Steps that were taken once I booted to the desktop:
1. AVG was removed
2. Used TDSKiller
3. Ran Kapersky Virus Removal Tool
4. Ran Combofix with reboot
5. Used Rkill(s)
6. Then ran Combofix again with reboot
Result was that some of the bad behaviors were gone but the registry entry in “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\ still reverts back to loading consrv rather than winsrv and I assume the virus still persists. I need help removing it.
Thanks!
Rocky
OTL logfile created on: 3/28/2012 11:35:15 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Installs\VirusTools
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 80.35% Memory free
15.98 Gb Paging File | 14.16 Gb Available in Paging File | 88.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 229.47 Gb Total Space | 37.80 Gb Free Space | 16.47% Space Free | Partition Type: NTFS
Drive D: | 238.47 Gb Total Space | 85.70 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Computer Name: ALIENWARE | User Name: rockroland | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Installs\VirusTools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe (Alienware)
PRC - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe ()
PRC - C:\Program Files (x86)\OSD\OSD.exe ()
PRC - C:\Program Files (x86)\OSD\OSD_Service.exe ()
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LU\LogitechUpdate.exe (Logitech, Inc.)
PRC - c:\Program Files\Logitech\Logitech WebCam Software\LU\LULnchr.exe (Logitech, Inc.)
PRC - C:\Program Files\OSD\Launch_CC.exe (Alienware Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll ()
MOD - C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll ()
MOD - C:\Program Files\Alienware\Command Center\AlienFusionController.exe ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (NovacomD) -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe (Palm)
SRV:64bit: - (PEERNET Spooler Service 9.0) -- C:\Windows\SysNative\spool\drivers\x64\3\PNSvc9.exe (PEERNET Inc.)
SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (sfilter) -- C:\Windows\SysNative\MobilePreInstallerService.dll (Oak Technology Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (CustomSvc) -- C:\Program Files\OSD\Service1.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (PEERNET Spooler Service 9.0) -- C:\Windows\system32\spool\DRIVERS\x64\3\PNSvc9.exe (PEERNET Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HappyOSD) -- C:\Program Files (x86)\OSD\OSD_Service.exe ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\STacSV64.exe (IDT, Inc.)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (SCPDFReadSpool) -- C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe (Solid Documents, LLC)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe (Andrea Electronics Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (msvad_simple) SplitCam Virtual Audio Device (Simple) (WDM) -- C:\Windows\SysNative\drivers\SplitCamAudio.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (stdflt) -- C:\Windows\SysNative\drivers\stdflt.sys (ST Microelectronics)
DRV:64bit: - (iSSetup) -- C:\Windows\SysNative\drivers\iSSetup.sys (Intel Corporation)
DRV:64bit: - (LVUVC64) Logitech QuickCam Fusion(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (ioatdma2) Intel® -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation)
DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation)
DRV:64bit: - (ioatdma) Intel® -- C:\Windows\SysNative\drivers\ioatdma.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
DRV:64bit: - (IAMTVE) Driver for Intel® -- C:\Windows\SysNative\drivers\IAMTVE.sys (Intel Corporation)
DRV:64bit: - (IAMTXPE) Driver for Intel® -- C:\Windows\SysNative\drivers\IAMTXPE.sys (Intel Corporation)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{DC5BAF6E-FF46-416F-BB0C-C72B70A8CF32}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{80CC740C-97EB-425B-ADAA-0B4DF660620E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\..\SearchScopes\{35AD596A-5FAD-43E3-8DDE-1EA6BC3740BC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGNI_enUS475
IE - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:7.3.6
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rockroland\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rockroland\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\rockroland\AppData\Roaming\IDM\idmmzcc5 [2012/03/18 04:35:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\rockroland\AppData\Roaming\IDM\idmmzcc5 [2012/03/18 04:35:44 | 000,000,000 | ---D | M]
[2010/10/24 00:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rockroland\AppData\Roaming\Mozilla\Extensions
[2011/09/09 00:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rockroland\AppData\Roaming\Mozilla\Firefox\Profiles\5w15itt1.default\extensions
[2010/10/24 00:41:27 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\rockroland\AppData\Roaming\Mozilla\Firefox\Profiles\5w15itt1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/10/24 00:40:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\rockroland\AppData\Roaming\Mozilla\Firefox\Profiles\5w15itt1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/06 01:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/30 12:20:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012/03/18 04:35:44 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ROCKROLAND\APPDATA\ROAMING\IDM\IDMMZCC5
[2011/04/30 12:19:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\rockroland\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rockroland\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rockroland\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\rockroland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\rockroland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Gmail = C:\Users\rockroland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/03/27 19:59:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [pdfFactory3] C:\Windows\SysNative\spool\DRIVERS\x64\3\fppdis3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch_OSD.exe (HH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-850405567-2436268138-2046711074-1000..\Run: [Launch_CC] c:\Program Files\OSD\Launch_CC.exe (Alienware Corporation)
O4 - Startup: C:\Users\rockroland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\shortcut_xprint.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-850405567-2436268138-2046711074-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://home.apollol...0,2011,1213,303 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://home.apollol...,2011,0622,1118 (F5 Networks Auto Update)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.22.0.cab (Reg Error: Key error.)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://home.apollol...0,2011,1125,600 (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{790194D4-987A-47DE-854E-A7B08ED6B566}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5E7DF15-8DAB-4C2D-9216-A458441BE079}: DhcpNameServer = 192.168.10.1 64.134.255.2 64.134.255.10
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/25 18:19:33 | 000,024,068 | ---- | M] () - C:\AutoInsuranceIdCards.pdf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: sfilter - C:\Windows\SysNative\MobilePreInstallerService.dll (Oak Technology Inc.)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/03/28 11:33:13 | 000,000,000 | R--D | C] -- C:\Users\rockroland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/03/28 11:28:30 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Roaming\Malwarebytes
[2012/03/28 11:28:21 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/28 11:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/28 11:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/28 11:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/27 22:11:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/27 21:57:13 | 000,000,000 | ---D | C] -- C:\regback
[2012/03/27 19:59:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/27 19:58:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/27 19:57:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/27 19:36:53 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Local\temp
[2012/03/27 19:34:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/27 19:34:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/27 19:34:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/27 19:31:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/27 19:30:03 | 004,443,082 | R--- | C] (Swearware) -- C:\Users\rockroland\Desktop\ComboFix.exe
[2012/03/27 18:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/25 23:52:52 | 000,000,000 | ---D | C] -- C:\userback
[2012/03/25 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\rockroland\Desktop\RK_Quarantine
[2012/03/25 10:03:28 | 000,000,000 | ---D | C] -- C:\AVG
[2012/03/25 05:41:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/25 05:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/25 05:31:39 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/25 01:22:27 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/03/24 19:06:24 | 000,000,000 | ---D | C] -- C:\flight
[2012/03/24 19:01:23 | 000,000,000 | ---D | C] -- C:\Billboard
[2012/03/23 16:55:45 | 000,000,000 | ---D | C] -- C:\MyDisc
[2012/03/23 15:56:03 | 000,000,000 | ---D | C] -- C:\Users\rockroland\Kaufman, Izabella
[2012/03/23 15:55:19 | 000,000,000 | ---D | C] -- C:\Users\rockroland\Batch 6
[2012/03/23 11:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/03/23 11:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012/03/22 10:08:34 | 000,000,000 | ---D | C] -- C:\Users\rockroland\RR
[2012/03/21 01:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/21 01:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/19 19:59:58 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Surveillance Pro v6.8
[2012/03/19 19:59:22 | 000,224,256 | ---- | C] (GPS) -- C:\Windows\svcreng.dll
[2012/03/19 19:59:20 | 000,590,848 | ---- | C] (GP Systems Integration) -- C:\Windows\utimcache.exe
[2012/03/19 19:59:20 | 000,420,352 | ---- | C] (GP Systems Integration) -- C:\Windows\stidraw32.exe
[2012/03/19 19:59:19 | 000,646,144 | ---- | C] (GP Systems Integration) -- C:\Windows\sysnadr64.exe
[2012/03/19 19:59:17 | 003,338,752 | ---- | C] (GP Systems Integration) -- C:\Windows\diskediag.exe
[2012/03/19 11:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/19 11:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/16 07:08:36 | 000,149,640 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/03/12 15:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2012/03/12 13:33:08 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Roaming\Google
[2012/03/12 13:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/12 13:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/03/12 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Local\Google
[2012/03/12 13:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/03/10 19:39:08 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Local\Pleasant_Solutions
[2012/03/10 19:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/03/10 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/03/10 19:21:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2012/03/10 19:16:41 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Local\Programs
[2012/03/10 19:16:41 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Berry Extract
[2012/03/07 17:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/07 17:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/07 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/03/07 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/03/05 23:09:13 | 000,000,000 | ---D | C] -- C:\Users\rockroland\Documents\My Kindle Content
[2012/03/05 23:08:51 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/03/05 23:08:51 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Local\Amazon
[2012/03/05 23:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/02/29 13:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2012/02/28 06:35:02 | 000,000,000 | ---D | C] -- C:\Users\rockroland\AppData\Roaming\Media Player Classic
[1 C:\Users\rockroland\*.tmp files -> C:\Users\rockroland\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/28 11:36:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-850405567-2436268138-2046711074-1000UA.job
[2012/03/28 11:33:11 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 11:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/28 11:33:02 | 2138,427,391 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/28 11:28:22 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 11:26:07 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/28 09:24:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-850405567-2436268138-2046711074-1000Core.job
[2012/03/28 04:33:32 | 073,771,189 | ---- | M] () -- C:\Users\rockroland\Documents\Untitled (2).wma
[2012/03/28 02:29:50 | 000,193,559 | ---- | M] () -- C:\Users\rockroland\Documents\Untitled.wma
[2012/03/28 01:56:17 | 000,017,931 | ---- | M] () -- C:\Users\rockroland\Desktop\View Ticket.pdf
[2012/03/28 01:53:00 | 000,233,537 | ---- | M] () -- C:\Users\rockroland\Desktop\DEACTIVATION.pdf
[2012/03/28 01:05:44 | 000,003,609 | ---- | M] () -- C:\Windows\memgprep.dll
[2012/03/28 00:58:33 | 000,019,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 00:58:33 | 000,019,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 21:22:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/03/27 20:10:49 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/27 20:10:49 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/27 20:10:49 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/27 19:59:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/27 19:37:57 | 000,004,150 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/25 13:16:56 | 004,443,082 | R--- | M] (Swearware) -- C:\Users\rockroland\Desktop\ComboFix.exe
[2012/03/25 05:34:13 | 005,154,304 | ---- | M] () -- C:\Users\rockroland\WindowsDefender.msi
[2012/03/25 05:31:45 | 000,002,342 | ---- | M] () -- C:\Users\rockroland\Desktop\Google Chrome.lnk
[2012/03/25 04:37:23 | 552,870,912 | ---- | M] () -- C:\klucens.pst
[2012/03/25 01:40:10 | 000,001,183 | ---- | M] () -- C:\inlvCK.cpj
[2012/03/25 01:20:45 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/25 01:20:45 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/23 22:18:30 | 000,006,139 | ---- | M] () -- C:\amexrecent.csv
[2012/03/23 22:18:30 | 000,001,463 | ---- | M] () -- C:\Activity.CSV
[2012/03/23 22:18:30 | 000,000,415 | ---- | M] () -- C:\Acaativity.CSV
[2012/03/23 16:44:30 | 000,016,532 | ---- | M] () -- C:\2011-calendar-green-gray.gif
[2012/03/23 16:37:28 | 000,016,544 | ---- | M] () -- C:\2012-calendar-green-gray.gif
[2012/03/23 15:45:38 | 000,002,830 | ---- | M] () -- C:\itunes.csv
[2012/03/23 11:28:24 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012/03/23 09:52:31 | 011,249,006 | ---- | M] () -- C:\Rocky and Kate Roland - Refinance Application - 524 Vernon Glencoe, IL -.tif
[2012/03/23 09:49:58 | 000,315,772 | ---- | M] () -- C:\2012-2013-calendar.jpg
[2012/03/22 01:42:13 | 001,088,600 | ---- | M] () -- C:\Rocky and Kate Roland - Refinance Application - 524 Vernon Glencoe, IL 2012-03-22.pdf
[2012/03/21 01:08:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/19 22:06:19 | 000,000,304 | ---- | M] () -- C:\Windows\km32hlpr.dll
[2012/03/19 22:06:19 | 000,000,000 | ---- | M] () -- C:\Windows\wnsperf32.dll
[2012/03/19 22:06:19 | 000,000,000 | ---- | M] () -- C:\Windows\stdensrv.dll
[2012/03/19 22:06:19 | 000,000,000 | ---- | M] () -- C:\Windows\javexisb.dll
[2012/03/19 22:06:19 | 000,000,000 | ---- | M] () -- C:\Windows\javexisa.dll
[2012/03/19 22:06:19 | 000,000,000 | ---- | M] () -- C:\Windows\cr2gui32.dll
[2012/03/18 04:40:24 | 000,000,000 | ---- | M] () -- C:\secretxes.7z
[2012/03/16 17:22:36 | 000,000,000 | ---- | M] () -- C:\devynlover_2.7z
[2012/03/16 17:22:02 | 062,304,870 | ---- | M] () -- C:\msn_vids1.7z
[2012/03/16 17:21:08 | 000,000,000 | ---- | M] () -- C:\msn_vids2.7z
[2012/03/16 17:20:20 | 000,000,000 | ---- | M] () -- C:\devynlover.7z
[2012/03/16 11:50:53 | 000,184,924 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/03/15 21:19:39 | 000,360,205 | ---- | M] () -- C:\yep.JPG
[2012/03/15 21:19:28 | 000,374,133 | ---- | M] () -- C:\no no.JPG
[2012/03/15 13:28:40 | 000,695,957 | ---- | M] () -- C:\Unclaimed Property Form.pdf
[2012/03/15 11:35:52 | 000,119,274 | ---- | M] () -- C:\Users\rockroland\Desktop\Memo Style.pdf
[2012/03/15 11:27:44 | 000,128,664 | ---- | M] () -- C:\Users\rockroland\Desktop\www.amazon.com_gp_orc_returns_labels_load.pdf
[2012/03/14 17:44:29 | 000,410,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/12 15:49:56 | 000,001,033 | ---- | M] () -- C:\Users\rockroland\Desktop\WinDirStat.lnk
[2012/03/10 19:24:22 | 000,016,896 | ---- | M] () -- C:\Users\rockroland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/10 19:21:49 | 000,002,233 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/03/10 19:16:42 | 000,001,477 | ---- | M] () -- C:\Users\rockroland\Desktop\Berry Extract.lnk
[2012/03/10 15:18:06 | 000,359,788 | ---- | M] () -- C:\IMG00114-20120310-1418.jpg
[2012/03/10 15:17:50 | 000,296,848 | ---- | M] () -- C:\IMG00113-20120310-1417.jpg
[2012/03/10 15:17:12 | 000,380,950 | ---- | M] () -- C:\IMG00111-20120310-1417.jpg
[2012/03/10 15:15:16 | 000,400,851 | ---- | M] () -- C:\IMG00110-20120310-1415.jpg
[2012/03/10 15:15:04 | 000,420,802 | ---- | M] () -- C:\IMG00109-20120310-1415.jpg
[2012/03/10 15:14:34 | 000,121,838 | ---- | M] () -- C:\IMG00108-20120310-1414.jpg
[2012/03/10 15:14:24 | 000,272,828 | ---- | M] () -- C:\IMG00107-20120310-1414.jpg
[2012/03/10 15:14:08 | 008,164,239 | ---- | M] () -- C:\Goose 66 Vette.wmv
[2012/03/10 15:14:08 | 006,554,025 | ---- | M] () -- C:\Goose 66 Vette.3GP
[2012/03/10 14:57:04 | 003,959,410 | ---- | M] () -- C:\Goose Volo James Dean.3GP
[2012/03/10 14:54:00 | 005,586,650 | ---- | M] () -- C:\Goose at Volo Fins.3GP
[2012/03/10 14:49:54 | 003,516,848 | ---- | M] () -- C:\Goose at Volo.3GP
[2012/03/10 14:47:44 | 000,815,459 | ---- | M] () -- C:\Volo.3GP
[2012/03/07 17:03:40 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/06 23:10:24 | 000,177,787 | ---- | M] () -- C:\IMG00104-20120306-2210.jpg
[2012/03/06 23:09:46 | 000,181,922 | ---- | M] () -- C:\IMG00103-20120306-2209.jpg
[2012/03/06 23:08:56 | 000,230,421 | ---- | M] () -- C:\IMG00102-20120306-2208.jpg
[2012/03/06 23:07:12 | 000,508,423 | ---- | M] () -- C:\IMG00101-20120306-2207.jpg
[2012/03/06 23:06:38 | 000,563,666 | ---- | M] () -- C:\IMG00100-20120306-2206.jpg
[2012/03/06 06:53:07 | 000,001,431 | ---- | M] () -- C:\Windows\SplitCam.INI
[2012/03/05 23:08:57 | 000,001,996 | ---- | M] () -- C:\Users\rockroland\Desktop\Kindle.lnk
[2012/03/04 04:32:02 | 000,089,501 | ---- | M] () -- C:\Users\rockroland\Desktop\pdf_en_us_repairform.pdf
[2012/02/29 13:13:45 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
[1 C:\Users\rockroland\*.tmp files -> C:\Users\rockroland\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/28 11:28:22 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/28 04:33:32 | 073,771,189 | ---- | C] () -- C:\Users\rockroland\Documents\Untitled (2).wma
[2012/03/28 02:29:50 | 000,193,559 | ---- | C] () -- C:\Users\rockroland\Documents\Untitled.wma
[2012/03/28 01:51:58 | 000,233,537 | ---- | C] () -- C:\Users\rockroland\Desktop\DEACTIVATION.pdf
[2012/03/28 01:51:36 | 000,017,931 | ---- | C] () -- C:\Users\rockroland\Desktop\View Ticket.pdf
[2012/03/27 19:34:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/27 19:34:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/27 19:34:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/27 19:34:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/27 19:34:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/25 05:34:33 | 005,154,304 | ---- | C] () -- C:\Users\rockroland\WindowsDefender.msi
[2012/03/25 05:31:45 | 000,002,342 | ---- | C] () -- C:\Users\rockroland\Desktop\Google Chrome.lnk
[2012/03/25 05:31:12 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-850405567-2436268138-2046711074-1000UA.job
[2012/03/25 05:31:12 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-850405567-2436268138-2046711074-1000Core.job
[2012/03/25 01:40:10 | 000,001,183 | ---- | C] () -- C:\inlvCK.cpj
[2012/03/24 19:02:29 | 000,015,452 | R--- | C] () -- C:\Rocky and Ankur.jpg
[2012/03/23 16:44:33 | 000,016,532 | ---- | C] () -- C:\2011-calendar-green-gray.gif
[2012/03/23 16:37:33 | 000,016,544 | ---- | C] () -- C:\2012-calendar-green-gray.gif
[2012/03/23 16:22:03 | 000,000,415 | ---- | C] () -- C:\Acaativity.CSV
[2012/03/23 16:21:50 | 000,001,463 | ---- | C] () -- C:\Activity.CSV
[2012/03/23 16:17:27 | 000,006,139 | ---- | C] () -- C:\amexrecent.csv
[2012/03/23 15:45:15 | 000,002,830 | ---- | C] () -- C:\itunes.csv
[2012/03/23 11:28:24 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012/03/23 09:50:44 | 000,315,772 | ---- | C] () -- C:\2012-2013-calendar.jpg
[2012/03/22 01:42:13 | 001,088,600 | ---- | C] () -- C:\Rocky and Kate Roland - Refinance Application - 524 Vernon Glencoe, IL 2012-03-22.pdf
[2012/03/22 01:39:00 | 011,249,006 | ---- | C] () -- C:\Rocky and Kate Roland - Refinance Application - 524 Vernon Glencoe, IL -.tif
[2012/03/19 19:59:58 | 000,035,027 | ---- | C] () -- C:\Windows\prfsmgr.chm
[2012/03/19 19:59:29 | 000,006,718 | ---- | C] () -- C:\Users\rockroland\Desktop\SystemSrvPro.htm
[2012/03/19 19:59:22 | 010,989,568 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2012/03/19 19:59:17 | 000,003,609 | ---- | C] () -- C:\Windows\memgprep.dll
[2012/03/19 19:59:17 | 000,000,304 | ---- | C] () -- C:\Windows\km32hlpr.dll
[2012/03/19 19:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\wnsperf32.dll
[2012/03/19 19:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\stdensrv.dll
[2012/03/19 19:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\javexisb.dll
[2012/03/19 19:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\javexisa.dll
[2012/03/19 19:59:17 | 000,000,000 | ---- | C] () -- C:\Windows\cr2gui32.dll
[2012/03/19 11:01:34 | 028,136,960 | ---- | C] () -- C:\cassie41msn.avi
[2012/03/18 04:40:24 | 000,000,000 | ---- | C] () -- C:\secretxes.7z
[2012/03/16 17:22:36 | 000,000,000 | ---- | C] () -- C:\devynlover_2.7z
[2012/03/16 17:21:29 | 062,304,870 | ---- | C] () -- C:\msn_vids1.7z
[2012/03/16 17:21:08 | 000,000,000 | ---- | C] () -- C:\msn_vids2.7z
[2012/03/16 17:20:20 | 000,000,000 | ---- | C] () -- C:\devynlover.7z
[2012/03/15 13:28:40 | 000,695,957 | ---- | C] () -- C:\Unclaimed Property Form.pdf
[2012/03/15 11:35:52 | 000,119,274 | ---- | C] () -- C:\Users\rockroland\Desktop\Memo Style.pdf
[2012/03/15 11:27:44 | 000,128,664 | ---- | C] () -- C:\Users\rockroland\Desktop\www.amazon.com_gp_orc_returns_labels_load.pdf
[2012/03/12 15:49:56 | 000,001,033 | ---- | C] () -- C:\Users\rockroland\Desktop\WinDirStat.lnk
[2012/03/12 13:32:13 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 13:32:13 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/10 19:46:55 | 000,164,864 | -H-- | C] () -- C:\3475732849_10.qcp
[2012/03/10 19:46:55 | 000,027,648 | ---- | C] () -- C:\3475732849_7.qcp
[2012/03/10 19:46:54 | 000,027,648 | ---- | C] () -- C:\3475732849_5.qcp
[2012/03/10 19:46:54 | 000,024,576 | ---- | C] () -- C:\3475732849_6.qcp
[2012/03/10 19:21:49 | 000,002,233 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/03/10 19:16:42 | 000,001,477 | ---- | C] () -- C:\Users\rockroland\Desktop\Berry Extract.lnk
[2012/03/10 15:18:06 | 000,359,788 | ---- | C] () -- C:\IMG00114-20120310-1418.jpg
[2012/03/10 15:17:50 | 000,296,848 | ---- | C] () -- C:\IMG00113-20120310-1417.jpg
[2012/03/10 15:17:10 | 000,380,950 | ---- | C] () -- C:\IMG00111-20120310-1417.jpg
[2012/03/10 15:15:14 | 000,400,851 | ---- | C] () -- C:\IMG00110-20120310-1415.jpg
[2012/03/10 15:15:04 | 000,420,802 | ---- | C] () -- C:\IMG00109-20120310-1415.jpg
[2012/03/10 15:14:34 | 000,121,838 | ---- | C] () -- C:\IMG00108-20120310-1414.jpg
[2012/03/10 15:14:24 | 000,272,828 | ---- | C] () -- C:\IMG00107-20120310-1414.jpg
[2012/03/10 15:12:50 | 008,164,239 | ---- | C] () -- C:\Goose 66 Vette.wmv
[2012/03/10 15:12:50 | 006,554,025 | ---- | C] () -- C:\Goose 66 Vette.3GP
[2012/03/10 14:55:52 | 003,959,410 | ---- | C] () -- C:\Goose Volo James Dean.3GP
[2012/03/10 14:52:36 | 005,586,650 | ---- | C] () -- C:\Goose at Volo Fins.3GP
[2012/03/10 14:48:46 | 003,516,848 | ---- | C] () -- C:\Goose at Volo.3GP
[2012/03/10 14:46:58 | 000,815,459 | ---- | C] () -- C:\Volo.3GP
[2012/03/07 17:03:40 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/06 23:10:24 | 000,177,787 | ---- | C] () -- C:\IMG00104-20120306-2210.jpg
[2012/03/06 23:09:44 | 000,181,922 | ---- | C] () -- C:\IMG00103-20120306-2209.jpg
[2012/03/06 23:08:54 | 000,230,421 | ---- | C] () -- C:\IMG00102-20120306-2208.jpg
[2012/03/06 23:07:12 | 000,508,423 | ---- | C] () -- C:\IMG00101-20120306-2207.jpg
[2012/03/06 23:06:36 | 000,563,666 | ---- | C] () -- C:\IMG00100-20120306-2206.jpg
[2012/03/05 23:08:57 | 000,001,996 | ---- | C] () -- C:\Users\rockroland\Desktop\Kindle.lnk
[2012/02/29 14:39:46 | 552,870,912 | ---- | C] () -- C:\klucens.pst
[2012/02/09 00:32:56 | 000,001,431 | ---- | C] () -- C:\Windows\SplitCam.INI
[2012/02/08 03:56:55 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/02/08 03:56:55 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/08 03:56:53 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/02/01 05:30:53 | 000,016,896 | ---- | C] () -- C:\Users\rockroland\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/26 05:51:20 | 000,000,027 | ---- | C] () -- C:\Windows\msrresmap.dll
[2012/01/21 10:56:56 | 000,000,000 | ---- | C] () -- C:\Windows\f5unistall.INI
[2012/01/15 05:26:21 | 000,000,600 | ---- | C] () -- C:\Users\rockroland\AppData\Local\PUTTY.RND
[2011/10/30 16:42:14 | 000,000,151 | ---- | C] () -- C:\Users\rockroland\AppData\Roaming\burnaware.ini
[2011/08/17 11:14:25 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/08/03 19:31:35 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/08/03 19:31:35 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/04/26 12:26:20 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 12:26:20 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/03/26 01:21:30 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011/01/17 13:53:24 | 000,184,924 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/11/24 02:36:56 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2010/10/24 00:35:05 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/13 17:48:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/10/09 17:27:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010/10/07 15:54:25 | 000,000,466 | ---- | C] () -- C:\Windows\apdfpr.ini
[2010/08/25 23:53:16 | 000,000,173 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/08/24 15:55:43 | 000,000,116 | ---- | C] () -- C:\Windows\ConverterCore.INI
[2010/08/11 13:15:27 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/08/10 18:45:51 | 000,004,150 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/10 01:22:32 | 000,007,598 | ---- | C] () -- C:\Users\rockroland\AppData\Local\Resmon.ResmonCfg
[2010/07/18 15:15:22 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/07/18 14:29:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/21 14:38:00 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
========== LOP Check ==========
[2011/09/09 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\BDREBUILDER
[2012/03/25 01:44:02 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\DMCache
[2012/01/26 15:39:18 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\ExpanDrive
[2010/08/11 10:58:08 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\FileOpen
[2012/03/28 02:34:37 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\FileZilla
[2011/04/24 14:29:08 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\GetRightToGo
[2012/03/18 04:35:39 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\IDM
[2012/01/31 20:25:16 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\IMCapture for Skype
[2011/01/11 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\Internet Chess Club
[2012/02/18 18:54:51 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\Jason Robitaille
[2011/10/23 20:24:54 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\Leadertech
[2010/09/11 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\Passware
[2012/02/09 18:55:09 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\Research In Motion
[2010/08/28 16:57:00 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\SlySoft
[2012/03/28 02:06:25 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\SolidDocuments
[2010/12/11 15:42:32 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\SoundSpectrum
[2011/08/01 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\uTorrent
[2010/09/18 14:03:10 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\YCanPDF
[2012/03/06 01:39:57 | 000,000,000 | ---D | M] -- C:\Users\rockroland\AppData\Roaming\YouSendIt
[2012/03/03 01:57:25 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: CONSRV.DLL >
[2009/07/13 21:39:46 | 000,051,712 | ---- | M] () MD5=CEF08BD499D029B6E685850CAC86F749 -- C:\Windows\SysNative\consrv.dll
[2009/07/13 21:39:46 | 000,051,712 | ---- | M] () MD5=CEF08BD499D029B6E685850CAC86F749 -- C:\Windows\system64\consrv.dll
< MD5 for: EXPLORER.EXE >
[2010/07/18 15:18:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/18 15:19:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/07/18 15:18:50 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/07/18 15:18:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/18 15:19:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/07/18 15:18:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/18 15:19:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/07/18 15:18:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/18 15:19:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/07/18 15:18:50 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/07/18 15:18:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/07/18 15:18:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/07/18 15:19:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/07/18 15:19:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s >
< %Temp%\smtmp\1\*.* >
< %Temp%\smtmp\2\*.* >
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: ALIENWARE
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 8 GB Healthy System
Volume 2 C OS NTFS Partition 229 GB Healthy Boot
Volume 3 D DATAPART1 NTFS Partition 238 GB Healthy
< >
< End of report >
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-28 11:50:16
-----------------------------
11:50:16.072 OS Version: Windows x64 6.1.7601 Service Pack 1
11:50:16.072 Number of processors: 8 586 0x1E05
11:50:16.072 ComputerName: ALIENWARE UserName:
11:50:16.634 Initialize success
11:51:00.938 AVAST engine defs: 12032801
11:51:05.571 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:51:05.571 Disk 0 Vendor: SAMSUNG_ VBM2 Size: 244198MB BusType: 3
11:51:05.571 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
11:51:05.571 Disk 1 Vendor: SAMSUNG_ VBM2 Size: 244198MB BusType: 3
11:51:05.571 Disk 0 MBR read successfully
11:51:05.587 Disk 0 MBR scan
11:51:05.587 Disk 0 Windows 7 default MBR code
11:51:05.587 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
11:51:05.587 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9118 MB offset 208896
11:51:05.602 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 234977 MB offset 18882560
11:51:05.602 Disk 0 scanning C:\Windows\system32\drivers
11:51:11.983 Service scanning
11:51:20.251 Service sfilter C:\Windows\system32\MobilePreInstallerService.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:51:22.591 Modules scanning
11:51:22.591 Disk 0 trace - called modules:
11:51:22.591 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys iaStor.sys hal.dll
11:51:22.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cb5790]
11:51:22.606 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8007bbace0]
11:51:22.606 5 stdflt.sys[fffff88001b65a4a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a40050]
11:51:31.530 AVAST engine scan C:\Windows
11:51:32.762 AVAST engine scan C:\Windows\system32
11:51:36.178 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
11:51:36.241 File: C:\Windows\system32\crauto.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:51:44.525 File: C:\Windows\system32\lxrjd31s.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:51:45.461 File: C:\Windows\system32\MobilePreInstallerService.dll **INFECTED** Win64:ZAccess-E [Rtk]
11:52:04.867 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:52:05.351 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:52:28.579 AVAST engine scan C:\Windows\system32\drivers
11:52:31.933 AVAST engine scan C:\Users\rockroland
11:52:34.928 File: C:\Users\rockroland\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe **INFECTED** Win32:Malware-gen
11:52:34.959 File: C:\Users\rockroland\AppData\Local\Google\Update\1.3.21.111\GoogleUpdate.exe **INFECTED** Win32:Trojan-gen
11:52:35.365 File: C:\Users\rockroland\AppData\Local\Google\Update\GoogleUpdate.exe **INFECTED** Win32:Trojan-gen
11:52:55.520 AVAST engine scan C:\ProgramData
11:53:04.709 Scan finished successfully
11:53:23.881 Disk 0 MBR has been saved successfully to "C:\Installs\VirusTools\MBR.dat"
11:53:23.897 The log file has been saved successfully to "C:\Installs\VirusTools\aswMBR.txt"