:55:43 | 000,116,368 | ---- | C] () -- C:\windows\System32\Gfxres.zh-CN.resources
[2012/01/19 09:55:42 | 000,211,217 | ---- | C] () -- C:\windows\System32\Gfxres.th-TH.resources
[2012/01/19 09:55:42 | 000,135,357 | ---- | C] () -- C:\windows\System32\Gfxres.tr-TR.resources
[2012/01/19 09:55:42 | 000,133,841 | ---- | C] () -- C:\windows\System32\Gfxres.sv-SE.resources
[2012/01/19 09:55:42 | 000,128,998 | ---- | C] () -- C:\windows\System32\Gfxres.sl-SI.resources
[2012/01/19 09:55:41 | 000,182,649 | ---- | C] () -- C:\windows\System32\Gfxres.ru-RU.resources
[2012/01/19 09:55:41 | 000,136,584 | ---- | C] () -- C:\windows\System32\Gfxres.ro-RO.resources
[2012/01/19 09:55:41 | 000,134,821 | ---- | C] () -- C:\windows\System32\Gfxres.pt-BR.resources
[2012/01/19 09:55:41 | 000,133,683 | ---- | C] () -- C:\windows\System32\Gfxres.pt-PT.resources
[2012/01/19 09:55:41 | 000,133,149 | ---- | C] () -- C:\windows\System32\Gfxres.pl-PL.resources
[2012/01/19 09:55:41 | 000,132,785 | ---- | C] () -- C:\windows\System32\Gfxres.sk-SK.resources
[2012/01/19 09:55:40 | 000,134,407 | ---- | C] () -- C:\windows\System32\Gfxres.nl-NL.resources
[2012/01/19 09:55:39 | 000,128,802 | ---- | C] () -- C:\windows\System32\Gfxres.nb-NO.resources
[2012/01/19 09:55:38 | 000,153,129 | ---- | C] () -- C:\windows\System32\Gfxres.ja-JP.resources
[2012/01/19 09:55:38 | 000,140,212 | ---- | C] () -- C:\windows\System32\Gfxres.it-IT.resources
[2012/01/19 09:55:38 | 000,138,707 | ---- | C] () -- C:\windows\System32\Gfxres.ko-KR.resources
[2012/01/19 09:55:38 | 000,134,373 | ---- | C] () -- C:\windows\System32\Gfxres.hu-HU.resources
[2012/01/19 09:55:38 | 000,131,840 | ---- | C] () -- C:\windows\System32\Gfxres.hr-HR.resources
[2012/01/19 09:55:37 | 000,148,981 | ---- | C] () -- C:\windows\System32\Gfxres.he-IL.resources
[2012/01/19 09:55:37 | 000,135,654 | ---- | C] () -- C:\windows\System32\Gfxres.fr-FR.resources
[2012/01/19 09:55:36 | 000,198,037 | ---- | C] () -- C:\windows\System32\Gfxres.el-GR.resources
[2012/01/19 09:55:36 | 000,137,641 | ---- | C] () -- C:\windows\System32\Gfxres.es-ES.resources
[2012/01/19 09:55:36 | 000,132,887 | ---- | C] () -- C:\windows\System32\Gfxres.fi-FI.resources
[2012/01/19 09:55:36 | 000,124,056 | ---- | C] () -- C:\windows\System32\Gfxres.en-US.resources
[2012/01/19 09:55:35 | 000,137,840 | ---- | C] () -- C:\windows\System32\Gfxres.de-DE.resources
[2012/01/19 09:55:34 | 000,156,192 | ---- | C] () -- C:\windows\System32\Gfxres.ar-SA.resources
[2012/01/19 09:55:34 | 000,133,381 | ---- | C] () -- C:\windows\System32\Gfxres.cs-CZ.resources
[2012/01/19 09:55:34 | 000,128,542 | ---- | C] () -- C:\windows\System32\Gfxres.da-DK.resources
[2012/01/11 03:12:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/11 03:12:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/11 03:12:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/11 03:12:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/11 03:12:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/06 23:25:09 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 23:20:37 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/05 23:21:47 | 000,001,047 | ---- | C] () -- C:\Users\bbailey\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/05 23:21:47 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2012/01/03 08:44:52 | 001,541,924 | ---- | C] () -- C:\windows\System32\drivers\Cat.DB
[2011/12/31 08:02:40 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2011/12/31 04:48:57 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/12/29 04:41:26 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011/12/29 01:15:40 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2011/12/28 08:22:55 | 000,001,490 | ---- | C] () -- C:\user.js
[2011/11/24 18:06:02 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/02/25 13:20:37 | 000,000,085 | ---- | C] () -- C:\windows\TermReg.ini
[2011/02/25 13:13:52 | 000,007,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/03 21:55:50 | 001,763,968 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2011/01/03 21:55:50 | 000,033,280 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2011/01/03 21:55:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2011/01/03 21:55:50 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/09/15 14:04:14 | 000,000,178 | ---- | C] () -- C:\windows\System32\HPPA.ini
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPSCEL.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApi.dll.hpsign
[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPClback.dll.hpsign
[2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPFPApiUI.dll.hpsign
[2010/06/03 14:19:12 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2009/11/12 00:42:48 | 000,110,520 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/10/23 01:56:00 | 000,000,256 | ---- | C] () -- C:\windows\System32\vcsAPIShared.dll.hpsign
[2009/07/14 13:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 13:33:53 | 000,408,488 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 11:05:48 | 000,661,410 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 11:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 11:05:48 | 000,121,296 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 11:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 11:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 11:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 08:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 08:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 07:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 07:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 07:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 07:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/24 11:39:56 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\AVG
[2012/01/23 19:16:41 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\AVG2012
[2011/12/28 08:22:49 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Babylon
[2011/09/27 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\DigitalPersona
[2012/01/06 08:47:14 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\GlarySoft
[2012/01/02 13:14:39 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\IObit
[2012/01/23 17:50:56 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\MusicNet
[2011/10/01 16:57:06 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\redsn0w
[2011/12/28 08:23:04 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\SumatraPDF
[2011/12/31 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\bbailey\AppData\Roaming\Synaptics
[2012/01/03 12:05:27 | 000,032,636 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


Hope someone can help
  • 0

Advertisements

#2
myrti
Posted 29 January 2012 - 07:55 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
  • 0

#3
myrti
Posted 16 February 2012 - 06:56 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP