Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP .. "trojan horse patched_c.LZI" problem [Solved]


  • This topic is locked This topic is locked

#31
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Urghhhhhhh .. this is grim ...

Won`t start in safe mode. I can see it loading files but then it just switches itself off.

Tried recovery console, it says "windows is loading files" and that seems fine but then the grim reaper pays a visit with that ghastly blue screen with

stop: c000021a (fatal system error) 0x00000000 (0xc0000001 0x00100390)
  • 0

Advertisements


#32
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Quick update - booted again only this time the "startup repair" option appeared.

I selected it now so its going through that....
  • 0

#33
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
After multiple repairs .. Eureka!

Once the desktop loaded there was a notepad opened from a previous OTL check.

Ive included numerous logs for you to check just in case there are of any use to you. For some reason (again), when i ran OTL the extras txt did not occur.

The logs as follows ....

1. Previous OTL.txt log, for some reason already opened once logged into computer.
2. New OTL.txt
3. Frst.txt
4. fixlog.txt



1. Previous log

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Materelli\AppData\Local\nwpwappd\vdhjnsyq.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edc41ae6-9555-11de-a16b-002219f956bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edc41ae6-9555-11de-a16b-002219f956bb}\ not found.
File G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edc41ae6-9555-11de-a16b-002219f956bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edc41ae6-9555-11de-a16b-002219f956bb}\ not found.
File G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe not found.
File C:\Users\Materelli\AppData\Local\86K35bLqF not found.
File C:\ProgramData\86K35bLqF not found.
File C:\Users\Materelli\AppData\Local\5r6r38221t246h5xhcg048mh1533 not found.
File C:\ProgramData\5r6r38221t246h5xhcg048mh1533 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Materelli\Desktop\cmd.bat deleted successfully.
C:\Users\Materelli\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
File\Folder C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060} not found.
File\Folder C:\Users\Materelli\AppData\Local\{479469d3-8ccd-754f-0bb2-1225aba89060} not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Materelli
->Temp folder emptied: 76438797 bytes
->Temporary Internet Files folder emptied: 212227530 bytes
->Java cache emptied: 10025869 bytes
->Flash cache emptied: 42617 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1907480 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes
RecycleBin emptied: 3146674478 bytes

Total Files Cleaned = 3,288.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 08032012_165231

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Materelli\AppData\Local\Temp\REG1327.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REG1D6B.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REG281C.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REG606D.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REG7C2C.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REG928E.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REG9A16.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REGAA16.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REGBE6E.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REGC5D.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REGE77E.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Temp\REGFBAD.tmp moved successfully.
C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7R33N6V\fastbutton[1].htm moved successfully.
C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLC5NJPR\fastbutton[1].htm moved successfully.

PendingFileRenameOperations files...
[2012/08/03 16:52:31 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F
File C:\Users\Materelli\AppData\Local\Temp\REG1327.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG1D6B.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG281C.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG606D.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG7C2C.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG928E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG9A16.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGAA16.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGBE6E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGC5D.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGE77E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGFBAD.tmp not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7R33N6V\fastbutton[1].htm not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLC5NJPR\fastbutton[1].htm not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG1327.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG1D6B.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG281C.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG606D.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG7C2C.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG928E.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG9A16.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGAA16.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGBE6E.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGC5D.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGE77E.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGFBAD.tmp not found!
C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7R33N6V\fastbutton[1].htm not found!
File\Folder C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLC5NJPR\fastbutton[1].htm not found!

PendingFileRenameOperations files...
[2012/08/03 16:52:31 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F
File C:\Users\Materelli\AppData\Local\Temp\REG1327.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG1D6B.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG281C.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG606D.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG7C2C.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG928E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG9A16.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGAA16.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGBE6E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGC5D.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGE77E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGFBAD.tmp not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7R33N6V\fastbutton[1].htm not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLC5NJPR\fastbutton[1].htm not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG1327.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG1D6B.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG281C.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG606D.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG7C2C.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG928E.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REG9A16.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGAA16.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGBE6E.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGC5D.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGE77E.tmp not found!
File\Folder C:\Users\Materelli\AppData\Local\Temp\REGFBAD.tmp not found!
C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7R33N6V\fastbutton[1].htm not found!
File\Folder C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLC5NJPR\fastbutton[1].htm not found!

PendingFileRenameOperations files...
[2012/08/03 16:52:31 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F
File C:\Users\Materelli\AppData\Local\Temp\REG1327.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG1D6B.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG281C.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG606D.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG7C2C.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG928E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REG9A16.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGAA16.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGBE6E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGC5D.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGE77E.tmp not found!
File C:\Users\Materelli\AppData\Local\Temp\REGFBAD.tmp not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7R33N6V\fastbutton[1].htm not found!
File C:\Users\Materelli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLC5NJPR\fastbutton[1].htm not found!

Registry entries deleted on Reboot...


2. New OTL log

OTL logfile created on: 04/08/2012 18:46:32 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Materelli\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.52% Memory free
13.64 Gb Paging File | 11.78 Gb Available in Paging File | 86.35% Paging File free
Paging file location(s): c:\pagefile.sys 10000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 97.94 Gb Free Space | 34.56% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.94 Gb Free Space | 47.36% Space Free | Partition Type: NTFS

Computer Name: MATERELLI-PC | User Name: Materelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 13:12:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/05/14 17:25:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/02/23 20:29:43 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/17 11:50:42 | 004,523,928 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009/07/23 11:15:59 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/04 18:41:00 | 000,192,512 | ---- | M] () -- C:\Users\Materelli\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012/08/04 18:40:49 | 000,172,032 | ---- | M] () -- C:\Users\Materelli\AppData\Local\Temp\sfareca00001.dll
MOD - [2011/11/20 19:32:12 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/24 18:17:36 | 001,431,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/10/24 17:57:38 | 000,840,976 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/19 17:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/19 17:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/02 21:05:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 19:43:31 | 000,241,664 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exe -- (freenet)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/01 00:45:16 | 008,399,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SBFWIM.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sbfwim.sys -- (SBFWIMCL)
DRV:64bit: - [2011/02/03 13:36:49 | 000,464,464 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv10.sys -- (acedrv10)
DRV:64bit: - [2011/02/03 13:36:49 | 000,229,664 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acehlp10.sys -- (acehlp10)
DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 17:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/04/11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/19 17:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008/12/21 18:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/11/25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 16:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/09/15 18:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/15 18:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/15 18:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/01/21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0F2D630A-1FF6-4A81-BCA1-71E9054BB3CB}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0F2D630A-1FF6-4A81-BCA1-71E9054BB3CB}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...omplete=1&hl=en
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes\{6F198424-0A4A-453B-A959-ECC9D076E4C1}: "URL" = http://search.avg.co...}&ychte=uk&nt=1
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 71.68.37.101:80


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/07 04:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/19 20:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/06 11:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/06 11:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/05 03:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/05 03:00:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 11:50:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/03 16:52:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4092ADC-5C83-48E9-8CEA-1F4B0BF537BC}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 22:45:51 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/04 09:56:07 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C7B6A90B-B4E5-42CC-8517-2B5977327D22}
[2012/08/04 09:55:45 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EFF617BD-3653-4D8B-BAB3-7AC91C440909}
[2012/08/04 06:44:05 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/08/03 19:17:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/03 19:04:49 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/08/03 17:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/03 16:11:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/03 13:35:41 | 004,724,629 | ---- | C] (Swearware) -- C:\Users\Materelli\Desktop\ComboFix.exe
[2012/08/03 13:18:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Materelli\Desktop\aswMBR.exe
[2012/08/03 13:11:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
[2012/08/03 00:12:24 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{801465AB-2476-43CC-8549-F60B98A2EB33}
[2012/08/03 00:11:26 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E4F7436B-D03E-4604-ADDA-53DD9894BBC5}
[2012/08/02 12:11:10 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C46A218D-72E5-4641-BFA2-8F0F3CBB2FC0}
[2012/08/02 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{5BE2BF59-B7F6-4875-ADE1-7036CC23F2B7}
[2012/08/01 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DB0F3EAD-CCC0-4E78-8EB1-2C462DEC4457}
[2012/08/01 23:24:31 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E88083EF-4B2B-4AE5-8C26-012B8312E3F8}
[2012/08/01 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E9A2362F-152C-426A-A537-4C5616D668DD}
[2012/08/01 11:22:38 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D2241968-2209-4310-9040-D1D921642B1C}
[2012/07/31 15:21:35 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{53CA325B-28C8-4386-B222-2B7E3922B8C3}
[2012/07/31 15:20:37 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D0080AD8-735E-4617-B95D-D5106B1B3DA4}
[2012/07/31 01:43:32 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E22CD375-006A-4FCE-B2E4-1CEE2BA4D785}
[2012/07/31 01:42:59 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D11A6918-0321-4833-B883-3C8BFA5108E8}
[2012/07/30 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Materelli\Desktop\removable disk
[2012/07/30 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D6BC594F-D069-4D7B-A387-D66183524822}
[2012/07/30 13:42:29 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D74E012B-3D00-4665-972C-55DE2F9B5C2A}
[2012/07/30 01:42:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9D7748E0-3D10-48D6-9456-628714F7BD87}
[2012/07/30 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CE2848C2-1949-498B-AA2D-38DC66F595EC}
[2012/07/29 13:41:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E7E94CB8-6CFE-4ABF-9819-4EFCA9DA2405}
[2012/07/29 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7EC2A923-B30A-418A-B2D7-74B93C0CF16F}
[2012/07/29 00:22:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{751CD0F9-4A0F-4933-947A-3F14056306EA}
[2012/07/28 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{99A19B08-E02C-4915-9552-0ECE582A428D}
[2012/07/28 12:20:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D1B9B632-A3DD-4991-93AF-8EC43B733244}
[2012/07/28 00:19:53 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4D02B297-94C7-42FE-BB95-BB19D541EE02}
[2012/07/27 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{037A732E-70C9-4C8B-BE1F-5945BEA2AFE2}
[2012/07/27 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{86E90A88-7A07-42E6-AA90-A08CBBE3A37C}
[2012/07/26 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{0D331859-206B-4ED5-B531-7482DBACAF3B}
[2012/07/26 12:50:54 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8376892A-DE8F-4AE8-BB6C-ED26EA0324CD}
[2012/07/25 23:30:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CB0D7B32-3D0D-4B48-82DC-D9A022CF15E8}
[2012/07/25 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7BCB3858-29FC-448B-94B3-42098E00E6B2}
[2012/07/25 23:10:27 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Roaming\SharePod
[2012/07/25 23:06:32 | 005,591,552 | ---- | C] (Jeffrey Harris) -- C:\Users\Materelli\Desktop\SharePod.exe
[2012/07/25 11:29:42 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{1BF47978-8AAE-4909-9656-F570EC1883BD}
[2012/07/25 11:28:36 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DCF845F9-8A41-47AF-A376-9F442FA81BB2}
[2012/07/24 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{976EC6EC-6CC1-408E-A6C6-28A4ED3CB582}
[2012/07/24 23:03:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2EBC7EAF-8E29-44CA-A301-04E3BF86B4F5}
[2012/07/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9314C45D-16FD-4172-B05B-B85AC524674C}
[2012/07/24 11:01:39 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{67EA3F70-5A97-4D52-A973-E8E024F64035}
[2012/07/23 15:17:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{AABA0F99-B0BF-449F-BA71-626EDFB3E491}
[2012/07/23 15:16:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{02848BB8-8C8A-46A9-B9E6-A56515DB0755}
[2012/07/23 02:19:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2DDF4F29-538E-4FA5-884E-F5B674FCC381}
[2012/07/23 02:18:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EDAC6964-1054-46CB-A739-37D55BF6ED6A}
[2012/07/22 14:18:38 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CB29C2BC-DF2E-4D66-941A-26BFC6CC3EE5}
[2012/07/22 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{1E9F23C1-66E8-4C76-A379-CEEC0829E55C}
[2012/07/22 01:39:03 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{888134C3-E9D4-46B0-865A-79CEF4ADF234}
[2012/07/22 01:38:49 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E6104F94-A8DB-4933-A181-4D78B46C0B26}
[2012/07/21 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{73718129-BA7B-4996-AFB5-08BDAF637AEC}
[2012/07/21 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8536A656-3E50-4D50-976D-B27DDA14F6FF}
[2012/07/21 00:33:07 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4B41CA3D-CAE7-4EE1-ACCD-2F70108FAD6B}
[2012/07/21 00:32:55 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C913E54F-D61D-4EBB-9BED-DB3F381863E8}
[2012/07/20 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{08EFB1F8-5ED2-402D-9541-E81996B2B0CD}
[2012/07/20 12:31:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9E384429-28C9-4AC0-BCD8-8FBEA041016A}
[2012/07/19 20:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/19 20:01:09 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DDA6FB1D-13AA-4994-B321-0CEE8F8F481B}
[2012/07/19 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{22866968-EEDC-4A04-9CC0-434124AAEFCE}
[2012/07/13 11:06:56 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7E8D9116-FDC7-4666-BB63-9A7BA29B5A36}
[2012/07/13 11:06:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E16D384C-D61B-436B-A632-69B280F8120D}
[2012/07/12 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{396CBEB3-0ABD-4BAF-9FDC-8D5F79EEF5AB}
[2012/07/12 12:29:42 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{5657BEF6-6DD6-4B4E-B61A-90A930166C15}
[2012/07/12 11:36:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/12 00:29:14 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EE0E4460-B54D-4261-B03D-3CC6B64DCE6B}
[2012/07/12 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{04ADA130-3444-4A21-8BE1-CE57D23EAC4E}
[2012/07/11 13:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/11 13:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/11 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/11 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/11 12:28:10 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{15B993DA-ADE8-4646-996F-CD779D4F62F4}
[2012/07/11 12:26:54 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{F2E1F8BF-BE73-4A84-B977-52321FD4B7ED}
[2012/07/11 00:09:25 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2DDB106F-C5C9-4FB9-84B2-46092EEC8E28}
[2012/07/11 00:09:06 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{52503ACA-1A7D-45FE-BDF2-9A5049B5CD27}
[2012/07/10 12:08:31 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8F16CA25-C1DE-4DCA-A491-8ECC1A1BA4F5}
[2012/07/10 12:07:04 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4AE01EF0-BBAF-4ED4-B60F-BB17A324BF9D}
[2012/07/09 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{31C77E61-C671-4A43-827C-621FCFBCFAED}
[2012/07/09 15:38:20 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{975A800D-6AD5-4227-B908-0F675AD3AB51}
[2012/07/08 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E15D0E8C-08DB-429D-B738-498FF5FE0215}
[2012/07/08 12:27:34 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{3D943A8A-AB28-4C61-ABEB-2BBED51DE90B}
[2012/07/08 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4F77FFA4-8E03-4878-92B0-21FC65F9C7A5}
[2012/07/08 00:26:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9C97D5FA-5956-4273-B171-27C7FEDAD639}
[2012/07/07 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{74E94D25-6B93-416E-9D1F-5C123F3F8110}
[2012/07/07 12:26:28 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E40BC333-3DAE-4A3F-8861-763E531B42F3}
[2012/07/07 00:26:04 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{A22C4D64-620C-433D-85F6-33B2D006E0CC}
[2012/07/07 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{AFCD2DAA-440C-4D5F-BA1A-50540FFD93AE}
[2012/07/06 12:25:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8AE939EA-7BC1-44A5-A820-DFDC14E8160D}
[2012/07/06 12:24:37 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D0212EDA-634C-405A-9E6D-3BCB46402408}
[2012/07/06 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9C3AD560-56A2-4198-9D8D-7131F91E2960}
[2012/07/06 00:23:23 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E398F453-EF8C-4597-BB17-5C790B679F38}
[2012/01/19 15:31:55 | 019,663,768 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Materelli\FreeVideoToiPodConverter.exe
[2009/07/23 11:35:08 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Materelli\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/08/04 18:40:48 | 102,971,474 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/04 18:35:54 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/04 18:35:02 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 18:35:02 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 18:34:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 18:34:43 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 18:29:15 | 365,930,324 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/03 17:04:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 17:04:07 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 16:52:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/03 15:26:47 | 000,000,512 | ---- | M] () -- C:\Users\Materelli\Desktop\MBR.dat
[2012/08/03 13:35:53 | 004,724,629 | ---- | M] (Swearware) -- C:\Users\Materelli\Desktop\ComboFix.exe
[2012/08/03 13:35:35 | 000,756,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/03 13:35:35 | 000,645,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/03 13:35:35 | 000,123,804 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 13:19:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Materelli\Desktop\aswMBR.exe
[2012/08/03 13:12:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
[2012/08/03 00:10:29 | 001,149,038 | ---- | M] () -- C:\Users\Materelli\Documents\moochiesmenu.pdf
[2012/07/30 19:10:04 | 000,007,397 | ---- | M] () -- C:\Users\Materelli\Desktop\SharePodSettings.xml
[2012/07/30 11:49:02 | 000,227,165 | ---- | M] () -- C:\Users\Materelli\Documents\attachment payment.pdf
[2012/07/28 22:40:20 | 000,000,680 | ---- | M] () -- C:\Users\Materelli\AppData\Local\d3d9caps.dat
[2012/07/25 23:05:28 | 002,141,310 | ---- | M] () -- C:\Users\Materelli\Desktop\SharePod_3.99.zip
[2012/07/20 17:47:31 | 000,389,488 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/19 20:08:43 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/12 16:30:09 | 000,305,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 13:45:00 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/08 12:13:22 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/07/07 18:39:23 | 023,784,819 | ---- | M] () -- C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
[2012/07/06 13:32:36 | 000,602,557 | ---- | M] () -- C:\Users\Materelli\Documents\Ketosis - CAMBRIDGE guide.pdf
[2012/07/06 12:44:55 | 000,720,628 | ---- | M] () -- C:\Users\Materelli\Documents\Studies on the metabolism of Eskimos.pdf

========== Files Created - No Company Name ==========

[2012/08/04 18:02:13 | 4289,576,960 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/03 14:10:50 | 000,000,512 | ---- | C] () -- C:\Users\Materelli\Desktop\MBR.dat
[2012/08/03 00:10:28 | 001,149,038 | ---- | C] () -- C:\Users\Materelli\Documents\moochiesmenu.pdf
[2012/07/30 11:49:01 | 000,227,165 | ---- | C] () -- C:\Users\Materelli\Documents\attachment payment.pdf
[2012/07/25 23:07:26 | 000,007,397 | ---- | C] () -- C:\Users\Materelli\Desktop\SharePodSettings.xml
[2012/07/25 23:05:20 | 002,141,310 | ---- | C] () -- C:\Users\Materelli\Desktop\SharePod_3.99.zip
[2012/07/11 13:45:00 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/07 18:39:15 | 023,784,819 | ---- | C] () -- C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
[2012/07/06 13:32:36 | 000,602,557 | ---- | C] () -- C:\Users\Materelli\Documents\Ketosis - CAMBRIDGE guide.pdf
[2012/07/06 12:44:55 | 000,720,628 | ---- | C] () -- C:\Users\Materelli\Documents\Studies on the metabolism of Eskimos.pdf
[2012/06/12 11:37:25 | 000,743,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/04 22:52:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/04 22:52:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/20 11:28:18 | 000,000,000 | ---- | C] () -- C:\Users\Materelli\AppData\Local\{2322992F-1B59-4BE1-AD80-56752BFB78D8}
[2011/05/20 17:42:55 | 000,002,295 | ---- | C] () -- C:\Users\Materelli\.com.zerog.registry.xml
[2011/02/06 17:04:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/27 00:07:21 | 000,000,126 | ---- | C] () -- C:\Users\Materelli\AppData\Roaming\wklnhst.dat
[2009/07/31 21:29:24 | 000,017,920 | ---- | C] () -- C:\Users\Materelli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 12:08:55 | 000,000,680 | ---- | C] () -- C:\Users\Materelli\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/05/24 09:31:17 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Ad-Aware Antivirus
[2011/10/14 12:41:06 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\AVG2012
[2012/07/09 23:56:01 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\BitTorrent
[2012/06/04 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\DVDVideoSoft
[2011/05/15 02:52:59 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/24 04:11:18 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\GetRightToGo
[2010/12/10 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\PCDr
[2012/04/18 20:00:46 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\ppstream
[2012/07/25 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\SharePod
[2011/12/07 03:36:33 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Sports Interactive
[2009/09/19 15:28:25 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\StreamTorrent
[2011/05/04 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Temp
[2009/11/27 00:07:26 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Template
[2009/09/07 17:25:33 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\VistaCodecs
[2011/09/09 10:49:02 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Windows Live Writer
[2012/07/08 12:13:22 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/03 12:34:21 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/04/25 04:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/04/25 04:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/25 04:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/25 04:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/25 04:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/04/25 04:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/25 04:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/25 04:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 22:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services
[2007/10/02 17:21:30 | 000,005,747 | ---- | M] () MD5=A19E611ABC81E35FA50B604688130858 -- C:\Program Files (x86)\D-Fend Reloaded\NewUserData\FREEDOS\SERVICES
[2007/10/02 17:21:30 | 000,005,747 | ---- | M] () MD5=A19E611ABC81E35FA50B604688130858 -- C:\Users\Materelli\D-Fend Reloaded\VirtualHD\FREEDOS\SERVICES

< MD5 for: SERVICES.CFG >
[2012/04/04 06:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 16:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 16:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 16:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 16:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui

< MD5 for: SERVICES.EXE.VIR >
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir

< MD5 for: SERVICES.LNK >
[2008/01/21 04:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 04:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 22:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 16:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 22:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 16:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 16:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 22:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 16:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 4
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = fe80::ec4d:63c2:6f40:929%11;fe80::96:30c1:b19e:271b%10;2002:4e61:d8e4::4e61:d8e4;78.97.216.228;
"LastDetectUrl" =

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Materelli\Desktop\joey negro - unknown.mp3:TOC.WMV
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 311 bytes -> C:\Users\Materelli\Documents\No Subject.eml:OECustomProperty

< End of report >


3. Frst.txt

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 03-08-2012 20:39:03
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-25] (Synaptics, Inc.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [122368 2009-07-23] (Google Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [69120 2009-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-05-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [combofix] C:\ComboFix\CF15613.3XE /c C:\ComboFix\Combobatch.bat [8272 2012-08-03] ()
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Materelli\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-10-10] (Valve Corporation)
HKU\Materelli\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
HKU\Materelli\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKLM-x32\...\Runonce: [combofix] C:\ComboFix\CF15613.3XE /c C:\ComboFixCombobatch.bat [x]
HKLM-x32\...\runonceex: [flags] 8
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\hpzrcv01.LNK
ShortcutTarget: hpzrcv01.LNK -> C:\Program Files (x86)\HP\Temp\{59C83C08-63F4-4AEC-81D6-392C5E23B843}\setup\hpzstub.exe (No File)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1161072 2012-03-29] (Lavasoft Limited)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [382248 2007-09-20] (Nero AG)
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe" [2804280 2011-05-17] (Sunbelt Software)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
3 freenet; "C:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files (x86)\Freenet\wrapper.conf" [x]
3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]
2 HDD & SSD access service; "C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe" [x]
3 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 acedrv10; C:\Windows\System32\Drivers\acedrv10.sys [464464 2011-02-03] (Protect Software GmbH)
2 acehlp10; C:\Windows\System32\Drivers\acehlp10.sys [229664 2011-02-03] (Protect Software GmbH)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
3 OA008Ufd; C:\Windows\System32\Drivers\OA008Ufd.sys [159840 2009-03-05] (Creative Technology Ltd.)
3 OA008Vid; C:\Windows\System32\Drivers\OA008Vid.sys [313696 2009-05-06] (Creative Technology Ltd.)
2 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-03 10:04 - 2012-08-03 10:18 - 00000000 ___SD C:\ComboFix
2012-08-03 08:57 - 2012-08-03 10:18 - 00000000 ____D C:\Windows\erdnt
2012-08-03 08:57 - 2012-08-03 10:05 - 00000000 ____D C:\Qoobox
2012-08-03 08:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-03 08:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-03 08:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-03 07:11 - 2012-08-03 07:11 - 00000000 ____D C:\_OTL
2012-08-03 05:10 - 2012-08-03 06:26 - 00003743 ____A C:\Users\Materelli\Desktop\aswMBR.txt
2012-08-03 05:10 - 2012-08-03 06:26 - 00000512 ____A C:\Users\Materelli\Desktop\MBR.dat
2012-08-03 04:48 - 2012-08-03 04:48 - 00062308 ____A C:\Users\Materelli\Desktop\Extras.Txt
2012-08-03 04:44 - 2012-08-03 08:49 - 00103112 ____A C:\Users\Materelli\Desktop\OTL.Txt
2012-08-03 04:35 - 2012-08-03 08:56 - 04729092 ____R (Swearware) C:\Users\Materelli\Desktop\ComboFix.exe
2012-08-03 04:18 - 2012-08-03 04:19 - 04731392 ____A (AVAST Software) C:\Users\Materelli\Desktop\aswMBR.exe
2012-08-03 04:11 - 2012-08-03 04:12 - 00597504 ____A (OldTimer Tools) C:\Users\Materelli\Desktop\OTL.exe
2012-08-02 15:12 - 2012-08-02 15:12 - 00000000 ____D C:\Users\Materelli\AppData\Local\{801465AB-2476-43CC-8549-F60B98A2EB33}
2012-08-02 15:11 - 2012-08-02 15:12 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E4F7436B-D03E-4604-ADDA-53DD9894BBC5}
2012-08-02 03:11 - 2012-08-02 03:11 - 00000000 ____D C:\Users\Materelli\AppData\Local\{C46A218D-72E5-4641-BFA2-8F0F3CBB2FC0}
2012-08-02 03:09 - 2012-08-02 03:10 - 00000000 ____D C:\Users\Materelli\AppData\Local\{5BE2BF59-B7F6-4875-ADE1-7036CC23F2B7}
2012-08-01 14:25 - 2012-08-01 14:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{DB0F3EAD-CCC0-4E78-8EB1-2C462DEC4457}
2012-08-01 14:24 - 2012-08-01 14:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E88083EF-4B2B-4AE5-8C26-012B8312E3F8}
2012-08-01 02:23 - 2012-08-01 02:24 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E9A2362F-152C-426A-A537-4C5616D668DD}
2012-08-01 02:22 - 2012-08-01 02:22 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D2241968-2209-4310-9040-D1D921642B1C}
2012-07-31 06:21 - 2012-07-31 06:21 - 00000000 ____D C:\Users\Materelli\AppData\Local\{53CA325B-28C8-4386-B222-2B7E3922B8C3}
2012-07-31 06:20 - 2012-07-31 06:20 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D0080AD8-735E-4617-B95D-D5106B1B3DA4}
2012-07-30 16:43 - 2012-07-30 16:43 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E22CD375-006A-4FCE-B2E4-1CEE2BA4D785}
2012-07-30 16:42 - 2012-07-30 16:43 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D11A6918-0321-4833-B883-3C8BFA5108E8}
2012-07-30 05:06 - 2012-07-30 05:06 - 00000000 ____D C:\Users\Materelli\Desktop\removable disk
2012-07-30 04:42 - 2012-07-30 04:42 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D74E012B-3D00-4665-972C-55DE2F9B5C2A}
2012-07-30 04:42 - 2012-07-30 04:42 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D6BC594F-D069-4D7B-A387-D66183524822}
2012-07-29 16:42 - 2012-07-29 16:42 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9D7748E0-3D10-48D6-9456-628714F7BD87}
2012-07-29 16:41 - 2012-07-29 16:42 - 00000000 ____D C:\Users\Materelli\AppData\Local\{CE2848C2-1949-498B-AA2D-38DC66F595EC}
2012-07-29 04:41 - 2012-07-29 04:41 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E7E94CB8-6CFE-4ABF-9819-4EFCA9DA2405}
2012-07-29 04:38 - 2012-07-29 04:39 - 00000000 ____D C:\Users\Materelli\AppData\Local\{7EC2A923-B30A-418A-B2D7-74B93C0CF16F}
2012-07-28 15:22 - 2012-07-28 15:23 - 00000000 ____D C:\Users\Materelli\AppData\Local\{751CD0F9-4A0F-4933-947A-3F14056306EA}
2012-07-28 03:22 - 2012-07-28 03:22 - 00000000 ____D C:\Users\Materelli\AppData\Local\{99A19B08-E02C-4915-9552-0ECE582A428D}
2012-07-28 03:20 - 2012-07-28 03:20 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D1B9B632-A3DD-4991-93AF-8EC43B733244}
2012-07-27 15:19 - 2012-07-27 15:20 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4D02B297-94C7-42FE-BB95-BB19D541EE02}
2012-07-27 03:19 - 2012-07-27 03:19 - 00000000 ____D C:\Users\Materelli\AppData\Local\{037A732E-70C9-4C8B-BE1F-5945BEA2AFE2}
2012-07-27 03:17 - 2012-07-27 03:18 - 00000000 ____D C:\Users\Materelli\AppData\Local\{86E90A88-7A07-42E6-AA90-A08CBBE3A37C}
2012-07-26 13:01 - 2012-07-26 13:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{0D331859-206B-4ED5-B531-7482DBACAF3B}
2012-07-26 03:50 - 2012-07-26 03:51 - 00000000 ____D C:\Users\Materelli\AppData\Local\{8376892A-DE8F-4AE8-BB6C-ED26EA0324CD}
2012-07-25 14:30 - 2012-07-25 14:31 - 00000000 ____D C:\Users\Materelli\AppData\Local\{CB0D7B32-3D0D-4B48-82DC-D9A022CF15E8}
2012-07-25 14:30 - 2012-07-25 14:30 - 00000000 ____D C:\Users\Materelli\AppData\Local\{7BCB3858-29FC-448B-94B3-42098E00E6B2}
2012-07-25 14:10 - 2012-07-25 14:10 - 00000000 ____D C:\Users\Materelli\AppData\Roaming\SharePod
2012-07-25 14:07 - 2012-07-30 10:10 - 00007397 ____A C:\Users\Materelli\Desktop\SharePodSettings.xml
2012-07-25 14:06 - 2012-07-30 10:09 - 00010892 ____A C:\Users\Materelli\Desktop\SharePod.log
2012-07-25 14:06 - 2012-06-18 01:02 - 05591552 ____A (Jeffrey Harris) C:\Users\Materelli\Desktop\SharePod.exe
2012-07-25 14:05 - 2012-07-25 14:05 - 02141310 ____A C:\Users\Materelli\Desktop\SharePod_3.99.zip
2012-07-25 02:29 - 2012-07-25 02:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{1BF47978-8AAE-4909-9656-F570EC1883BD}
2012-07-25 02:28 - 2012-07-25 02:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{DCF845F9-8A41-47AF-A376-9F442FA81BB2}
2012-07-24 14:03 - 2012-07-24 14:03 - 00000000 ____D C:\Users\Materelli\AppData\Local\{976EC6EC-6CC1-408E-A6C6-28A4ED3CB582}
2012-07-24 14:03 - 2012-07-24 14:03 - 00000000 ____D C:\Users\Materelli\AppData\Local\{2EBC7EAF-8E29-44CA-A301-04E3BF86B4F5}
2012-07-24 02:02 - 2012-07-24 02:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9314C45D-16FD-4172-B05B-B85AC524674C}
2012-07-24 02:01 - 2012-07-24 02:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{67EA3F70-5A97-4D52-A973-E8E024F64035}
2012-07-23 06:17 - 2012-07-23 06:18 - 00000000 ____D C:\Users\Materelli\AppData\Local\{AABA0F99-B0BF-449F-BA71-626EDFB3E491}
2012-07-23 06:16 - 2012-07-23 06:17 - 00000000 ____D C:\Users\Materelli\AppData\Local\{02848BB8-8C8A-46A9-B9E6-A56515DB0755}
2012-07-22 17:19 - 2012-07-22 17:19 - 00000000 ____D C:\Users\Materelli\AppData\Local\{2DDF4F29-538E-4FA5-884E-F5B674FCC381}
2012-07-22 17:18 - 2012-07-22 17:19 - 00000000 ____D C:\Users\Materelli\AppData\Local\{EDAC6964-1054-46CB-A739-37D55BF6ED6A}
2012-07-22 06:14 - 2012-07-22 06:14 - 00000000 ____A C:\Users\Materelli\Documents\Matish Chiappinelli Nath Norwich hospital.doc.gw9jju1.partial
2012-07-22 05:18 - 2012-07-22 05:18 - 00000000 ____D C:\Users\Materelli\AppData\Local\{CB29C2BC-DF2E-4D66-941A-26BFC6CC3EE5}
2012-07-22 05:17 - 2012-07-22 05:18 - 00000000 ____D C:\Users\Materelli\AppData\Local\{1E9F23C1-66E8-4C76-A379-CEEC0829E55C}
2012-07-21 16:39 - 2012-07-21 16:39 - 00000000 ____D C:\Users\Materelli\AppData\Local\{888134C3-E9D4-46B0-865A-79CEF4ADF234}
2012-07-21 16:38 - 2012-07-21 16:39 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E6104F94-A8DB-4933-A181-4D78B46C0B26}
2012-07-21 04:38 - 2012-07-21 04:38 - 00000000 ____D C:\Users\Materelli\AppData\Local\{73718129-BA7B-4996-AFB5-08BDAF637AEC}
2012-07-21 04:37 - 2012-07-21 04:37 - 00000000 ____D C:\Users\Materelli\AppData\Local\{8536A656-3E50-4D50-976D-B27DDA14F6FF}
2012-07-20 15:33 - 2012-07-20 15:33 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4B41CA3D-CAE7-4EE1-ACCD-2F70108FAD6B}
2012-07-20 15:32 - 2012-07-20 15:33 - 00000000 ____D C:\Users\Materelli\AppData\Local\{C913E54F-D61D-4EBB-9BED-DB3F381863E8}
2012-07-20 03:32 - 2012-07-20 03:32 - 00000000 ____D C:\Users\Materelli\AppData\Local\{08EFB1F8-5ED2-402D-9541-E81996B2B0CD}
2012-07-20 03:31 - 2012-07-20 03:31 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9E384429-28C9-4AC0-BCD8-8FBEA041016A}
2012-07-19 11:01 - 2012-07-19 11:01 - 00000000 ____D C:\Users\Materelli\AppData\Local\{DDA6FB1D-13AA-4994-B321-0CEE8F8F481B}
2012-07-19 11:00 - 2012-07-19 11:00 - 00000000 ____D C:\Users\Materelli\AppData\Local\{22866968-EEDC-4A04-9CC0-434124AAEFCE}
2012-07-13 02:06 - 2012-07-13 02:07 - 00000000 ____D C:\Users\Materelli\AppData\Local\{7E8D9116-FDC7-4666-BB63-9A7BA29B5A36}
2012-07-13 02:06 - 2012-07-13 02:06 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E16D384C-D61B-436B-A632-69B280F8120D}
2012-07-12 07:26 - 2012-08-03 10:19 - 00004574 ____A C:\Windows\PFRO.log
2012-07-12 03:30 - 2012-07-12 03:30 - 00000000 ____D C:\Users\Materelli\AppData\Local\{396CBEB3-0ABD-4BAF-9FDC-8D5F79EEF5AB}
2012-07-12 03:29 - 2012-07-12 03:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{5657BEF6-6DD6-4B4E-B61A-90A930166C15}
2012-07-12 02:36 - 2012-07-12 02:36 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-12 02:32 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 02:32 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 02:32 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 02:32 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 02:32 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 02:32 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 02:32 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 02:32 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 02:32 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 02:32 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 02:32 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 02:32 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 02:32 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 02:32 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 02:32 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 02:32 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 02:32 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 02:32 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 02:32 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 02:32 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 02:32 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 02:32 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 02:32 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 02:32 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 02:32 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 02:32 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 02:32 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 02:32 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 02:30 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 15:29 - 2012-07-11 15:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{EE0E4460-B54D-4261-B03D-3CC6B64DCE6B}
2012-07-11 15:28 - 2012-07-11 15:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{04ADA130-3444-4A21-8BE1-CE57D23EAC4E}
2012-07-11 04:45 - 2012-07-11 04:45 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-11 04:42 - 2012-07-11 04:44 - 00000000 ____D C:\Program Files\iTunes
2012-07-11 04:42 - 2012-07-11 04:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-11 04:42 - 2012-07-11 04:42 - 00000000 ____D C:\Program Files\iPod
2012-07-11 04:20 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 04:20 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 04:19 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 04:19 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 04:19 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 04:19 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 04:19 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 04:19 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 04:19 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 04:19 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 04:19 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 04:19 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 03:28 - 2012-07-11 03:28 - 00000000 ____D C:\Users\Materelli\AppData\Local\{15B993DA-ADE8-4646-996F-CD779D4F62F4}
2012-07-11 03:26 - 2012-07-11 03:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{F2E1F8BF-BE73-4A84-B977-52321FD4B7ED}
2012-07-10 15:09 - 2012-07-10 15:09 - 00000000 ____D C:\Users\Materelli\AppData\Local\{52503ACA-1A7D-45FE-BDF2-9A5049B5CD27}
2012-07-10 15:09 - 2012-07-10 15:09 - 00000000 ____D C:\Users\Materelli\AppData\Local\{2DDB106F-C5C9-4FB9-84B2-46092EEC8E28}
2012-07-10 03:08 - 2012-07-10 03:08 - 00000000 ____D C:\Users\Materelli\AppData\Local\{8F16CA25-C1DE-4DCA-A491-8ECC1A1BA4F5}
2012-07-10 03:07 - 2012-07-10 03:07 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4AE01EF0-BBAF-4ED4-B60F-BB17A324BF9D}
2012-07-09 06:39 - 2012-07-09 06:39 - 00000000 ____D C:\Users\Materelli\AppData\Local\{31C77E61-C671-4A43-827C-621FCFBCFAED}
2012-07-09 06:38 - 2012-07-09 06:38 - 00000000 ____D C:\Users\Materelli\AppData\Local\{975A800D-6AD5-4227-B908-0F675AD3AB51}
2012-07-08 03:27 - 2012-07-08 03:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E15D0E8C-08DB-429D-B738-498FF5FE0215}
2012-07-08 03:27 - 2012-07-08 03:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{3D943A8A-AB28-4C61-ABEB-2BBED51DE90B}
2012-07-07 15:27 - 2012-07-07 15:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4F77FFA4-8E03-4878-92B0-21FC65F9C7A5}
2012-07-07 15:26 - 2012-07-07 15:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9C97D5FA-5956-4273-B171-27C7FEDAD639}
2012-07-07 13:36 - 2012-07-08 04:55 - 00000000 ____D C:\Users\Materelli\Downloads\Four.Brothers.2005.DVDRip.XviD-W00D
2012-07-07 09:39 - 2012-07-07 09:39 - 23784819 ____A C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
2012-07-07 03:26 - 2012-07-07 03:26 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E40BC333-3DAE-4A3F-8861-763E531B42F3}
2012-07-07 03:26 - 2012-07-07 03:26 - 00000000 ____D C:\Users\Materelli\AppData\Local\{74E94D25-6B93-416E-9D1F-5C123F3F8110}
2012-07-06 15:26 - 2012-07-06 15:26 - 00000000 ____D C:\Users\Materelli\AppData\Local\{A22C4D64-620C-433D-85F6-33B2D006E0CC}
2012-07-06 15:25 - 2012-07-06 15:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{AFCD2DAA-440C-4D5F-BA1A-50540FFD93AE}
2012-07-06 03:25 - 2012-07-06 03:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{8AE939EA-7BC1-44A5-A820-DFDC14E8160D}
2012-07-06 03:24 - 2012-07-06 03:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D0212EDA-634C-405A-9E6D-3BCB46402408}
2012-07-05 15:24 - 2012-07-05 15:24 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9C3AD560-56A2-4198-9D8D-7131F91E2960}
2012-07-05 15:23 - 2012-07-05 15:24 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E398F453-EF8C-4597-BB17-5C790B679F38}
2012-07-05 03:22 - 2012-07-05 03:23 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4017C4C3-B0A4-43FA-BC73-5C417189AA77}
2012-07-05 03:21 - 2012-07-05 03:21 - 00000000 ____D C:\Users\Materelli\AppData\Local\{03F6015F-AC98-4FCC-856A-EDAF23400495}
2012-07-04 15:02 - 2012-07-04 15:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{FE885F4A-F319-4E43-B4C7-DC85320A39B2}
2012-07-04 15:02 - 2012-07-04 15:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{0830330E-EA08-4399-9CE7-A417FBC3EFEA}
2012-07-04 03:00 - 2012-07-04 03:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{FEDCA7E2-BF96-44CB-BB5C-77D779EF198C}
2012-07-04 03:00 - 2012-07-04 03:00 - 00000000 ____D C:\Users\Materelli\AppData\Local\{A3038A30-3CFB-4A82-9933-92FAAC920BE1}


============ 3 Months Modified Files ========================

2012-08-03 10:19 - 2012-07-12 07:26 - 00004574 ____A C:\Windows\PFRO.log
2012-08-03 10:18 - 2006-11-02 07:42 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-03 10:18 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 10:18 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-03 10:18 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 10:04 - 2012-04-05 03:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-03 10:04 - 2010-11-04 10:42 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-03 08:56 - 2012-08-03 04:35 - 04729092 ____R (Swearware) C:\Users\Materelli\Desktop\ComboFix.exe
2012-08-03 08:49 - 2012-08-03 04:44 - 00103112 ____A C:\Users\Materelli\Desktop\OTL.Txt
2012-08-03 08:11 - 2010-11-04 10:42 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-03 06:26 - 2012-08-03 05:10 - 00003743 ____A C:\Users\Materelli\Desktop\aswMBR.txt
2012-08-03 06:26 - 2012-08-03 05:10 - 00000512 ____A C:\Users\Materelli\Desktop\MBR.dat
2012-08-03 04:48 - 2012-08-03 04:48 - 00062308 ____A C:\Users\Materelli\Desktop\Extras.Txt
2012-08-03 04:35 - 2006-11-02 04:46 - 00756204 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 04:19 - 2012-08-03 04:18 - 04731392 ____A (AVAST Software) C:\Users\Materelli\Desktop\aswMBR.exe
2012-08-03 04:12 - 2012-08-03 04:11 - 00597504 ____A (OldTimer Tools) C:\Users\Materelli\Desktop\OTL.exe
2012-08-02 15:39 - 2009-07-13 07:55 - 01373605 ____A C:\Windows\WindowsUpdate.log
2012-08-02 12:05 - 2012-04-05 03:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 12:05 - 2011-06-06 01:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-30 10:10 - 2012-07-25 14:07 - 00007397 ____A C:\Users\Materelli\Desktop\SharePodSettings.xml
2012-07-30 10:09 - 2012-07-25 14:06 - 00010892 ____A C:\Users\Materelli\Desktop\SharePod.log
2012-07-28 13:40 - 2009-07-23 03:08 - 00000680 ____A C:\Users\Materelli\AppData\Local\d3d9caps.dat
2012-07-25 14:05 - 2012-07-25 14:05 - 02141310 ____A C:\Users\Materelli\Desktop\SharePod_3.99.zip
2012-07-22 06:14 - 2012-07-22 06:14 - 00000000 ____A C:\Users\Materelli\Documents\Matish Chiappinelli Nath Norwich hospital.doc.gw9jju1.partial
2012-07-19 11:08 - 2011-10-14 03:46 - 00000874 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-12 07:30 - 2006-11-02 07:21 - 00305264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 02:38 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 04:45 - 2012-07-11 04:45 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-08 03:13 - 2012-04-18 13:09 - 00000952 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-07-07 09:39 - 2012-07-07 09:39 - 23784819 ____A C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
2012-07-03 14:53 - 2012-07-03 14:53 - 00000916 ____A C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2012-07-03 04:46 - 2010-04-06 13:13 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 13:33 - 2012-06-27 13:33 - 00000000 ____A C:\Windows\setuperr.log
2012-06-27 13:33 - 2012-06-27 13:33 - 00000000 ____A C:\Windows\setupact.log
2012-06-26 15:29 - 2012-06-26 15:29 - 00272144 ____A C:\Windows\Minidump\Mini062712-01.dmp
2012-06-26 15:28 - 2012-06-26 10:37 - 604526378 ____A C:\Windows\MEMORY.DMP
2012-06-26 11:00 - 2012-06-26 10:59 - 00268152 ____A C:\Windows\Minidump\Mini062612-01.dmp
2012-06-26 07:48 - 2012-06-26 07:48 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-26 03:40 - 2012-06-26 03:38 - 25532777 ____A C:\Users\Materelli\Documents\Hotmail.zip
2012-06-22 08:44 - 2009-08-12 04:28 - 00000216 ____A C:\Users\Materelli\Desktop\vdownloader.zip
2012-06-20 09:52 - 2012-06-16 16:13 - 00000198 ____A C:\WirelessDiagLog.csv
2012-06-20 02:45 - 2012-06-09 11:57 - 734340458 ____A C:\Users\Materelli\Downloads\Euro.2004.Netherlands-Czech-Republic dutch.avi
2012-06-19 10:24 - 2012-06-19 08:06 - 00006223 ____A C:\Windows\diagerr.xml
2012-06-19 10:24 - 2012-06-19 08:06 - 00001887 ____A C:\Windows\diagwrn.xml
2012-06-18 01:02 - 2012-07-25 14:06 - 05591552 ____A (Jeffrey Harris) C:\Users\Materelli\Desktop\SharePod.exe
2012-06-14 01:45 - 2012-06-12 02:37 - 00743178 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-14 01:44 - 2012-06-14 01:44 - 00744448 ____A C:\Users\Materelli\Documents\Steroid presentationMJ.ppt
2012-06-13 05:58 - 2012-07-12 02:30 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 03:14 - 2012-06-13 03:18 - 00442859 ___RA C:\Windows\System32\Drivers\etc\hosts.20120613-121804.backup
2012-06-08 13:50 - 2012-06-08 07:45 - 734340458 ____A C:\Users\Materelli\Downloads\Euro2004-Czech Republic vs Holland.avi
2012-06-08 09:59 - 2012-07-11 04:20 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-11 04:20 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 15:19 - 2012-06-07 15:19 - 03127296 ____A C:\Users\Materelli\Documents\Obesity and Metabolism Biochemistry ppt.ppt
2012-06-05 08:47 - 2012-07-11 04:19 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-11 04:19 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-11 04:19 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-11 04:19 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 08:57 - 2012-01-09 14:37 - 00001235 ____A C:\Users\Materelli\Desktop\Free YouTube to MP3 Converter.lnk
2012-06-04 07:29 - 2012-07-11 04:19 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-22 10:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 10:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 10:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 06:58 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:58 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:58 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 06:58 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-22 10:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 06:58 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-22 10:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 06:19 - 2012-06-21 06:58 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 06:19 - 2012-06-21 01:56 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 01:56 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 06:12 - 2012-06-21 06:58 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 04:49 - 2012-07-12 02:32 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 02:32 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 02:32 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 02:32 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 02:32 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 02:32 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 02:32 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 02:32 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 02:32 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 02:32 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 02:32 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 02:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 02:32 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 02:32 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 02:32 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 02:32 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 02:32 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 02:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 02:32 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 02:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 02:32 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 02:32 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 02:32 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 02:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 02:32 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 02:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 02:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 02:32 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 16:22 - 2012-07-11 04:19 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-11 04:19 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-11 04:19 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-11 04:19 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-11 04:19 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-30 04:41 - 2012-05-30 04:41 - 00058815 ____A C:\Users\Materelli\Documents\No Subject.eml
2012-05-29 12:57 - 2011-09-12 15:21 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-29 12:57 - 2011-09-12 15:21 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-23 12:02 - 2012-05-23 12:02 - 00137447 ____A C:\Users\Materelli\Documents\matanswers.pages
2012-05-20 13:00 - 2012-05-20 13:00 - 00000804 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-05-18 12:47 - 2012-05-18 12:47 - 00367360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfprintpthelper.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00351248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfbasics.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00306552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfprint.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00242736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfluapriv.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00173504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appverif.exe
2012-05-18 12:47 - 2012-05-18 12:47 - 00164168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vrfcore.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00087312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfcompat.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00081560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfnet.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00061352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfnws.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00052016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfcuzz.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00040120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfntlmless.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00021432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cuzzapi.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00711280 ____A (Microsoft Corporation) C:\Windows\System32\vfprintpthelper.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00433344 ____A (Microsoft Corporation) C:\Windows\System32\vfprint.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00404760 ____A (Microsoft Corporation) C:\Windows\System32\vfbasics.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00281616 ____A (Microsoft Corporation) C:\Windows\System32\vfluapriv.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00216776 ____A (Microsoft Corporation) C:\Windows\System32\appverif.exe
2012-05-18 12:24 - 2012-05-18 12:24 - 00183528 ____A (Microsoft Corporation) C:\Windows\System32\vrfcore.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00105016 ____A (Microsoft Corporation) C:\Windows\System32\vfnet.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00090440 ____A (Microsoft Corporation) C:\Windows\System32\vfcompat.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00083216 ____A (Microsoft Corporation) C:\Windows\System32\vfnws.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00048944 ____A (Microsoft Corporation) C:\Windows\System32\vfcuzz.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00045296 ____A (Microsoft Corporation) C:\Windows\System32\vfntlmless.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00023032 ____A (Microsoft Corporation) C:\Windows\System32\cuzzapi.dll
2012-05-14 08:37 - 2011-02-06 08:04 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-05-14 08:26 - 2012-05-14 08:26 - 00001785 ____A C:\Users\Public\Desktop\Free Offers.lnk
2012-05-14 08:26 - 2012-05-14 08:26 - 00000877 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-14 08:25 - 2012-05-14 08:25 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-14 08:25 - 2012-05-14 08:25 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-05-14 08:25 - 2012-05-14 08:25 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-14 08:25 - 2012-05-14 08:25 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-14 08:25 - 2012-05-14 08:25 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-12 04:01 - 2012-05-11 07:59 - 00000000 ____A C:\Users\Materelli\AppData\Local\uvtwaocf.log
2012-05-12 04:01 - 2012-05-11 06:53 - 00000024 ____A C:\Users\Materelli\AppData\Local\wekblrep.log
2012-05-12 04:00 - 2012-05-11 06:54 - 01948164 ____A C:\Users\Materelli\AppData\Local\yueefvog.log
2012-05-11 08:03 - 2009-07-31 12:29 - 00017920 ____A C:\Users\Materelli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-11 06:57 - 2012-05-11 06:57 - 00145781 ____A C:\Users\Materelli\AppData\Local\lpcyrgtj.log
2012-05-11 06:57 - 2012-05-11 06:57 - 00003315 ____A C:\Users\Materelli\AppData\Local\perowpqh.log
2012-05-11 06:57 - 2012-05-11 06:57 - 00002774 ____A C:\Users\Materelli\AppData\Local\jwiffhpd.log
2012-05-11 06:53 - 2012-05-11 06:53 - 00953024 ____A C:\Users\Materelli\AppData\Local\xuooholl.log
2012-05-11 06:53 - 2012-05-11 06:53 - 00004048 ____A C:\Users\Materelli\AppData\Local\fnfvqkxk.log
2012-05-11 06:53 - 2012-05-11 06:53 - 00000000 ____A C:\Users\Materelli\AppData\Local\ymvkxrwb.log
2012-05-11 06:53 - 2012-05-11 06:53 - 00000000 ____A C:\Users\Materelli\AppData\Local\vhnaaonm.log

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4089.95 MB
Available physical RAM: 3470.77 MB
Total Pagefile: 3819.87 MB
Available Pagefile: 3451.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:103.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.94 GB) NTFS
3 Drive e: (2008.03.29_2201) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.76 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 961 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 39 MB
Partition 3 Primary 283 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 961 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 961 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-03 08:39

======================= End Of Log ==========================


4. Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-04 15:13:51 Run:2
Running from F:\

==============================================

C:\Windows\system32\Services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\system32\Services.exe

==== End of Fixlog ====


Thanks for your help once again......
  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is now reporting that it did finally reset the services file...

Definitely a softly softly approach on this one

I will now do a rootkit check - this is just analysis

Also is AVG still alerting ?

Not all options will be available on this as you have windows Vista

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
[I]**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[i]-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning

  • 0

#35
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
There has been no AVG warnings to speak off :thumbsup:

I ran the GMER. It finished and said there was no problems and to continue i had to click ok. I couldnt access any options (such as "save" etc ...) until i clicked ok.

Once i clicked ok, i went to save it as "Gmer.txt" but on opening what i had saved there was nothing in notepad to report. (Does that make sense to you?)
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes it does, thank you... Well that one took us for a run and a half

As the service file is now good then I feel happy about running combofix again.. Allow it to update if requested
  • 0

#37
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Combofix log for you sir ....

ComboFix 12-08-04.02 - Materelli 04/08/2012 21:29:57.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4090.2278 [GMT 1:00]
Running from: c:\users\Materelli\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MATERE~1\AppData\Local\Temp\sfamcc00001.dll
c:\users\MATERE~1\AppData\Local\Temp\sfareca00001.dll
c:\users\Materelli\AppData\Local\Temp\sfamcc00001.dll
c:\users\Materelli\AppData\Local\Temp\sfareca00001.dll
.
---- Previous Run -------
.
c:\users\Materelli\AppData\Local\Windows Server
c:\users\Materelli\Documents\~WRL0604.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 21:45 . 2012-08-04 21:45 -------- d-----w- C:\FRST
2012-08-04 20:39 . 2012-08-04 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 05:44 . 2012-08-04 05:44 -------- d-----w- C:\found.000
2012-08-03 15:11 . 2012-08-03 15:11 -------- d-----w- C:\_OTL
2012-07-25 22:10 . 2012-07-25 22:10 -------- d-----w- c:\users\Materelli\AppData\Roaming\SharePod
2012-07-12 10:36 . 2012-07-12 10:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 10:30 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 12:42 . 2012-07-11 12:42 -------- d-----w- c:\program files\iPod
2012-07-11 12:42 . 2012-07-11 12:44 -------- d-----w- c:\program files\iTunes
2012-07-11 12:42 . 2012-07-11 12:44 -------- d-----w- c:\program files (x86)\iTunes
2012-07-11 12:20 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 12:20 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 12:19 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 12:19 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 12:19 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 12:19 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 12:19 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 12:19 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 12:19 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 12:19 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 12:19 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 12:19 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 12:19 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 02:15 . 2008-01-21 02:47 217088 ----a-w- c:\windows\system32\recdisc.exe
2012-08-02 20:05 . 2012-04-05 11:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-02 20:05 . 2011-06-06 09:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 10:38 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 12:46 . 2010-04-06 21:13 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 14:58 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 18:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 18:14 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 18:14 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:58 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 14:58 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:58 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 18:14 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 14:58 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 18:14 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 14:19 . 2012-06-21 14:58 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 14:19 . 2012-06-21 09:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 09:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 14:12 . 2012-06-21 14:58 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 08:25 . 2012-07-12 10:32 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-18 20:47 . 2012-05-18 20:47 164168 ----a-w- c:\windows\SysWow64\vrfcore.dll
2012-05-18 20:47 . 2012-05-18 20:47 87312 ----a-w- c:\windows\SysWow64\vfcompat.dll
2012-05-18 20:47 . 2012-05-18 20:47 81560 ----a-w- c:\windows\SysWow64\vfnet.dll
2012-05-18 20:47 . 2012-05-18 20:47 40120 ----a-w- c:\windows\SysWow64\vfntlmless.dll
2012-05-18 20:47 . 2012-05-18 20:47 367360 ----a-w- c:\windows\SysWow64\vfprintpthelper.dll
2012-05-18 20:47 . 2012-05-18 20:47 351248 ----a-w- c:\windows\SysWow64\vfbasics.dll
2012-05-18 20:47 . 2012-05-18 20:47 306552 ----a-w- c:\windows\SysWow64\vfprint.dll
2012-05-18 20:47 . 2012-05-18 20:47 242736 ----a-w- c:\windows\SysWow64\vfluapriv.dll
2012-05-18 20:47 . 2012-05-18 20:47 21432 ----a-w- c:\windows\SysWow64\cuzzapi.dll
2012-05-18 20:47 . 2012-05-18 20:47 61352 ----a-w- c:\windows\SysWow64\vfnws.dll
2012-05-18 20:47 . 2012-05-18 20:47 52016 ----a-w- c:\windows\SysWow64\vfcuzz.dll
2012-05-18 20:47 . 2012-05-18 20:47 173504 ----a-w- c:\windows\SysWow64\appverif.exe
2012-05-18 20:24 . 2012-05-18 20:24 90440 ----a-w- c:\windows\system32\vfcompat.dll
2012-05-18 20:24 . 2012-05-18 20:24 83216 ----a-w- c:\windows\system32\vfnws.dll
2012-05-18 20:24 . 2012-05-18 20:24 711280 ----a-w- c:\windows\system32\vfprintpthelper.dll
2012-05-18 20:24 . 2012-05-18 20:24 48944 ----a-w- c:\windows\system32\vfcuzz.dll
2012-05-18 20:24 . 2012-05-18 20:24 45296 ----a-w- c:\windows\system32\vfntlmless.dll
2012-05-18 20:24 . 2012-05-18 20:24 433344 ----a-w- c:\windows\system32\vfprint.dll
2012-05-18 20:24 . 2012-05-18 20:24 404760 ----a-w- c:\windows\system32\vfbasics.dll
2012-05-18 20:24 . 2012-05-18 20:24 281616 ----a-w- c:\windows\system32\vfluapriv.dll
2012-05-18 20:24 . 2012-05-18 20:24 23032 ----a-w- c:\windows\system32\cuzzapi.dll
2012-05-18 20:24 . 2012-05-18 20:24 216776 ----a-w- c:\windows\system32\appverif.exe
2012-05-18 20:24 . 2012-05-18 20:24 183528 ----a-w- c:\windows\system32\vrfcore.dll
2012-05-18 20:24 . 2012-05-18 20:24 105016 ----a-w- c:\windows\system32\vfnet.dll
2012-05-14 16:25 . 2012-05-14 16:25 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-10 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-07 17425072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-23 122368]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-14 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hpzrcv01.LNK - c:\program files (x86)\HP\Temp\{59C83C08-63F4-4AEC-81D6-392C5E23B843}\setup\hpzstub.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2011-02-03 464464]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2011-02-03 229664]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-19 89600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 11:44]
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:05]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 18:41]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 18:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/webhp?complete=1&hl=en
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 71.68.37.101:80
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Save YouTube Video as MP3 - c:\program files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-dBpowerAMP AAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP AAC to Mp4 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Mp3 (MPEG Suite 2000 CLI) - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Mp4 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP Wavpack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpowerAMP WMA V9.1 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dMC Power Pack - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
.
**************************************************************************
.
Completion time: 2012-08-04 21:57:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 20:57
.
Pre-Run: 102,046,212,096 bytes free
Post-Run: 102,256,467,968 bytes free
.
- - End Of File - - E337C82941201778AED9702EB8444A5F
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well young sir I think you have battered it down.... What problems are apparent now ?
  • 0

#39
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
There are no problems now and everything seems to be working fine :thumbsup:
  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

Advertisements


#41
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Essexboy ... thankyou very much for all your help. There are no problems to report of and the laptop seems as if its brand new !!!

To anyone else reading this topic Essexboy is indeed a GEEK :thumbsup:
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I just provided the tools, you did the work :lol:
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP