Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Win32 Sirefef, Sirefef.AO, .AG and .AN

Started by mjlx , Jul 15 2012 03:27 PM

  • Please log in to reply

#1
mjlx
Posted 15 July 2012 - 03:27 PM

mjlx

    Member

  • Member
  • PipPip
  • 18 posts
Hi,
I seem to have picked up the Trojan Win32 Sirefef. My Microsoft Security Essentials seems to try to clean all four parts of it every 15 min or so. Other than that I 'm not really having any noticeable symptoms, although I'm sure its doing something I don't want it to be doing. I tried to remove it with Malwarebytes but that hasn't helped. Other than that I haven't done anything. Any help would be appreciated.

Thanks


Below are my OTL Txt log and OTL Extras Txt Log



OTL logfile created on: 7/15/2012 4:48:39 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 72.84% Memory free
4.94 Gb Paging File | 4.23 Gb Available in Paging File | 85.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 2.63 Gb Free Space | 0.88% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 219.53 Gb Free Space | 94.26% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 45.21 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 67.26 Gb Free Space | 28.88% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MICHAEL-117087D | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2012/06/15 21:51:07 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 17:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 21:51:06 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/13 19:19:35 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/15 21:51:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/10 20:47:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Michael\LOCALS~1\Temp\ugldipob.sys -- (ugldipob)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MtxVxd.sys -- (MtxVxd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/15 16:08:29 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2B97E78-CD81-423A-9044-861F19A40C1B}\MpKslf69b5f9c.sys -- (MpKslf69b5f9c)
DRV - [2012/03/11 17:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 17:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 17:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/11 09:02:31 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rig3avs.sys -- (rig3avs)
DRV - [2011/04/11 09:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rig3usb.sys -- (rig3usb_svc)
DRV - [2011/03/08 01:00:54 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/12/07 17:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010/12/07 15:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/10/20 19:38:52 | 000,110,824 | ---- | M] (PolderbitS Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pbsaudrv.sys -- (PbsAuDrv)
DRV - [2010/09/07 22:20:56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/09 17:41:18 | 000,061,424 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOutput.sys -- (mvkOutput)
DRV - [2010/03/09 17:41:18 | 000,054,256 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkTransfer.sys -- (mvkTransfer)
DRV - [2010/03/09 17:41:18 | 000,047,984 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkSystemClock.sys -- (mvkSystemClock)
DRV - [2010/03/09 17:41:16 | 006,627,184 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkBus.sys -- (mvkBus)
DRV - [2010/03/09 17:41:16 | 000,256,624 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOnBrdIOdsxle.sys -- (mvkOnBrdIOdsxle)
DRV - [2010/03/09 17:41:16 | 000,055,664 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMisc.sys -- (mvkMisc)
DRV - [2010/03/09 17:41:16 | 000,055,024 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkInput.sys -- (mvkInput)
DRV - [2010/03/09 17:41:16 | 000,047,600 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkLQScaler.sys -- (mvkLQScaler)
DRV - [2010/03/09 17:41:16 | 000,042,480 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMemManager.sys -- (mvkMemManager)
DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/18 10:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 10:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 14:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 14:46:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/01/01 04:02:44 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/11 03:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006/05/12 13:08:14 | 000,196,476 | ---- | M] (Canopus Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmkrnl.sys -- (stmkrnl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3007394
IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.mlb.com/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {167d9323-f7cc-48f5-948a-6f012831a69f}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.2
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 21:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 20:58:47 | 000,000,000 | ---D | M]

[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions\[email protected]
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions
[2011/10/16 00:00:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/18 23:33:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2011/07/27 11:46:34 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\conduit.xml
[2011/03/08 01:00:48 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\daemon-search.xml
[2012/03/18 15:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 21:51:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/19 15:17:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/15 21:51:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 21:51:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2006/02/10 20:35:51 | 000,001,200 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R220 Series on MICHAEL-F15FBBC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: matrox.com ([www] http in Trusted sites)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s.work4sure...ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86F73A98-24E4-456F-A10B-8E84EE3B482D}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/17 20:29:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/11 01:50:28 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{110263f5-0651-11e1-a36e-00270e051de9}\Shell - "" = AutoRun
O33 - MountPoints2\{110263f5-0651-11e1-a36e-00270e051de9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{110263f5-0651-11e1-a36e-00270e051de9}\Shell\AutoRun\command - "" = H:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 23:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/12 22:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/12 22:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/12 19:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2012/07/12 18:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/07/12 17:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/12 17:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/23 18:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/28 14:25:11 | 017,327,195 | ---- | C] (Mooii) -- C:\Program Files\PhotoScapeSetup_V3.5.exe
[2010/11/03 16:01:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Michael\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/07/15 16:08:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/15 15:35:50 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/07/15 15:02:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/15 14:51:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/15 14:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/12 23:59:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:45:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/12 23:34:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/12 23:10:59 | 000,001,573 | ---- | M] () -- C:\WINDOWS\CANOPUS.INI
[2012/07/12 22:41:58 | 000,003,181 | ---- | M] () -- C:\WINDOWS\StmEdit.INI
[2012/07/11 17:30:10 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 16:24:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 16:20:44 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\MS Word.lnk
[2012/07/10 23:17:34 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/07/08 20:03:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/08 19:42:47 | 000,145,920 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/07 15:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 19:26:01 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/28 19:45:15 | 000,001,372 | ---- | M] () -- C:\WINDOWS\StmVideo.INI
[2012/06/23 18:20:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/15 16:08:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/12 23:59:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:52:21 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\00000008.@
[2012/07/12 23:52:21 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000032.@
[2012/07/12 23:52:09 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000000.@
[2012/07/12 23:52:07 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\000000cb.@
[2012/07/12 23:52:06 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\00000004.@
[2012/07/12 23:44:40 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/12 23:44:39 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/07/12 23:34:41 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 17:53:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/12 17:37:01 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{add94319-645d-2943-6f4a-b9a5eb393140}\L\00000004.@
[2012/06/25 21:14:50 | 000,002,481 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/23 18:20:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/16 13:35:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/30 16:58:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/30 16:57:56 | 000,042,289 | ---- | C] () -- C:\WINDOWS\System32\uninstall.exe
[2011/08/09 21:32:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/07/29 17:35:02 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/07/29 17:31:08 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/29 17:52:52 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2011/06/29 17:52:52 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2011/06/29 17:52:49 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2011/06/29 17:52:49 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/06/01 16:39:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/06/01 16:39:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/06/01 16:39:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2011/04/20 18:26:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2011/03/07 16:20:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2011/03/07 15:13:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/01/25 02:10:53 | 000,852,267 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-1450960922-725345543-1003-0.dat
[2011/01/25 02:10:53 | 000,335,358 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/13 23:29:20 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/27 16:56:38 | 000,001,121 | ---- | C] () -- C:\WINDOWS\stmaudio.INI
[2010/11/03 16:01:35 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\inst.exe
[2010/11/03 16:01:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.cat
[2010/11/03 16:01:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.inf
[2010/10/27 14:56:33 | 000,001,372 | ---- | C] () -- C:\WINDOWS\StmVideo.INI
[2010/10/26 23:23:57 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/23 17:40:25 | 000,145,920 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 19:38:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv64_32.dat
[2010/10/19 21:51:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010/10/18 23:52:30 | 000,127,743 | ---- | C] () -- C:\WINDOWS\hpgins24.dat
[2010/10/18 23:52:30 | 000,000,308 | ---- | C] () -- C:\WINDOWS\hpgmdl24.dat
[2010/10/18 19:15:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/18 19:15:45 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/18 19:15:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/18 00:22:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/17 21:51:17 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Michael\Adobe Encore_AME.pref
[2010/10/17 21:16:06 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/17 21:00:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/17 20:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/17 20:37:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat
[2010/10/17 20:31:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 20:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/17 19:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2010/10/17 19:31:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/17 19:31:52 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/17 19:31:52 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/17 19:31:52 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/17 19:31:52 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/17 19:31:52 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/17 19:31:52 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/17 19:31:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/17 19:31:52 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/17 19:31:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/17 19:30:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/10/17 19:30:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2010/10/17 19:05:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\stmconf.INI
[2010/10/17 19:03:48 | 000,003,181 | ---- | C] () -- C:\WINDOWS\StmEdit.INI
[2010/10/17 18:42:33 | 000,001,573 | ---- | C] () -- C:\WINDOWS\CANOPUS.INI
[2010/10/17 13:21:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/17 13:20:19 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 07:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{add94319-645d-2943-6f4a-b9a5eb393140}\@
[2004/08/10 07:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\@

========== LOP Check ==========

[2011/03/09 21:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/03/17 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/28 16:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/03/08 01:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/06/01 16:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2012/01/21 16:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/01/10 17:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/03/30 21:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/02/23 18:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/10/17 23:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/21 17:02:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
[2011/03/03 14:40:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2011/03/03 14:43:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/03/03 14:40:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2012/01/21 16:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2012/02/23 18:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\.keys
[2011/03/09 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Ableton
[2011/08/01 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\avidemux
[2012/03/02 00:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\calibre
[2011/03/08 01:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
[2012/07/01 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio
[2011/01/25 00:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2012/02/03 20:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gtk-2.0
[2011/07/27 20:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Gui4Cli
[2011/07/27 17:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HandBrake
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Image Zone Express
[2011/03/15 20:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2010/10/17 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PACE Anti-Piracy
[2011/07/28 14:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PhotoScape
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Printer Info Cache
[2011/03/30 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Publish Providers
[2011/03/30 21:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sony
[2011/02/11 00:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SystemRequirementsLab
[2012/03/07 00:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\uTorrent
[2010/11/03 16:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Vso
[2011/07/29 17:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WhiteSmoke
[2010/10/18 19:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search
[2012/02/23 16:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Xilisoft Corporation
[2012/07/15 15:35:50 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:2775F9E2
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:FC66352D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:888AFB86

< End of report >












OTL Extras logfile created on: 7/15/2012 4:48:39 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 72.84% Memory free
4.94 Gb Paging File | 4.23 Gb Available in Paging File | 85.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 2.63 Gb Free Space | 0.88% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 219.53 Gb Free Space | 94.26% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 45.21 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 67.26 Gb Free Space | 28.88% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MICHAEL-117087D | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{315DF43B-7BFC-40E7-A1A7-BEBA128D4C03}" = hpg2436
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3528D0DC-EAFD-49C0-ABA0-F961A402375B}" = Xplode Basics Pack
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5E9549E0-8DD4-11D4-ADD5-0090CCA4CDEF}" = MPEG SoftEncoder
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6515706C-1369-4B6D-8C20-F1E27E8B457C}" = XPlode Basics Gallery
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D55C2B4-023C-11E0-9D76-1DA1DFD72085}" = M-Audio FastTrackPro Driver 6.0.7 (x86)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72196DB6-2C04-4303-808B-0B57A4383179}" = Canopus DV Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{80C3019B-3BA4-4674-AC90-A0B402593BA5}_is1" = WMP Tag Plus 1.2
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}" = HP Scanjet 2400 and 3600 series 9.0
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96472D82-0239-11E0-9776-199EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x86)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE24AB71-85E9-45D8-8F5D-661430182197}" = DirectShow .SHN FIlter
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB712A6-D11C-4CFF-A5B9-A51F004F998B}" = hpg2436QFolder
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3D952E-DDCD-44FB-8601-63808B8807D7}" = StormEncoder
"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2420667-5D4E-4125-A797-15C5886FE495}" = DVStorm-RT
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Aimersoft Audio Converter_is1" = Aimersoft Audio Converter(Build 2.2.0.37)
"Aimersoft DVD Copy_is1" = Aimersoft DVD Copy(Build 2.0.0.16)
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.1.1.0)
"Aimersoft DVD Ripper_is1" = Aimersoft DVD Ripper(Build 2.2.0.27)
"Aimersoft DVD Studio Pack_is1" = Aimersoft DVD Studio Pack(Build 2.2.0.19)
"Aimersoft Video Converter_is1" = Aimersoft Video Converter(Build 2.2.0.19)
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BFGC" = Big Fish Games: Game Manager
"Blu-ray to DVD Pro_is1" = Blu-ray to DVD Pro ver 2.70
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon Camera WIA Driver IXY 200a, PowerShot S200, IXUS v2" = Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter2" = Canon Utilities RAW Image Converter2
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.6.5 (27/12/2010)
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"FLAC" = FLAC 1.2.1b (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter Studio_is1" = Free YouTube to MP3 Converter Studio 7.1
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.5
"HFSExplorer" = HFSExplorer 0.21
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Live 8.1.4" = Live 8.1.4
"Magic Bullet Looks PPro" = Magic Bullet Looks PPro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Monkey's Audio_is1" = Monkey's Audio
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Rig Kontrol 3" = Native Instruments Rig Kontrol 3
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PhotoRecord" = Canon PhotoRecord
"PhotoScape" = PhotoScape
"PolderbitSRecorder" = PolderbitS Sound Recorder and Editor
"r8brain" = r8brain 1.9
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCapture" = Canon Utilities RemoteCapture 2.4
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Silent Package Run-Time Sample" = EPSON ESPR220 Reference Guide
"SSC Service Utility_is1" = SSC Service Utility v4.30
"SystemRequirementsLab" = System Requirements Lab
"TradersLittleHelper_is1" = Trader's Little Helper 2.6.0
"uTorrent" = µTorrent
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2012 5:58:27 PM | Computer Name = MICHAEL-117087D | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 5/22/2012 7:52:00 PM | Computer Name = MICHAEL-117087D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/12/2012 4:18:38 PM | Computer Name = MICHAEL-117087D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/12/2012 9:57:55 PM | Computer Name = MICHAEL-117087D | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 6/19/2012 7:51:36 PM | Computer Name = MICHAEL-117087D | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/8/2012 11:56:45 PM | Computer Name = MICHAEL-117087D | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0425ceb0.

Error - 7/12/2012 11:21:46 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Security Client | ID = 5000
Description =

Error - 7/12/2012 11:23:27 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Security Client | ID = 5000
Description =

Error - 7/12/2012 11:34:37 PM | Computer Name = MICHAEL-117087D | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 7/13/2012 12:09:04 AM | Computer Name = MICHAEL-117087D | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8502.0, P3 1.129.1557.0, P4 1.129.1557.0, P5 0000055572ad0e0a_03e970c8b4b3f67dc58d647512e27afbcc7f525a,
P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 7/15/2012 3:53:34 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147646306

Name:
Trojan:Win32/Sirefef ID: 2147646306 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\00000004.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:53:39 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147655289

Name:
Trojan:Win32/Sirefef.AG ID: 2147655289 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000000.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:53:48 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147646306

Name:
Trojan:Win32/Sirefef ID: 2147646306 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\000000cb.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:53:53 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147658140

Name:
Trojan:Win32/Sirefef.AO ID: 2147658140 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\00000008.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:53:53 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147657992

Name:
Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000032.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:57:32 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147655289

Name:
Trojan:Win32/Sirefef.AG ID: 2147655289 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000000.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:57:38 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147646306

Name:
Trojan:Win32/Sirefef ID: 2147646306 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\00000004.@;file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\000000cb.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:57:38 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147658140

Name:
Trojan:Win32/Sirefef.AO ID: 2147658140 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\00000008.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:57:38 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147657992

Name:
Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000032.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0

Error - 7/15/2012 3:57:54 PM | Computer Name = MICHAEL-117087D | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147657992

Name:
Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: file:_C:\Documents
and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000032.@

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: NT AUTHORITY\SYSTEM

Process
Name: C:\WINDOWS\explorer.exe Action: %%809 Action Status: No additional actions
required Error Code: 0x80070070 Error description: There is not enough space on the
disk. Signature Version: AV: 1.129.1723.0, AS: 1.129.1723.0, NIS: 0.0.0.0 Engine
Version: AM: 1.1.8502.0, NIS: 0.0.0.0


< End of report >
  • 0

Advertisements

#2
azarl
Posted 16 July 2012 - 04:28 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

I'm Azarl and I'm going to try and assist you with this problem

Firstly...
Your computer has an infection that cannot always be removed from PCs running Windows XP, so it is possible but unlikely that we may have to reformat and reinstall Windows. I suggest before we start that you make a copy of any important data.

Moving on to fixing the infection...

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply
  • 0

#3
mjlx
Posted 16 July 2012 - 06:22 PM

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi Azarl,

Thanks for replying and thanks in advance for all your help.

here is the combofix log.




ComboFix 12-07-16.01 - Michael 07/16/2012 19:49:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2283 [GMT -4:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\All Users\Start Menu\Programs\XPlode Basics \Gallery.lnk
c:\documents and settings\Michael\Application Data\inst.exe
c:\documents and settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}
c:\documents and settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\@
c:\documents and settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\n
c:\documents and settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\00000004.@
c:\documents and settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\00000008.@
c:\documents and settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\000000cb.@
c:\documents and settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000000.@
c:\documents and settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\80000032.@
c:\documents and settings\Michael\Local Settings\Temporary Internet Files\cookies.sqlite
c:\documents and settings\Michael\WINDOWS
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{add94319-645d-2943-6f4a-b9a5eb393140}
c:\windows\Installer\{add94319-645d-2943-6f4a-b9a5eb393140}\@
c:\windows\Installer\{add94319-645d-2943-6f4a-b9a5eb393140}\L\00000004.@
c:\windows\Installer\{add94319-645d-2943-6f4a-b9a5eb393140}\L\201d3dde
c:\windows\system32\office.exe
c:\windows\system32\SET10.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SETA.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETF.tmp
c:\windows\system32\tempdir
c:\windows\system32\tempdir\tinypdf.chm
c:\windows\system32\tempdir\tinypdf.dll
c:\windows\system32\tempdir\tinypdf1.dll
c:\windows\system32\tempdir\tinypdf2.dll
c:\windows\system32\uninstall.exe
c:\documents and settings\All Users\Start Menu\Programs\XPlode Basics . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 01:09 . 2012-05-31 00:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9159C6BF-21A0-410A-B396-2B08C0420B3B}\mpengine.dll
2012-07-15 19:03 . 2012-05-31 00:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 03:34 . 2012-07-13 03:34 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-12 23:43 . 2012-07-12 23:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2012-07-12 21:51 . 2012-07-12 21:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2010-10-19 03:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2004-08-10 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2005-09-08 05:03 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-10 11:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-10-18 00:28 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-10-18 00:28 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2010-10-18 00:28 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-10-18 00:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2010-10-18 00:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 02:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-10 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-10-18 00:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-10-18 00:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-03-18 14:16 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2011-03-18 14:16 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2011-03-18 14:16 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-10-18 00:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-07-28 18:25 . 2011-07-28 18:25 17327195 ----a-w- c:\program files\PhotoScapeSetup_V3.5.exe
2012-06-16 01:51 . 2011-10-15 02:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-08 19573352]
"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-09 98304]
"Auto EPSON Stylus Photo R220 Series on MICHAEL-F15FBBC"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-09 98304]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PolderbitS Audio Driver Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PolderbitS Audio Driver Monitor.lnk
backup=c:\windows\pss\PolderbitS Audio Driver Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Michael\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Michael\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-03-26 13:00 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-03-27 09:40 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 01:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2010-12-07 21:08 644104 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/11/2010 12:40 AM 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/11/2010 12:40 AM 31704]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/8/2011 1:00 AM 218688]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/7/2011 11:33 AM 3857408]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2/23/2012 4:51 PM 66944]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [10/20/2010 7:38 PM 110824]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/3/2010 4:01 PM 47360]
R3 stmkrnl;stmkrnl;c:\windows\system32\drivers\stmkrnl.sys [10/17/2010 6:42 PM 196476]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/17/2010 6:27 PM 1691480]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [3/3/2011 1:51 AM 158344]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [3/18/2011 10:40 AM 158600]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 11:01 PM 113120]
S3 MtxVxd;MtxVxd;\??\c:\windows\system32\drivers\MtxVxd.sys --> c:\windows\system32\drivers\MtxVxd.sys [?]
S3 mvkBus;mvkBus;c:\windows\system32\drivers\mvkBus.sys [6/1/2011 7:41 AM 6627184]
S3 mvkInput;mvkInput;c:\windows\system32\drivers\mvkInput.sys [6/1/2011 7:41 AM 55024]
S3 mvkLQScaler;mvkLQScaler;c:\windows\system32\drivers\mvkLQScaler.sys [6/1/2011 7:41 AM 47600]
S3 mvkMemManager;mvkMemManager;c:\windows\system32\drivers\mvkMemManager.sys [6/1/2011 7:41 AM 42480]
S3 mvkMisc;mvkMisc;c:\windows\system32\drivers\mvkMisc.sys [6/1/2011 7:41 AM 55664]
S3 mvkOnBrdIOdsxle;mvkOnBrdIOdsxle;c:\windows\system32\drivers\mvkOnBrdIOdsxle.sys [6/1/2011 7:41 AM 256624]
S3 mvkOutput;mvkOutput;c:\windows\system32\drivers\mvkOutput.sys [6/1/2011 7:41 AM 61424]
S3 mvkSystemClock;mvkSystemClock;c:\windows\system32\drivers\mvkSystemClock.sys [6/1/2011 7:41 AM 47984]
S3 mvkTransfer;mvkTransfer;c:\windows\system32\drivers\mvkTransfer.sys [6/1/2011 7:41 AM 54256]
S3 rig3avs;Rig Kontrol 3 WDM Audio;c:\windows\system32\drivers\rig3avs.sys [1/21/2012 5:02 PM 346192]
S3 rig3usb_svc;Rig Kontrol 3;c:\windows\system32\drivers\rig3usb.sys [1/21/2012 5:02 PM 95312]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-07-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3007394
uInternet Settings,ProxyOverride = *.local
IE: &Save the YouTube video as MP3 - c:\documents and settings\Michael\Application Data\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: matrox.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mlb.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared files\brs.exe
MSConfigStartUp-mveShellExtensionServer - c:\program files\Matrox Mx.tools\system\mveShellExtensionServer.exe
MSConfigStartUp-MveXinfo - c:\program files\Matrox Mx.tools\system\MveXinfo.exe
MSConfigStartUp-RemoteControl10 - c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
MSConfigStartUp-ServerTrayApp - c:\program files\Matrox Mx.tools\WYSIWYG Plug-ins\mveServerTrayApp.exe
MSConfigStartUp-ShellExtensionApp - c:\program files\Matrox Mx.tools\WYSIWYG Plug-ins\mveShellExtensionServer.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10x_Plugin.exe
AddRemove-HaaliMkx - c:\windows\system32\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-16 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f3,46,09,1a,5d,cc,e7,ad,3c,e7,dc,7b,07,23,d0,17,18,bc,3e,4b,fb,
52,25,30,5a,c4,c6,05,bd,fe,54,e0,4a,f5,47,c7,86,96,b2,e1,17,22,25,16,3a,b4,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f3,46,09,1a,5d,cc,e7,ad,3c,e7,dc,7b,07,23,d0,17,18,bc,3e,4b,fb,
52,25,30,5a,c4,c6,05,bd,fe,54,e0,4a,f5,47,c7,86,96,b2,e1,17,22,25,16,3a,b4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2352)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-16 20:05:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 00:05
.
Pre-Run: 2,737,356,800 bytes free
Post-Run: 12,105,916,416 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /3GB /USERVA=2700
.
- - End Of File - - 4EFB25F8081DCA31983C0D6A07421D53
  • 0

#4
azarl
Posted 17 July 2012 - 06:53 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
We'll check and see if the malware has damaged any file permissions

»Firstly ..«
  • Please download Junction.zip and save it to your desktop.
  • Open the zip and extract junction.exe to your desktop
»Next ..«
  • Download OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    "%userprofile%\desktop\junction.exe" -s /C

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and paste into your reply.
  • 0

#5
mjlx
Posted 17 July 2012 - 03:22 PM

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here is the OTL log.




OTL logfile created on: 7/17/2012 5:16:59 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.46% Memory free
4.94 Gb Paging File | 4.38 Gb Available in Paging File | 88.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 28.59 Gb Free Space | 9.59% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 223.51 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 48.96 Gb Free Space | 10.51% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 67.21 Gb Free Space | 28.86% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: MICHAEL-117087D | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 17:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 15:55:42 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\b1b57351a88c0c9c46bd9424347336ea\System.Management.ni.dll
MOD - [2012/02/16 15:55:37 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
MOD - [2012/02/16 15:47:42 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
MOD - [2012/02/16 15:47:42 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll
MOD - [2012/02/16 15:47:27 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 15:47:25 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 15:47:25 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 15:47:24 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/02/16 15:42:51 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/02/16 15:42:45 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/16 15:42:45 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/16 15:42:42 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/16 15:42:38 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/02 19:45:36 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\cfba497fc860b32b8d895f57bf148aa7\Microsoft.VisualC.ni.dll
MOD - [2011/11/02 19:24:45 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
MOD - [2011/11/02 19:24:44 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/15 21:51:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/10 20:47:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MtxVxd.sys -- (MtxVxd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/11 17:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 17:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 17:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/11 09:02:31 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rig3avs.sys -- (rig3avs)
DRV - [2011/04/11 09:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rig3usb.sys -- (rig3usb_svc)
DRV - [2011/03/08 01:00:54 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/12/07 17:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010/12/07 15:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/10/20 19:38:52 | 000,110,824 | ---- | M] (PolderbitS Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pbsaudrv.sys -- (PbsAuDrv)
DRV - [2010/09/07 22:20:56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/09 17:41:18 | 000,061,424 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOutput.sys -- (mvkOutput)
DRV - [2010/03/09 17:41:18 | 000,054,256 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkTransfer.sys -- (mvkTransfer)
DRV - [2010/03/09 17:41:18 | 000,047,984 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkSystemClock.sys -- (mvkSystemClock)
DRV - [2010/03/09 17:41:16 | 006,627,184 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkBus.sys -- (mvkBus)
DRV - [2010/03/09 17:41:16 | 000,256,624 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOnBrdIOdsxle.sys -- (mvkOnBrdIOdsxle)
DRV - [2010/03/09 17:41:16 | 000,055,664 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMisc.sys -- (mvkMisc)
DRV - [2010/03/09 17:41:16 | 000,055,024 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkInput.sys -- (mvkInput)
DRV - [2010/03/09 17:41:16 | 000,047,600 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkLQScaler.sys -- (mvkLQScaler)
DRV - [2010/03/09 17:41:16 | 000,042,480 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMemManager.sys -- (mvkMemManager)
DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/18 10:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 10:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 14:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 14:46:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/01/01 04:02:44 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/11 03:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006/05/12 13:08:14 | 000,196,476 | ---- | M] (Canopus Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmkrnl.sys -- (stmkrnl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3007394
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.mlb.com/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {167d9323-f7cc-48f5-948a-6f012831a69f}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.2
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 21:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 20:58:47 | 000,000,000 | ---D | M]

[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions\[email protected]
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions
[2011/10/16 00:00:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/18 23:33:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2011/07/27 11:46:34 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\conduit.xml
[2011/03/08 01:00:48 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\daemon-search.xml
[2012/03/18 15:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 21:51:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/19 15:17:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/15 21:51:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 21:51:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/07/16 19:59:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R220 Series on MICHAEL-F15FBBC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: matrox.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86F73A98-24E4-456F-A10B-8E84EE3B482D}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/17 20:29:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/11 01:50:28 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 17:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Junction
[2012/07/16 23:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Western_Digital
[2012/07/16 21:28:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/16 21:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/07/16 21:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/07/16 21:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2012/07/16 19:42:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/16 19:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/16 19:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/16 19:40:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/16 19:40:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/16 19:40:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 19:40:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Administrative Tools
[2012/07/16 19:40:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/16 19:36:43 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/07/12 23:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/12 22:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/12 22:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/12 19:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2012/07/12 18:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/07/12 17:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/12 17:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/23 18:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/28 14:25:11 | 017,327,195 | ---- | C] (Mooii) -- C:\Program Files\PhotoScapeSetup_V3.5.exe
[2010/11/03 16:01:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Michael\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 17:03:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/17 17:01:40 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Junction.zip
[2012/07/17 16:54:34 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\MS Word.lnk
[2012/07/17 16:52:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/16 23:03:49 | 000,146,944 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/16 23:03:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/16 21:17:54 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/07/16 19:59:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/16 19:42:24 | 000,000,343 | RHS- | M] () -- C:\boot.ini
[2012/07/16 19:36:51 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/07/15 21:03:10 | 000,003,211 | ---- | M] () -- C:\WINDOWS\StmEdit.INI
[2012/07/15 21:03:10 | 000,001,573 | ---- | M] () -- C:\WINDOWS\CANOPUS.INI
[2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/07/15 16:08:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/15 14:51:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/12 23:59:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:45:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/12 23:34:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/11 17:30:10 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 16:24:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/10 23:17:34 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/07/07 15:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 19:26:01 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/28 19:45:15 | 000,001,372 | ---- | M] () -- C:\WINDOWS\StmVideo.INI
[2012/06/23 18:20:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 17:01:39 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Junction.zip
[2012/07/16 21:17:54 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/07/16 19:42:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/16 19:40:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/16 19:40:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/16 19:40:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/16 19:40:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/16 19:40:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/15 16:08:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/12 23:59:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:44:40 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/12 23:34:41 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 17:53:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/25 21:14:50 | 000,002,481 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/23 18:20:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/16 13:35:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/30 16:58:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/09 21:32:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/07/29 17:35:02 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/07/29 17:31:08 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/29 17:52:52 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2011/06/29 17:52:52 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2011/06/29 17:52:49 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/06/01 16:39:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/06/01 16:39:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/06/01 16:39:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2011/04/20 18:26:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2011/03/07 16:20:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2011/03/07 15:13:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/01/25 02:10:53 | 001,187,350 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-1450960922-725345543-1003-0.dat
[2011/01/25 02:10:53 | 000,335,358 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/13 23:29:20 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/27 16:56:38 | 000,001,121 | ---- | C] () -- C:\WINDOWS\stmaudio.INI
[2010/11/03 16:01:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.cat
[2010/11/03 16:01:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.inf
[2010/10/27 14:56:33 | 000,001,372 | ---- | C] () -- C:\WINDOWS\StmVideo.INI
[2010/10/26 23:23:57 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/23 17:40:25 | 000,146,944 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 19:38:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv64_32.dat
[2010/10/19 21:51:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010/10/18 23:52:30 | 000,127,743 | ---- | C] () -- C:\WINDOWS\hpgins24.dat
[2010/10/18 23:52:30 | 000,000,308 | ---- | C] () -- C:\WINDOWS\hpgmdl24.dat
[2010/10/18 19:15:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/18 19:15:45 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/18 19:15:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/18 00:22:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/17 21:51:17 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Michael\Adobe Encore_AME.pref
[2010/10/17 21:16:06 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/17 21:00:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/17 20:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/17 20:37:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat
[2010/10/17 20:31:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 20:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/17 19:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2010/10/17 19:31:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/17 19:31:52 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/17 19:31:52 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/17 19:31:52 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/17 19:31:52 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/17 19:31:52 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/17 19:31:52 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/17 19:31:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/17 19:31:52 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/17 19:31:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/17 19:30:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/10/17 19:30:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2010/10/17 19:05:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\stmconf.INI
[2010/10/17 19:03:48 | 000,003,211 | ---- | C] () -- C:\WINDOWS\StmEdit.INI
[2010/10/17 18:42:33 | 000,001,573 | ---- | C] () -- C:\WINDOWS\CANOPUS.INI
[2010/10/17 13:21:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/17 13:20:19 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/03/09 21:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/03/17 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/28 16:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/03/08 01:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/06/01 16:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2012/01/21 16:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/01/10 17:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/03/30 21:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/07/16 21:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/10/17 23:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/21 17:02:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
[2011/03/03 14:40:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2011/03/03 14:43:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/03/03 14:40:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2012/01/21 16:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2012/02/23 18:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\.keys
[2011/03/09 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Ableton
[2011/08/01 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\avidemux
[2012/03/02 00:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\calibre
[2011/03/08 01:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
[2012/07/01 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio
[2011/01/25 00:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2012/02/03 20:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gtk-2.0
[2011/07/27 20:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Gui4Cli
[2011/07/27 17:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HandBrake
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Image Zone Express
[2011/03/15 20:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2010/10/17 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PACE Anti-Piracy
[2011/07/28 14:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PhotoScape
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Printer Info Cache
[2011/03/30 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Publish Providers
[2011/03/30 21:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sony
[2011/02/11 00:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SystemRequirementsLab
[2012/03/07 00:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\uTorrent
[2010/11/03 16:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Vso
[2011/07/29 17:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WhiteSmoke
[2010/10/18 19:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search
[2012/02/23 16:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Custom Scans ==========

< "%userprofile%\desktop\junction.exe" -s /C >

< End of report >
  • 0

#6
azarl
Posted 18 July 2012 - 01:35 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Did you unzip Junction.exe onto your desktop? I can't see it.
  • 0

#7
mjlx
Posted 18 July 2012 - 03:21 PM

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Yes I did....The zip folder and the yellow folder are both on the desktop.......Do you want me to run OTL again?
  • 0

#8
azarl
Posted 19 July 2012 - 01:50 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
I think you've extracted it to a folder on the desktop called Junction. Could you drag junction.exe from that folder to the desktop please and then run that OTL scan again please.
  • 0

#9
mjlx
Posted 19 July 2012 - 02:45 PM

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok I pulled the file out of the folder and onto the desktop. Here is the new OTL scan. Also just a side note, for the past few days since I ran combofix Microsoft security Essentials wasn't picking anything up. But tonight when I came on it went back to doing what it was doing in the beginning except now it is only picking up Win32 Sirefef.AB


OTL logfile created on: 7/19/2012 4:29:48 PM - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.91% Memory free
4.94 Gb Paging File | 4.37 Gb Available in Paging File | 88.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 25.11 Gb Free Space | 8.42% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 223.51 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 46.65 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 17.19 Gb Free Space | 7.38% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-117087D | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 17:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 15:55:42 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\b1b57351a88c0c9c46bd9424347336ea\System.Management.ni.dll
MOD - [2012/02/16 15:55:37 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
MOD - [2012/02/16 15:47:42 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
MOD - [2012/02/16 15:47:42 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll
MOD - [2012/02/16 15:47:27 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 15:47:25 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 15:47:25 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 15:47:24 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/02/16 15:42:51 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/02/16 15:42:45 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/16 15:42:45 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/16 15:42:42 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/16 15:42:38 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/02 19:45:36 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\cfba497fc860b32b8d895f57bf148aa7\Microsoft.VisualC.ni.dll
MOD - [2011/11/02 19:24:45 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
MOD - [2011/11/02 19:24:44 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/15 21:51:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/10 20:47:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MtxVxd.sys -- (MtxVxd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/11 17:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 17:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 17:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/11 09:02:31 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rig3avs.sys -- (rig3avs)
DRV - [2011/04/11 09:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rig3usb.sys -- (rig3usb_svc)
DRV - [2011/03/08 01:00:54 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/12/07 17:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010/12/07 15:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/10/20 19:38:52 | 000,110,824 | ---- | M] (PolderbitS Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pbsaudrv.sys -- (PbsAuDrv)
DRV - [2010/09/07 22:20:56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/09 17:41:18 | 000,061,424 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOutput.sys -- (mvkOutput)
DRV - [2010/03/09 17:41:18 | 000,054,256 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkTransfer.sys -- (mvkTransfer)
DRV - [2010/03/09 17:41:18 | 000,047,984 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkSystemClock.sys -- (mvkSystemClock)
DRV - [2010/03/09 17:41:16 | 006,627,184 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkBus.sys -- (mvkBus)
DRV - [2010/03/09 17:41:16 | 000,256,624 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOnBrdIOdsxle.sys -- (mvkOnBrdIOdsxle)
DRV - [2010/03/09 17:41:16 | 000,055,664 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMisc.sys -- (mvkMisc)
DRV - [2010/03/09 17:41:16 | 000,055,024 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkInput.sys -- (mvkInput)
DRV - [2010/03/09 17:41:16 | 000,047,600 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkLQScaler.sys -- (mvkLQScaler)
DRV - [2010/03/09 17:41:16 | 000,042,480 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMemManager.sys -- (mvkMemManager)
DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/18 10:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 10:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 14:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 14:46:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/01/01 04:02:44 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/11 03:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006/05/12 13:08:14 | 000,196,476 | ---- | M] (Canopus Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmkrnl.sys -- (stmkrnl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3007394
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.mlb.com/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {167d9323-f7cc-48f5-948a-6f012831a69f}:3.6.0.10
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.2
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 21:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 20:58:47 | 000,000,000 | ---D | M]

[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions\[email protected]
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions
[2011/10/16 00:00:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/18 23:33:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2011/07/27 11:46:34 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\conduit.xml
[2011/03/08 01:00:48 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\daemon-search.xml
[2012/03/18 15:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 21:51:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/19 15:17:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/15 21:51:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 21:51:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/07/16 19:59:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R220 Series on MICHAEL-F15FBBC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: matrox.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86F73A98-24E4-456F-A10B-8E84EE3B482D}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/17 20:29:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/11 01:50:28 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 17:01:59 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Michael\Desktop\junction.exe
[2012/07/17 17:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Junction
[2012/07/16 23:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Western_Digital
[2012/07/16 21:28:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/16 21:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/07/16 21:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/07/16 21:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2012/07/16 19:42:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/16 19:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/16 19:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/16 19:40:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/16 19:40:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/16 19:40:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 19:40:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Administrative Tools
[2012/07/16 19:40:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/16 19:36:43 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/07/12 23:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/12 22:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/12 22:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/12 19:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2012/07/12 18:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/07/12 17:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/12 17:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/23 18:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/28 14:25:11 | 017,327,195 | ---- | C] (Mooii) -- C:\Program Files\PhotoScapeSetup_V3.5.exe
[2010/11/03 16:01:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Michael\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/19 16:27:27 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/19 16:17:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/18 22:23:22 | 000,001,573 | ---- | M] () -- C:\WINDOWS\CANOPUS.INI
[2012/07/18 22:23:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\StmVideo.INI
[2012/07/18 00:33:30 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\MS Word.lnk
[2012/07/18 00:08:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/17 22:59:58 | 000,003,242 | ---- | M] () -- C:\WINDOWS\StmEdit.INI
[2012/07/17 17:01:40 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Junction.zip
[2012/07/16 23:03:49 | 000,146,944 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/16 21:17:54 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/07/16 19:59:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/16 19:42:24 | 000,000,343 | RHS- | M] () -- C:\boot.ini
[2012/07/16 19:36:51 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/07/15 16:08:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/15 14:51:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/12 23:59:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:45:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/12 23:34:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/11 17:30:10 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 16:24:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/10 23:17:34 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/07/07 15:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 19:26:01 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/23 18:20:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/17 17:01:39 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Junction.zip
[2012/07/16 21:17:54 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/07/16 19:42:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/16 19:40:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/16 19:40:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/16 19:40:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/16 19:40:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/16 19:40:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/15 16:08:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/12 23:59:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:44:40 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/12 23:34:41 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 17:53:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/25 21:14:50 | 000,002,481 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/23 18:20:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/16 13:35:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/30 16:58:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/09 21:32:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/07/29 17:35:02 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/07/29 17:31:08 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/29 17:52:52 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2011/06/29 17:52:52 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2011/06/29 17:52:49 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/06/01 16:39:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/06/01 16:39:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/06/01 16:39:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2011/04/20 18:26:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2011/03/07 16:20:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2011/03/07 15:13:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/01/25 02:10:53 | 001,187,350 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-1450960922-725345543-1003-0.dat
[2011/01/25 02:10:53 | 000,335,358 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/13 23:29:20 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/27 16:56:38 | 000,001,121 | ---- | C] () -- C:\WINDOWS\stmaudio.INI
[2010/11/03 16:01:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.cat
[2010/11/03 16:01:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.inf
[2010/10/27 14:56:33 | 000,001,393 | ---- | C] () -- C:\WINDOWS\StmVideo.INI
[2010/10/26 23:23:57 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/23 17:40:25 | 000,146,944 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 19:38:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv64_32.dat
[2010/10/19 21:51:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010/10/18 23:52:30 | 000,127,743 | ---- | C] () -- C:\WINDOWS\hpgins24.dat
[2010/10/18 23:52:30 | 000,000,308 | ---- | C] () -- C:\WINDOWS\hpgmdl24.dat
[2010/10/18 19:15:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/18 19:15:45 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/18 19:15:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/18 00:22:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/17 21:51:17 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Michael\Adobe Encore_AME.pref
[2010/10/17 21:16:06 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/17 21:00:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/17 20:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/17 20:37:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat
[2010/10/17 20:31:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 20:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/17 19:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2010/10/17 19:31:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/17 19:31:52 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/17 19:31:52 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/17 19:31:52 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/17 19:31:52 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/17 19:31:52 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/17 19:31:52 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/17 19:31:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/17 19:31:52 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/17 19:31:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/17 19:30:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/10/17 19:30:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2010/10/17 19:05:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\stmconf.INI
[2010/10/17 19:03:48 | 000,003,242 | ---- | C] () -- C:\WINDOWS\StmEdit.INI
[2010/10/17 18:42:33 | 000,001,573 | ---- | C] () -- C:\WINDOWS\CANOPUS.INI
[2010/10/17 13:21:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/17 13:20:19 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/03/09 21:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/03/17 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/28 16:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/03/08 01:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/06/01 16:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2012/01/21 16:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/01/10 17:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/03/30 21:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/07/16 21:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/10/17 23:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/21 17:02:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
[2011/03/03 14:40:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2011/03/03 14:43:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/03/03 14:40:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2012/01/21 16:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2012/02/23 18:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\.keys
[2011/03/09 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Ableton
[2011/08/01 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\avidemux
[2012/03/02 00:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\calibre
[2011/03/08 01:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
[2012/07/01 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio
[2011/01/25 00:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2012/02/03 20:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gtk-2.0
[2011/07/27 20:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Gui4Cli
[2011/07/27 17:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HandBrake
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Image Zone Express
[2011/03/15 20:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2010/10/17 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PACE Anti-Piracy
[2011/07/28 14:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PhotoScape
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Printer Info Cache
[2011/03/30 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Publish Providers
[2011/03/30 21:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sony
[2011/02/11 00:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SystemRequirementsLab
[2012/03/07 00:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\uTorrent
[2010/11/03 16:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Vso
[2011/07/29 17:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WhiteSmoke
[2010/10/18 19:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search
[2012/02/23 16:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Xilisoft Corporation

========== Purity Check ==========



========== Custom Scans ==========

< "%userprofile%\desktop\junction.exe" -s /C >

< End of report >

Edited by mjlx, 19 July 2012 - 04:48 PM.

  • 0

#10
azarl
Posted 20 July 2012 - 05:37 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
There's more to do yet

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..extensions.enabledItems: {167d9323-f7cc-48f5-948a-6f012831a69f}:3.6.0.10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3007394
IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.

:files
%userprofile%\desktop\junction.exe -s /C

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next ...
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

Advertisements

#11
mjlx
Posted 20 July 2012 - 07:02 AM

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here are the the two OTL Logs and the TDSSkiler Log.


All processes killed
========== OTL ==========
Prefs.js: "WhiteSmoke Bar Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: {167d9323-f7cc-48f5-948a-6f012831a69f}:3.6.0.10 removed from extensions.enabledItems
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{167d9323-f7cc-48f5-948a-6f012831a69f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{167D9323-F7CC-48F5-948A-6F012831A69F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167D9323-F7CC-48F5-948A-6F012831A69F}\ not found.
========== FILES ==========
< %userprofile%\desktop\junction.exe -s /C >
C:\Documents and Settings\Michael\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Michael\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 9027718 bytes
->Java cache emptied: 65275 bytes
->Flash cache emptied: 23393 bytes

User: Michael
->Temp folder emptied: 832947 bytes
->Temporary Internet Files folder emptied: 1160771 bytes
->Java cache emptied: 886470 bytes
->FireFox cache emptied: 253730447 bytes
->Google Chrome cache emptied: 6701836 bytes
->Flash cache emptied: 141543 bytes

User: NetworkService
->Temp folder emptied: 26242 bytes
->Temporary Internet Files folder emptied: 3588230 bytes
->Flash cache emptied: 2562 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1258425 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 240640 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44296962 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 4132909078 bytes

Total Files Cleaned = 4,249.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07202012_082948

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




OTL logfile created on: 7/20/2012 8:36:15 AM - Run 5
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 81.29% Memory free
4.94 Gb Paging File | 4.41 Gb Available in Paging File | 89.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 28.62 Gb Free Space | 9.60% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 223.51 Gb Free Space | 95.98% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 46.65 Gb Free Space | 10.02% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 17.20 Gb Free Space | 7.39% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-117087D | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 17:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/16 19:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/16 18:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 15:55:42 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\b1b57351a88c0c9c46bd9424347336ea\System.Management.ni.dll
MOD - [2012/02/16 15:55:37 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7c73ac0ffec7d226ca3dac70df184f18\System.ServiceModel.ni.dll
MOD - [2012/02/16 15:47:42 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
MOD - [2012/02/16 15:47:42 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll
MOD - [2012/02/16 15:47:27 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 15:47:25 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 15:47:25 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 15:47:24 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
MOD - [2012/02/16 15:42:51 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
MOD - [2012/02/16 15:42:45 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/16 15:42:45 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/16 15:42:42 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/16 15:42:38 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/02 19:45:36 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\cfba497fc860b32b8d895f57bf148aa7\Microsoft.VisualC.ni.dll
MOD - [2011/11/02 19:24:44 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:29:38 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
MOD - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/15 21:51:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/11 17:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/04/07 11:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2011/03/09 11:18:06 | 001,060,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2008/08/15 06:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007/01/31 17:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/10 20:47:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MtxVxd.sys -- (MtxVxd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/11 17:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/03/11 17:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 17:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/04/11 09:02:31 | 000,346,192 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rig3avs.sys -- (rig3avs)
DRV - [2011/04/11 09:02:31 | 000,095,312 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rig3usb.sys -- (rig3usb_svc)
DRV - [2011/03/08 01:00:54 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/12/07 17:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010/12/07 15:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/10/20 19:38:52 | 000,110,824 | ---- | M] (PolderbitS Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pbsaudrv.sys -- (PbsAuDrv)
DRV - [2010/09/07 22:20:56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/09 17:41:18 | 000,061,424 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOutput.sys -- (mvkOutput)
DRV - [2010/03/09 17:41:18 | 000,054,256 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkTransfer.sys -- (mvkTransfer)
DRV - [2010/03/09 17:41:18 | 000,047,984 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkSystemClock.sys -- (mvkSystemClock)
DRV - [2010/03/09 17:41:16 | 006,627,184 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkBus.sys -- (mvkBus)
DRV - [2010/03/09 17:41:16 | 000,256,624 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkOnBrdIOdsxle.sys -- (mvkOnBrdIOdsxle)
DRV - [2010/03/09 17:41:16 | 000,055,664 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMisc.sys -- (mvkMisc)
DRV - [2010/03/09 17:41:16 | 000,055,024 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkInput.sys -- (mvkInput)
DRV - [2010/03/09 17:41:16 | 000,047,600 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkLQScaler.sys -- (mvkLQScaler)
DRV - [2010/03/09 17:41:16 | 000,042,480 | ---- | M] (Matrox Electronic Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvkMemManager.sys -- (mvkMemManager)
DRV - [2010/02/17 20:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/18 10:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 10:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 14:46:08 | 000,049,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/04/13 14:46:08 | 000,013,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2008/01/01 04:02:44 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/11/11 03:25:20 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2006/05/12 13:08:14 | 000,196,476 | ---- | M] (Canopus Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmkrnl.sys -- (stmkrnl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3007394
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.mlb.com/"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.2
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 21:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 20:58:47 | 000,000,000 | ---D | M]

[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/10/29 20:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions\[email protected]
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions
[2011/10/16 00:00:58 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/18 23:33:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/07 18:53:52 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2011/07/27 11:46:34 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\conduit.xml
[2011/03/08 01:00:48 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\19lkp2ad.default\searchplugins\daemon-search.xml
[2012/03/18 15:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 21:51:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/19 15:17:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/15 21:51:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 21:51:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/07/16 19:59:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus Photo R220 Series on MICHAEL-F15FBBC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Save the YouTube video as MP3 - C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: matrox.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86F73A98-24E4-456F-A10B-8E84EE3B482D}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/17 20:29:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/11 01:50:28 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 08:29:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/17 17:01:59 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Michael\Desktop\junction.exe
[2012/07/17 17:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Junction
[2012/07/16 23:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Western_Digital
[2012/07/16 21:28:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/16 21:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/07/16 21:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/07/16 21:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2012/07/16 19:42:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/16 19:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/16 19:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/16 19:40:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/16 19:40:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/16 19:40:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 19:40:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Administrative Tools
[2012/07/16 19:40:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/16 19:36:43 | 004,579,127 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/07/12 23:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/12 22:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/12 22:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/12 19:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2012/07/12 18:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/07/12 17:50:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/12 17:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/23 18:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/28 14:25:11 | 017,327,195 | ---- | C] (Mooii) -- C:\Program Files\PhotoScapeSetup_V3.5.exe
[2010/11/03 16:01:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Michael\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/20 08:33:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/19 17:10:28 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\MS Word.lnk
[2012/07/19 16:27:27 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/18 22:23:22 | 000,001,573 | ---- | M] () -- C:\WINDOWS\CANOPUS.INI
[2012/07/18 22:23:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\StmVideo.INI
[2012/07/18 00:08:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/17 22:59:58 | 000,003,242 | ---- | M] () -- C:\WINDOWS\StmEdit.INI
[2012/07/17 17:01:40 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Junction.zip
[2012/07/16 23:03:49 | 000,146,944 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/16 21:17:54 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/07/16 19:59:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/16 19:42:24 | 000,000,343 | RHS- | M] () -- C:\boot.ini
[2012/07/16 19:36:51 | 004,579,127 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\ComboFix.exe
[2012/07/15 16:47:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2012/07/15 16:08:12 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/15 14:51:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/12 23:59:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:45:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/12 23:34:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/07/11 17:30:10 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 16:24:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/10 23:17:34 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/07/07 15:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 19:26:01 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/23 18:20:49 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/07/17 17:01:39 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Junction.zip
[2012/07/16 21:17:54 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2012/07/16 19:42:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/16 19:40:27 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/16 19:40:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/16 19:40:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/16 19:40:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/16 19:40:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/15 16:08:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\f7ofckx7.exe
[2012/07/12 23:59:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 23:44:40 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/12 23:34:41 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 17:53:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/25 21:14:50 | 000,002,481 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Microsoft Excel (2).lnk
[2012/06/23 18:20:49 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/16 13:35:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/30 16:58:13 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/09 21:32:22 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/07/29 17:35:02 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/07/29 17:31:08 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/06/29 17:52:52 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2011/06/29 17:52:52 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2011/06/29 17:52:49 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/06/01 16:39:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/06/01 16:39:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/06/01 16:39:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/06/01 16:39:11 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2011/04/20 18:26:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2011/03/07 16:20:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2011/03/07 15:13:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2011/01/25 02:10:53 | 001,187,350 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-1450960922-725345543-1003-0.dat
[2011/01/25 02:10:53 | 000,335,358 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/13 23:29:20 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/27 16:56:38 | 000,001,121 | ---- | C] () -- C:\WINDOWS\stmaudio.INI
[2010/11/03 16:01:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.cat
[2010/11/03 16:01:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.inf
[2010/10/27 14:56:33 | 000,001,393 | ---- | C] () -- C:\WINDOWS\StmVideo.INI
[2010/10/26 23:23:57 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/10/23 17:40:25 | 000,146,944 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 19:38:52 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv64_32.dat
[2010/10/19 21:51:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010/10/18 23:52:30 | 000,127,743 | ---- | C] () -- C:\WINDOWS\hpgins24.dat
[2010/10/18 23:52:30 | 000,000,308 | ---- | C] () -- C:\WINDOWS\hpgmdl24.dat
[2010/10/18 19:15:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/18 19:15:45 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/18 19:15:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/18 00:22:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/17 21:51:17 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Michael\Adobe Encore_AME.pref
[2010/10/17 21:16:06 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/17 21:00:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/17 20:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/17 20:37:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\fusioncache.dat
[2010/10/17 20:31:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 20:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/17 19:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2010/10/17 19:31:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/10/17 19:31:52 | 000,060,565 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/10/17 19:31:52 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/10/17 19:31:52 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/10/17 19:31:52 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/10/17 19:31:52 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/10/17 19:31:52 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/10/17 19:31:52 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/10/17 19:31:52 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/10/17 19:31:52 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/10/17 19:31:52 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/10/17 19:31:52 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/10/17 19:30:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2010/10/17 19:30:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPR220.ini
[2010/10/17 19:05:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\stmconf.INI
[2010/10/17 19:03:48 | 000,003,242 | ---- | C] () -- C:\WINDOWS\StmEdit.INI
[2010/10/17 18:42:33 | 000,001,573 | ---- | C] () -- C:\WINDOWS\CANOPUS.INI
[2010/10/17 13:21:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/17 13:20:19 | 000,347,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/03/09 21:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2011/03/17 10:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/12/28 16:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/03/08 01:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/06/01 16:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2012/01/21 16:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2012/01/10 17:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/03/30 21:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012/07/16 21:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/10/17 23:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/21 17:02:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}
[2011/03/03 14:40:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2011/03/03 14:43:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2011/03/03 14:40:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2012/01/21 16:56:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}
[2012/02/23 18:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\.keys
[2011/03/09 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Ableton
[2011/08/01 21:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\avidemux
[2012/03/02 00:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\calibre
[2011/03/08 01:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Lite
[2011/03/08 00:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
[2012/07/01 17:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Free YouTube to MP3 Converter Studio
[2011/01/25 00:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\GARMIN
[2012/02/03 20:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\gtk-2.0
[2011/07/27 20:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Gui4Cli
[2011/07/27 17:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\HandBrake
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Image Zone Express
[2011/03/15 20:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ImgBurn
[2010/10/17 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Leadertech
[2011/03/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PACE Anti-Piracy
[2011/07/28 14:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PhotoScape
[2010/10/18 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Printer Info Cache
[2011/03/30 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Publish Providers
[2011/03/30 21:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sony
[2011/02/11 00:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SystemRequirementsLab
[2012/03/07 00:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\uTorrent
[2010/11/03 16:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Vso
[2011/07/29 17:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WhiteSmoke
[2010/10/18 19:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Windows Search
[2012/02/23 16:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Xilisoft Corporation

========== Purity Check ==========



< End of report >






08:54:33.0171 1840 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
08:54:33.0453 1840 ============================================================
08:54:33.0453 1840 Current date / time: 2012/07/20 08:54:33.0453
08:54:33.0453 1840 SystemInfo:
08:54:33.0453 1840
08:54:33.0453 1840 OS Version: 5.1.2600 ServicePack: 3.0
08:54:33.0453 1840 Product type: Workstation
08:54:33.0453 1840 ComputerName: MICHAEL-117087D
08:54:33.0453 1840 UserName: Michael
08:54:33.0453 1840 Windows directory: C:\WINDOWS
08:54:33.0453 1840 System windows directory: C:\WINDOWS
08:54:33.0453 1840 Processor architecture: Intel x86
08:54:33.0453 1840 Number of processors: 2
08:54:33.0453 1840 Page size: 0x1000
08:54:33.0453 1840 Boot type: Normal boot
08:54:33.0453 1840 ============================================================
08:54:35.0140 1840 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:54:35.0140 1840 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:54:35.0156 1840 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:54:35.0156 1840 Drive \Device\Harddisk3\DR3 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:54:35.0359 1840 ============================================================
08:54:35.0359 1840 \Device\Harddisk0\DR0:
08:54:35.0359 1840 MBR partitions:
08:54:35.0359 1840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
08:54:35.0359 1840 \Device\Harddisk1\DR1:
08:54:35.0359 1840 MBR partitions:
08:54:35.0359 1840 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
08:54:35.0359 1840 \Device\Harddisk2\DR2:
08:54:35.0375 1840 MBR partitions:
08:54:35.0375 1840 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
08:54:35.0375 1840 \Device\Harddisk3\DR3:
08:54:35.0375 1840 MBR partitions:
08:54:35.0375 1840 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
08:54:35.0375 1840 ============================================================
08:54:35.0390 1840 C: <-> \Device\Harddisk2\DR2\Partition0
08:54:35.0406 1840 F: <-> \Device\Harddisk1\DR1\Partition0
08:54:35.0468 1840 E: <-> \Device\Harddisk0\DR0\Partition0
08:54:35.0562 1840 D: <-> \Device\Harddisk3\DR3\Partition0
08:54:35.0562 1840 ============================================================
08:54:35.0562 1840 Initialize success
08:54:35.0562 1840 ============================================================
08:55:58.0593 2780 ============================================================
08:55:58.0593 2780 Scan started
08:55:58.0593 2780 Mode: Manual; SigCheck; TDLFS;
08:55:58.0593 2780 ============================================================
08:55:58.0984 2780 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
08:55:59.0703 2780 61883 - ok
08:55:59.0703 2780 Abiosdsk - ok
08:55:59.0703 2780 abp480n5 - ok
08:55:59.0734 2780 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:55:59.0828 2780 ACPI - ok
08:55:59.0875 2780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:55:59.0937 2780 ACPIEC - ok
08:55:59.0968 2780 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
08:55:59.0984 2780 adfs - ok
08:56:00.0140 2780 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
08:56:00.0171 2780 Adobe Version Cue CS4 - ok
08:56:00.0171 2780 adpu160m - ok
08:56:00.0203 2780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:56:00.0281 2780 aec - ok
08:56:00.0328 2780 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:56:00.0390 2780 AFD - ok
08:56:00.0390 2780 Aha154x - ok
08:56:00.0390 2780 aic78u2 - ok
08:56:00.0390 2780 aic78xx - ok
08:56:00.0421 2780 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:56:00.0500 2780 Alerter - ok
08:56:00.0515 2780 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:56:00.0562 2780 ALG - ok
08:56:00.0562 2780 AliIde - ok
08:56:00.0687 2780 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
08:56:00.0781 2780 Ambfilt - ok
08:56:00.0890 2780 amsint - ok
08:56:01.0000 2780 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:56:01.0015 2780 Apple Mobile Device - ok
08:56:01.0062 2780 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:56:01.0125 2780 AppMgmt - ok
08:56:01.0140 2780 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:56:01.0234 2780 Arp1394 - ok
08:56:01.0234 2780 asc - ok
08:56:01.0234 2780 asc3350p - ok
08:56:01.0234 2780 asc3550 - ok
08:56:01.0437 2780 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:56:01.0484 2780 aspnet_state - ok
08:56:01.0500 2780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:56:01.0578 2780 AsyncMac - ok
08:56:01.0625 2780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:56:01.0703 2780 atapi - ok
08:56:01.0703 2780 Atdisk - ok
08:56:01.0750 2780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:56:01.0828 2780 Atmarpc - ok
08:56:01.0875 2780 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:56:01.0953 2780 AudioSrv - ok
08:56:02.0000 2780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:56:02.0156 2780 audstub - ok
08:56:02.0187 2780 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
08:56:02.0281 2780 Avc - ok
08:56:02.0328 2780 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
08:56:02.0421 2780 AVCSTRM - ok
08:56:02.0437 2780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:56:02.0531 2780 Beep - ok
08:56:02.0578 2780 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:56:02.0718 2780 BITS - ok
08:56:02.0796 2780 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:56:02.0812 2780 Bonjour Service - ok
08:56:02.0843 2780 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:56:02.0937 2780 Browser - ok
08:56:02.0984 2780 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
08:56:03.0000 2780 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
08:56:03.0000 2780 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
08:56:03.0000 2780 catchme - ok
08:56:03.0031 2780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:56:03.0125 2780 cbidf2k - ok
08:56:03.0156 2780 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
08:56:03.0171 2780 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
08:56:03.0171 2780 CCALib8 - detected UnsignedFile.Multi.Generic (1)
08:56:03.0171 2780 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:56:03.0265 2780 CCDECODE - ok
08:56:03.0265 2780 cd20xrnt - ok
08:56:03.0296 2780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:56:03.0390 2780 Cdaudio - ok
08:56:03.0421 2780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:56:03.0500 2780 Cdfs - ok
08:56:03.0515 2780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:56:03.0593 2780 Cdrom - ok
08:56:03.0625 2780 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
08:56:03.0656 2780 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
08:56:03.0656 2780 cercsr6 - detected UnsignedFile.Multi.Generic (1)
08:56:03.0656 2780 Changer - ok
08:56:03.0671 2780 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:56:03.0750 2780 CiSvc - ok
08:56:03.0781 2780 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:56:03.0859 2780 ClipSrv - ok
08:56:03.0984 2780 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:56:04.0046 2780 clr_optimization_v2.0.50727_32 - ok
08:56:04.0140 2780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:56:04.0187 2780 clr_optimization_v4.0.30319_32 - ok
08:56:04.0328 2780 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
08:56:04.0390 2780 cmdAgent - ok
08:56:04.0531 2780 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
08:56:04.0656 2780 cmdGuard - ok
08:56:04.0687 2780 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
08:56:04.0734 2780 cmdHlp - ok
08:56:04.0750 2780 CmdIde - ok
08:56:04.0750 2780 COMSysApp - ok
08:56:04.0750 2780 Cpqarray - ok
08:56:04.0765 2780 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:56:04.0859 2780 CryptSvc - ok
08:56:04.0859 2780 dac2w2k - ok
08:56:04.0859 2780 dac960nt - ok
08:56:04.0921 2780 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:56:04.0968 2780 DcomLaunch - ok
08:56:05.0171 2780 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:56:05.0250 2780 Dhcp - ok
08:56:05.0296 2780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:56:05.0375 2780 Disk - ok
08:56:05.0390 2780 dmadmin - ok
08:56:05.0437 2780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:56:05.0546 2780 dmboot - ok
08:56:05.0546 2780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:56:05.0640 2780 dmio - ok
08:56:05.0671 2780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:56:05.0734 2780 dmload - ok
08:56:05.0765 2780 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:56:05.0843 2780 dmserver - ok
08:56:05.0890 2780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:56:05.0968 2780 DMusic - ok
08:56:06.0015 2780 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:56:06.0062 2780 Dnscache - ok
08:56:06.0109 2780 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:56:06.0203 2780 Dot3svc - ok
08:56:06.0203 2780 dpti2o - ok
08:56:06.0218 2780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:56:06.0296 2780 drmkaud - ok
08:56:06.0328 2780 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
08:56:06.0343 2780 dtsoftbus01 - ok
08:56:06.0375 2780 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:56:06.0453 2780 EapHost - ok
08:56:06.0531 2780 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
08:56:06.0562 2780 ehRecvr - ok
08:56:06.0609 2780 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
08:56:06.0640 2780 ehSched - ok
08:56:06.0671 2780 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:56:06.0750 2780 ERSvc - ok
08:56:06.0796 2780 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:56:06.0812 2780 Eventlog - ok
08:56:06.0859 2780 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:56:06.0906 2780 EventSystem - ok
08:56:06.0937 2780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:56:07.0015 2780 Fastfat - ok
08:56:07.0046 2780 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:56:07.0093 2780 FastUserSwitchingCompatibility - ok
08:56:07.0125 2780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:56:07.0203 2780 Fdc - ok
08:56:07.0218 2780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:56:07.0312 2780 Fips - ok
08:56:07.0406 2780 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:56:07.0453 2780 FLEXnet Licensing Service - ok
08:56:07.0453 2780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:56:07.0546 2780 Flpydisk - ok
08:56:07.0593 2780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:56:07.0671 2780 FltMgr - ok
08:56:07.0781 2780 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:56:07.0796 2780 FontCache3.0.0.0 - ok
08:56:07.0828 2780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:56:07.0906 2780 Fs_Rec - ok
08:56:07.0953 2780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:56:08.0015 2780 Ftdisk - ok
08:56:08.0046 2780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:56:08.0062 2780 GEARAspiWDM - ok
08:56:08.0109 2780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:56:08.0171 2780 Gpc - ok
08:56:08.0218 2780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:56:08.0296 2780 HDAudBus - ok
08:56:08.0406 2780 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:56:08.0468 2780 helpsvc - ok
08:56:08.0484 2780 HidServ - ok
08:56:08.0484 2780 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:56:08.0562 2780 hidusb - ok
08:56:08.0609 2780 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:56:08.0703 2780 hkmsvc - ok
08:56:08.0703 2780 hpn - ok
08:56:08.0828 2780 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:56:08.0828 2780 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
08:56:08.0828 2780 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
08:56:08.0875 2780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:56:08.0921 2780 HTTP - ok
08:56:08.0968 2780 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:56:09.0046 2780 HTTPFilter - ok
08:56:09.0062 2780 i2omgmt - ok
08:56:09.0062 2780 i2omp - ok
08:56:09.0125 2780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:56:09.0218 2780 i8042prt - ok
08:56:09.0328 2780 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:56:09.0375 2780 idsvc - ok
08:56:09.0406 2780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:56:09.0468 2780 Imapi - ok
08:56:09.0515 2780 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:56:09.0578 2780 ImapiService - ok
08:56:09.0593 2780 ini910u - ok
08:56:09.0625 2780 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
08:56:09.0703 2780 Inspect - ok
08:56:10.0015 2780 IntcAzAudAddService (f6f61cf1e7e72806ce9200a33d81e150) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:56:10.0234 2780 IntcAzAudAddService - ok
08:56:10.0328 2780 IntelIde - ok
08:56:10.0359 2780 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:56:10.0437 2780 intelppm - ok
08:56:10.0468 2780 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:56:10.0562 2780 Ip6Fw - ok
08:56:10.0593 2780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:56:10.0687 2780 IpFilterDriver - ok
08:56:10.0718 2780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:56:10.0796 2780 IpInIp - ok
08:56:10.0812 2780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:56:10.0906 2780 IpNat - ok
08:56:11.0015 2780 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
08:56:11.0046 2780 iPod Service - ok
08:56:11.0093 2780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:56:11.0171 2780 IPSec - ok
08:56:11.0203 2780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:56:11.0234 2780 IRENUM - ok
08:56:11.0265 2780 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:56:11.0343 2780 isapnp - ok
08:56:11.0421 2780 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
08:56:11.0437 2780 JavaQuickStarterService - ok
08:56:11.0453 2780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:56:11.0562 2780 Kbdclass - ok
08:56:11.0578 2780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:56:11.0656 2780 kmixer - ok
08:56:11.0687 2780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:56:11.0718 2780 KSecDD - ok
08:56:11.0765 2780 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:56:11.0796 2780 lanmanserver - ok
08:56:11.0812 2780 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:56:11.0859 2780 lanmanworkstation - ok
08:56:11.0859 2780 lbrtfdc - ok
08:56:11.0921 2780 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:56:12.0000 2780 LmHosts - ok
08:56:12.0140 2780 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\WINDOWS\system32\DRIVERS\MAudioFastTrack.sys
08:56:12.0171 2780 MAUSBFASTTRACK - ok
08:56:12.0234 2780 MAUSBFASTTRACKPRO (050af61670d668610f27aa2c99996afd) C:\WINDOWS\system32\DRIVERS\MAudioFastTrackPro.sys
08:56:12.0265 2780 MAUSBFASTTRACKPRO - ok
08:56:12.0281 2780 mcdbus - ok
08:56:12.0359 2780 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
08:56:12.0375 2780 McrdSvc - ok
08:56:12.0421 2780 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:56:12.0515 2780 Messenger - ok
08:56:12.0531 2780 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
08:56:12.0578 2780 MHN ( UnsignedFile.Multi.Generic ) - warning
08:56:12.0578 2780 MHN - detected UnsignedFile.Multi.Generic (1)
08:56:12.0578 2780 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:56:12.0593 2780 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
08:56:12.0593 2780 MHNDRV - detected UnsignedFile.Multi.Generic (1)
08:56:12.0625 2780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:56:12.0687 2780 mnmdd - ok
08:56:12.0750 2780 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:56:12.0828 2780 mnmsrvc - ok
08:56:12.0875 2780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:56:12.0953 2780 Modem - ok
08:56:13.0062 2780 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
08:56:13.0156 2780 Monfilt - ok
08:56:13.0296 2780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:56:13.0375 2780 Mouclass - ok
08:56:13.0390 2780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:56:13.0484 2780 mouhid - ok
08:56:13.0500 2780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:56:13.0578 2780 MountMgr - ok
08:56:13.0687 2780 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:56:13.0703 2780 MozillaMaintenance - ok
08:56:13.0734 2780 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:56:13.0750 2780 MpFilter - ok
08:56:13.0921 2780 MpKsl6bfd5eec (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D764EA51-03D8-4B0F-8BD1-6810B1D10D29}\MpKsl6bfd5eec.sys
08:56:13.0937 2780 MpKsl6bfd5eec - ok
08:56:13.0937 2780 mraid35x - ok
08:56:13.0953 2780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:56:14.0031 2780 MRxDAV - ok
08:56:14.0078 2780 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:56:14.0140 2780 MRxSmb - ok
08:56:14.0171 2780 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:56:14.0265 2780 MSDTC - ok
08:56:14.0312 2780 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
08:56:14.0390 2780 MSDV - ok
08:56:14.0421 2780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:56:14.0484 2780 Msfs - ok
08:56:14.0500 2780 MSIServer - ok
08:56:14.0515 2780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:56:14.0593 2780 MSKSSRV - ok
08:56:14.0656 2780 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:56:14.0656 2780 MsMpSvc - ok
08:56:14.0671 2780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:56:14.0750 2780 MSPCLOCK - ok
08:56:14.0765 2780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:56:14.0843 2780 MSPQM - ok
08:56:14.0859 2780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:56:14.0921 2780 mssmbios - ok
08:56:14.0937 2780 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
08:56:15.0015 2780 MSTAPE - ok
08:56:15.0156 2780 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:56:15.0265 2780 MSTEE - ok
08:56:15.0265 2780 MtxVxd - ok
08:56:15.0281 2780 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:56:15.0312 2780 Mup - ok
08:56:15.0640 2780 mvkBus (b090049ba20bce39f5407661a33abeca) C:\WINDOWS\system32\DRIVERS\mvkBus.sys
08:56:15.0890 2780 mvkBus - ok
08:56:16.0000 2780 mvkInput (bd5920d85204c52a88b448aeca6d0514) C:\WINDOWS\system32\DRIVERS\mvkInput.sys
08:56:16.0046 2780 mvkInput - ok
08:56:16.0062 2780 mvkLQScaler (ec552a202a9598e1c96670daf53dfe22) C:\WINDOWS\system32\DRIVERS\mvkLQScaler.sys
08:56:16.0093 2780 mvkLQScaler - ok
08:56:16.0125 2780 mvkMemManager (160facbaf0d21ea53577f64e8af02581) C:\WINDOWS\system32\DRIVERS\mvkMemManager.sys
08:56:16.0156 2780 mvkMemManager - ok
08:56:16.0187 2780 mvkMisc (3bc23c3e53e63675828ccd3fb826b68e) C:\WINDOWS\system32\DRIVERS\mvkMisc.sys
08:56:16.0234 2780 mvkMisc - ok
08:56:16.0265 2780 mvkOnBrdIOdsxle (355353dd9596e3880d91e1ea2836c7f8) C:\WINDOWS\system32\DRIVERS\mvkOnBrdIOdsxle.sys
08:56:16.0296 2780 mvkOnBrdIOdsxle - ok
08:56:16.0312 2780 mvkOutput (2662ba3fcf351d02eb935fb8f9a2db1f) C:\WINDOWS\system32\DRIVERS\mvkOutput.sys
08:56:16.0359 2780 mvkOutput - ok
08:56:16.0359 2780 mvkSystemClock (b1931eedd99173b7bb131bd29c960bce) C:\WINDOWS\system32\DRIVERS\mvkSystemClock.sys
08:56:16.0390 2780 mvkSystemClock - ok
08:56:16.0437 2780 mvkTransfer (73c6c587007b51f6e6404d2727a562a2) C:\WINDOWS\system32\DRIVERS\mvkTransfer.sys
08:56:16.0468 2780 mvkTransfer - ok
08:56:16.0500 2780 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:56:16.0593 2780 NABTSFEC - ok
08:56:16.0671 2780 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:56:16.0750 2780 napagent - ok
08:56:16.0906 2780 NBService (87a00faedd703d8d2bdcb29ce5eeea6b) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
08:56:16.0968 2780 NBService ( UnsignedFile.Multi.Generic ) - warning
08:56:16.0968 2780 NBService - detected UnsignedFile.Multi.Generic (1)
08:56:17.0015 2780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:56:17.0109 2780 NDIS - ok
08:56:17.0125 2780 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:56:17.0203 2780 NdisIP - ok
08:56:17.0250 2780 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:56:17.0296 2780 NdisTapi - ok
08:56:17.0328 2780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:56:17.0406 2780 Ndisuio - ok
08:56:17.0406 2780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:56:17.0484 2780 NdisWan - ok
08:56:17.0531 2780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:56:17.0578 2780 NDProxy - ok
08:56:17.0609 2780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:56:17.0703 2780 NetBIOS - ok
08:56:17.0734 2780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:56:17.0812 2780 NetBT - ok
08:56:17.0859 2780 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:56:17.0937 2780 NetDDE - ok
08:56:17.0953 2780 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:56:18.0015 2780 NetDDEdsdm - ok
08:56:18.0031 2780 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:56:18.0093 2780 Netlogon - ok
08:56:18.0140 2780 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:56:18.0234 2780 Netman - ok
08:56:18.0343 2780 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:56:18.0343 2780 NetTcpPortSharing - ok
08:56:18.0375 2780 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:56:18.0468 2780 NIC1394 - ok
08:56:18.0765 2780 NIHardwareService (bd7a1d7bef2c0fde73f7b87971ed9d2f) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
08:56:18.0859 2780 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
08:56:18.0859 2780 NIHardwareService - detected UnsignedFile.Multi.Generic (1)
08:56:18.0984 2780 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:56:19.0062 2780 Nla - ok
08:56:19.0171 2780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:56:19.0250 2780 Npfs - ok
08:56:19.0281 2780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:56:19.0359 2780 Ntfs - ok
08:56:19.0390 2780 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:56:19.0468 2780 NtLmSsp - ok
08:56:19.0515 2780 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:56:19.0625 2780 NtmsSvc - ok
08:56:19.0687 2780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:56:19.0765 2780 Null - ok
08:56:20.0218 2780 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:56:20.0562 2780 nv - ok
08:56:20.0703 2780 nvsvc (a8c1e6ff53fb0628a302843ea5fa5ab6) C:\WINDOWS\system32\nvsvc32.exe
08:56:20.0718 2780 nvsvc - ok
08:56:20.0750 2780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:56:20.0828 2780 NwlnkFlt - ok
08:56:20.0843 2780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:56:20.0937 2780 NwlnkFwd - ok
08:56:20.0968 2780 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:56:21.0046 2780 ohci1394 - ok
08:56:21.0062 2780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:56:21.0140 2780 Parport - ok
08:56:21.0140 2780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:56:21.0218 2780 PartMgr - ok
08:56:21.0265 2780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:56:21.0328 2780 ParVdm - ok
08:56:21.0359 2780 PbsAuDrv (ca7cb72fa9e0a1ff68c7a7637de2ac26) C:\WINDOWS\system32\drivers\pbsaudrv.sys
08:56:21.0406 2780 PbsAuDrv - ok
08:56:21.0421 2780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:56:21.0500 2780 PCI - ok
08:56:21.0500 2780 PCIDump - ok
08:56:21.0562 2780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:56:21.0625 2780 PCIIde - ok
08:56:21.0687 2780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:56:21.0781 2780 Pcmcia - ok
08:56:21.0828 2780 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
08:56:21.0828 2780 pcouffin ( UnsignedFile.Multi.Generic ) - warning
08:56:21.0828 2780 pcouffin - detected UnsignedFile.Multi.Generic (1)
08:56:21.0828 2780 PDCOMP - ok
08:56:21.0828 2780 PDFRAME - ok
08:56:21.0828 2780 PDRELI - ok
08:56:21.0843 2780 PDRFRAME - ok
08:56:21.0843 2780 perc2 - ok
08:56:21.0843 2780 perc2hib - ok
08:56:21.0890 2780 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:56:21.0906 2780 PlugPlay - ok
08:56:21.0937 2780 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:56:22.0000 2780 PolicyAgent - ok
08:56:22.0015 2780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:56:22.0109 2780 PptpMiniport - ok
08:56:22.0125 2780 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:56:22.0187 2780 ProtectedStorage - ok
08:56:22.0203 2780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:56:22.0265 2780 PSched - ok
08:56:22.0312 2780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:56:22.0375 2780 Ptilink - ok
08:56:22.0406 2780 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:56:22.0406 2780 PxHelp20 - ok
08:56:22.0406 2780 ql1080 - ok
08:56:22.0421 2780 Ql10wnt - ok
08:56:22.0421 2780 ql12160 - ok
08:56:22.0421 2780 ql1240 - ok
08:56:22.0421 2780 ql1280 - ok
08:56:22.0453 2780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:56:22.0531 2780 RasAcd - ok
08:56:22.0578 2780 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:56:22.0640 2780 RasAuto - ok
08:56:22.0656 2780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:56:22.0718 2780 Rasl2tp - ok
08:56:22.0765 2780 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:56:22.0843 2780 RasMan - ok
08:56:22.0859 2780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:56:22.0921 2780 RasPppoe - ok
08:56:22.0921 2780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:56:23.0000 2780 Raspti - ok
08:56:23.0015 2780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:56:23.0078 2780 Rdbss - ok
08:56:23.0109 2780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:56:23.0171 2780 RDPCDD - ok
08:56:23.0187 2780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:56:23.0265 2780 rdpdr - ok
08:56:23.0312 2780 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:56:23.0359 2780 RDPWD - ok
08:56:23.0406 2780 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:56:23.0484 2780 RDSessMgr - ok
08:56:23.0484 2780 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:56:23.0562 2780 redbook - ok
08:56:23.0609 2780 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:56:23.0671 2780 RemoteAccess - ok
08:56:23.0718 2780 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:56:23.0796 2780 RemoteRegistry - ok
08:56:23.0843 2780 rig3avs (afebc6dd529c46f83906b5f45a403b19) C:\WINDOWS\system32\Drivers\rig3avs.sys
08:56:23.0859 2780 rig3avs - ok
08:56:23.0906 2780 rig3usb_svc (d21e56840b37719e16ca1e8d7851ce2a) C:\WINDOWS\system32\Drivers\rig3usb.sys
08:56:23.0921 2780 rig3usb_svc - ok
08:56:23.0937 2780 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:56:24.0000 2780 RpcLocator - ok
08:56:24.0046 2780 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:56:24.0078 2780 RpcSs - ok
08:56:24.0125 2780 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:56:24.0218 2780 RSVP - ok
08:56:24.0234 2780 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
08:56:24.0250 2780 RTLE8023xp - ok
08:56:24.0250 2780 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:56:24.0328 2780 SamSs - ok
08:56:24.0328 2780 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:56:24.0406 2780 SCardSvr - ok
08:56:24.0437 2780 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:56:24.0515 2780 Schedule - ok
08:56:24.0531 2780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:56:24.0562 2780 Secdrv - ok
08:56:24.0593 2780 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:56:24.0671 2780 seclogon - ok
08:56:24.0687 2780 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:56:24.0781 2780 SENS - ok
08:56:24.0796 2780 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:56:24.0859 2780 serenum - ok
08:56:24.0875 2780 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:56:24.0937 2780 Serial - ok
08:56:24.0953 2780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:56:25.0015 2780 Sfloppy - ok
08:56:25.0171 2780 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:56:25.0265 2780 SharedAccess - ok
08:56:25.0296 2780 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:56:25.0312 2780 ShellHWDetection - ok
08:56:25.0312 2780 Simbad - ok
08:56:25.0343 2780 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:56:25.0421 2780 SLIP - ok
08:56:25.0421 2780 Sparrow - ok
08:56:25.0453 2780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:56:25.0515 2780 splitter - ok
08:56:25.0562 2780 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:56:25.0593 2780 Spooler - ok
08:56:25.0593 2780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:56:25.0640 2780 sr - ok
08:56:25.0671 2780 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:56:25.0718 2780 srservice - ok
08:56:25.0750 2780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:56:25.0812 2780 Srv - ok
08:56:25.0843 2780 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:56:25.0890 2780 SSDPSRV - ok
08:56:25.0906 2780 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:56:26.0015 2780 stisvc - ok
08:56:26.0062 2780 stmkrnl (503ffda14d746fbcbfb601eaccee6fd0) C:\WINDOWS\system32\DRIVERS\stmkrnl.sys
08:56:26.0125 2780 stmkrnl ( UnsignedFile.Multi.Generic ) - warning
08:56:26.0125 2780 stmkrnl - detected UnsignedFile.Multi.Generic (1)
08:56:26.0171 2780 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:56:26.0250 2780 streamip - ok
08:56:26.0265 2780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:56:26.0343 2780 swenum - ok
08:56:26.0359 2780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:56:26.0421 2780 swmidi - ok
08:56:26.0421 2780 SwPrv - ok
08:56:26.0437 2780 symc810 - ok
08:56:26.0437 2780 symc8xx - ok
08:56:26.0437 2780 sym_hi - ok
08:56:26.0453 2780 sym_u3 - ok
08:56:26.0453 2780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:56:26.0531 2780 sysaudio - ok
08:56:26.0562 2780 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:56:26.0625 2780 SysmonLog - ok
08:56:26.0656 2780 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:56:26.0734 2780 TapiSrv - ok
08:56:26.0781 2780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:56:26.0812 2780 Tcpip - ok
08:56:26.0843 2780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:56:26.0906 2780 TDPIPE - ok
08:56:26.0921 2780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:56:27.0000 2780 TDTCP - ok
08:56:27.0000 2780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:56:27.0078 2780 TermDD - ok
08:56:27.0109 2780 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:56:27.0203 2780 TermService - ok
08:56:27.0234 2780 thdudf (9d4bbd6e27b5562aea8295de7134e386) C:\WINDOWS\system32\DRIVERS\thdudf.sys
08:56:27.0250 2780 thdudf ( UnsignedFile.Multi.Generic ) - warning
08:56:27.0250 2780 thdudf - detected UnsignedFile.Multi.Generic (1)
08:56:27.0296 2780 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:56:27.0312 2780 Themes - ok
08:56:27.0359 2780 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:56:27.0390 2780 TlntSvr - ok
08:56:27.0390 2780 TosIde - ok
08:56:27.0421 2780 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:56:27.0484 2780 TrkWks - ok
08:56:27.0500 2780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:56:27.0593 2780 Udfs - ok
08:56:27.0593 2780 ultra - ok
08:56:27.0625 2780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:56:27.0718 2780 Update - ok
08:56:27.0750 2780 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:56:27.0796 2780 upnphost - ok
08:56:27.0812 2780 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:56:27.0921 2780 UPS - ok
08:56:27.0953 2780 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:56:27.0984 2780 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
08:56:27.0984 2780 USBAAPL - detected UnsignedFile.Multi.Generic (1)
08:56:28.0031 2780 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:56:28.0109 2780 usbaudio - ok
08:56:28.0125 2780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:56:28.0203 2780 usbccgp - ok
08:56:28.0250 2780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:56:28.0312 2780 usbehci - ok
08:56:28.0328 2780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:56:28.0406 2780 usbhub - ok
08:56:28.0453 2780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:56:28.0531 2780 usbprint - ok
08:56:28.0578 2780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:56:28.0640 2780 usbscan - ok
08:56:28.0703 2780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:56:28.0781 2780 USBSTOR - ok
08:56:28.0828 2780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:56:28.0906 2780 usbuhci - ok
08:56:28.0937 2780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:56:29.0000 2780 VgaSave - ok
08:56:29.0000 2780 ViaIde - ok
08:56:29.0265 2780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:56:29.0328 2780 VolSnap - ok
08:56:29.0375 2780 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:56:29.0406 2780 VSS - ok
08:56:29.0437 2780 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:56:29.0531 2780 W32Time - ok
08:56:29.0546 2780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:56:29.0609 2780 Wanarp - ok
08:56:29.0640 2780 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
08:56:29.0703 2780 WDC_SAM - ok
08:56:29.0796 2780 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
08:56:29.0812 2780 WDDMService ( UnsignedFile.Multi.Generic ) - warning
08:56:29.0812 2780 WDDMService - detected UnsignedFile.Multi.Generic (1)
08:56:29.0859 2780 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:56:29.0890 2780 Wdf01000 - ok
08:56:30.0062 2780 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
08:56:30.0109 2780 WDFME ( UnsignedFile.Multi.Generic ) - warning
08:56:30.0109 2780 WDFME - detected UnsignedFile.Multi.Generic (1)
08:56:30.0218 2780 WDICA - ok
08:56:30.0250 2780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:56:30.0328 2780 wdmaud - ok
08:56:30.0390 2780 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
08:56:30.0421 2780 WDSC ( UnsignedFile.Multi.Generic ) - warning
08:56:30.0421 2780 WDSC - detected UnsignedFile.Multi.Generic (1)
08:56:30.0468 2780 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:56:30.0531 2780 WebClient - ok
08:56:30.0593 2780 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:56:30.0656 2780 winmgmt - ok
08:56:30.0765 2780 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
08:56:30.0843 2780 WinRM - ok
08:56:31.0078 2780 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:56:31.0140 2780 wlidsvc - ok
08:56:31.0265 2780 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:56:31.0328 2780 WmdmPmSN - ok
08:56:31.0421 2780 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:56:31.0484 2780 Wmi - ok
08:56:31.0546 2780 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:56:31.0625 2780 WmiApSrv - ok
08:56:31.0750 2780 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:56:31.0812 2780 WMPNetworkSvc - ok
08:56:31.0984 2780 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:56:32.0015 2780 WPFFontCache_v0400 - ok
08:56:32.0375 2780 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:56:32.0468 2780 WS2IFSL - ok
08:56:32.0515 2780 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:56:32.0578 2780 wscsvc - ok
08:56:32.0625 2780 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:56:32.0718 2780 WSTCODEC - ok
08:56:32.0765 2780 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:56:32.0828 2780 wuauserv - ok
08:56:32.0875 2780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:56:32.0906 2780 WudfPf - ok
08:56:32.0921 2780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:56:32.0937 2780 WudfRd - ok
08:56:33.0000 2780 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:56:33.0015 2780 WudfSvc - ok
08:56:33.0093 2780 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:56:33.0250 2780 WZCSVC - ok
08:56:33.0281 2780 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:56:33.0359 2780 xmlprov - ok
08:56:33.0375 2780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:56:33.0453 2780 \Device\Harddisk0\DR0 - ok
08:56:33.0453 2780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
08:56:33.0515 2780 \Device\Harddisk1\DR1 - ok
08:56:33.0531 2780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
08:56:33.0890 2780 \Device\Harddisk2\DR2 - ok
08:56:33.0906 2780 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
08:56:34.0265 2780 \Device\Harddisk3\DR3 - ok
08:56:34.0265 2780 Boot (0x1200) (eb7b3124905cf1371320cf9d22112bb6) \Device\Harddisk0\DR0\Partition0
08:56:34.0265 2780 \Device\Harddisk0\DR0\Partition0 - ok
08:56:34.0265 2780 Boot (0x1200) (a1d61e2ceb34c33c8e21e9fab36491f0) \Device\Harddisk1\DR1\Partition0
08:56:34.0281 2780 \Device\Harddisk1\DR1\Partition0 - ok
08:56:34.0281 2780 Boot (0x1200) (ab80353706d8467102531d44dc7f2473) \Device\Harddisk2\DR2\Partition0
08:56:34.0281 2780 \Device\Harddisk2\DR2\Partition0 - ok
08:56:34.0312 2780 Boot (0x1200) (374959a50406af9a168269a8509b5e71) \Device\Harddisk3\DR3\Partition0
08:56:34.0312 2780 \Device\Harddisk3\DR3\Partition0 - ok
08:56:34.0312 2780 ============================================================
08:56:34.0312 2780 Scan finished
08:56:34.0312 2780 ============================================================
08:56:34.0421 2272 Detected object count: 15
08:56:34.0421 2272 Actual detected object count: 15
08:57:24.0625 2272 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0625 2272 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0625 2272 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0625 2272 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0625 2272 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0625 2272 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0625 2272 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0625 2272 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0625 2272 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0625 2272 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0625 2272 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0625 2272 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0625 2272 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0625 2272 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0625 2272 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0625 2272 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0640 2272 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0640 2272 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0640 2272 stmkrnl ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0640 2272 stmkrnl ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0640 2272 thdudf ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0640 2272 thdudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0640 2272 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0640 2272 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0640 2272 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0640 2272 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0640 2272 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0640 2272 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:24.0640 2272 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:24.0640 2272 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#12
azarl
Posted 20 July 2012 - 09:25 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
mjlx
Posted 20 July 2012 - 12:40 PM

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Here's the MBAM log....


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.20.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Michael :: MICHAEL-117087D [administrator]

7/20/2012 2:33:27 PM
mbam-log-2012-07-20 (14-33-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204500
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
azarl
Posted 20 July 2012 - 01:12 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
It's looking good.

I think we'll run a virus scan before finishing off

ESET Scanner
Please run a free online scan with the ESET Online Scanner
Note: Use Internet Explorer for this scan. (If you need to use Firefox or Opera, click on the download icon to download the ESET Installer and save to your desktop. When the download is complete double-click on the icon on the desktop.)
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#15
mjlx
Posted 20 July 2012 - 06:39 PM

mjlx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok here is the Eset log......Scan found threats didn't look so good to me :unsure: .....maybe I'm wrong.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2bd5654fded24943a3b841e4883ba804
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 11:07:24
# local_time=2012-07-20 07:07:24 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 54537562 54537562 0 0
# compatibility_mode=3073 16777213 80 71 10287984 18309180 0 0
# compatibility_mode=5891 16776869 42 92 0 9938077 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=272622
# found=19
# cleaned=19
# scan_time=5502
C:\Qoobox\Quarantine\C\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\n.vir a variant of Win32/Kryptik.AIIA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\[email protected] a variant of Win32/Sirefef.FA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Michael\Local Settings\Application Data\{add94319-645d-2943-6f4a-b9a5eb393140}\U\[email protected] a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Software\cnet_FCTBSetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Software\VLC_968.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F0E10E74-0FEE-486D-AACD-7DB3C2DD8F21}\RP761\A0093752.ini Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F0E10E74-0FEE-486D-AACD-7DB3C2DD8F21}\RP762\A0093795.ini Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F0E10E74-0FEE-486D-AACD-7DB3C2DD8F21}\RP763\A0093805.ini Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F0E10E74-0FEE-486D-AACD-7DB3C2DD8F21}\RP763\A0093824.ini Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F0E10E74-0FEE-486D-AACD-7DB3C2DD8F21}\RP770\A0094204.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F0E10E74-0FEE-486D-AACD-7DB3C2DD8F21}\RP770\A0094205.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Documents and Settings\Administrator\My Documents\Downloads\media.player.codec.pack.v4.1.9.setup.exe probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Documents and Settings\Administrator\My Documents\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{F0E10E74-0FEE-486D-AACD-7DB3C2DD8F21}\RP770\A0094206.exe probably a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{F0E10E74-0FEE-486D-AACD-7DB3C2DD8F21}\RP770\A0094207.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
J:\Software\Audacity_40.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
J:\Software\media.player.codec.pack.v3.9.6.setup.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
J:\Software\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP