Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.NoFolderOption System Infected HELP


  • This topic is locked This topic is locked

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,777 posts
  • MVP
Sorry for the delay. Got tired and took a nap.

Navigate to the Start -> All Programs -> Accessories -> System Tools program group.

Click on the System Restore program icon.

Click Next > on the Restore system files and settings window.

Choose the restore point that you want to use.

Note: Check the Show more restore points checkbox to see more than the most recent restore points.

Note: Any restore points that you created, scheduled restore points that Windows 7 created, and those created automatically during the installation of certain programs will be listed here. You can not use System Restore to undo Windows 7 changes to a date that a restore point does not exist.

Click Next >.

Click Finish on the Confirm your restore point window to begin the System Restore.

Note: Windows 7 will shut down to complete the System Restore so be sure to save any work you might have open in other programs before continuing.

Important: System Restore will not revert any of your non-system files like documents, email, music, etc. to a previous state. These types files are completely unaffected by System Restore. If your intention with this tool was to recover a deleted non-system file, try using a file recovery program instead of System Restore.

Click Yes to the Once started, System Restore cannot be interrupted. Do you want to continue? dialog box.

System Restore will now restore Windows 7 to the state that was recorded in the restore point you chose in Step 4.

Note: The System Restore process could take several minutes as you see the "Please wait while your Windows files and settings are being restored" message. Your computer will then reboot as normal when complete.

Immediately after logging in to Windows 7 after the reboot, you should see a message that System Restore completed successfully.

Click Close.
  • 0

Advertisements


#17
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
No problemo. This problem isn't going anywhere fast....as it seems.

Did the System Restore. The oldest point was just 3 days ago, so all of the great tools I got from you are gone. What do I do next? FYI, it doesn't look like I have any Anti-Virus, except the non working Zone Labs. Should I get the one you mentioned about 2 replies ago?



******* I made a mistake I think. I didn't follow your instructions completely.

I DID NOT do this step, clearing Windows logs and reboot before doing the System Restore.


"Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot."

Could this have tainted the logs by not clearing them? Do I need to undo the System Restore and follow the steps correctly? Pls let me know.

Thanks.

Edited by Jayli, 01 October 2012 - 05:54 PM.

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,777 posts
  • MVP
3 days is probably not going to help with the problem.

If you don't have an anti-virus then by all means attempt to install Avast. You might also check if your firewall is running. ZA turns it off but if ZA is not running you should have something.

Can you create a new user with admin rights then log in as the new user and clear the events and run vew again just like befor:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#19
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Ron. I think we were updating post at the same time. Pls read this addition to my last reply. THIS WAS DONE B4 your last reply. Sorry. Thanks.

******* I made a mistake I think. I didn't follow your instructions completely.

I DID NOT do this step, clearing Windows logs and reboot before doing the System Restore.


"Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot."

Could this have tainted the logs by not clearing them? Do I need to undo the System Restore and follow the steps correctly? Pls let me know.

Thanks.
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,777 posts
  • MVP
doesn't matter. The clearing of events just makes it easier to read the vew logs since I just want to see events that happen after a boot. Has no effect on System Restore. The hope was that System Restore would fix the missing registry entries but it's unlikely if it's only 3 days old.
  • 0

#21
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Ok. New User w Admin. Here are the files. Thanks.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 8:51:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/10/2012 12:49:25 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name fpdownload2.macromedia.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 02/10/2012 12:46:28 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1cb4ef3f&0&2.

Log: 'System' Date/Time: 02/10/2012 12:46:25 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 02/10/2012 12:45:47 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 8:52:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/10/2012 12:46:54 AM
Type: Error Category: 0
Event: 1542 Source: Microsoft-Windows-User Profiles Service
Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/10/2012 12:46:55 AM
Type: Warning Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in Notification period.

Log: 'Application' Date/Time: 02/10/2012 12:45:28 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3719756025-897928378-3360252852-1002:
Process 2416 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3719756025-897928378-3360252852-1002
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,777 posts
  • MVP
If you go into regedit and open the HKEY_USERS and look you should see: S-1-5-21-3719756025-897928378-3360252852-1002
The next key below that should be S-1-5-21-3719756025-897928378-3360252852-1002_Classes

This is I think the key it is complaining about not being able to open. Is it there?

Above S-1-5-21-3719756025-897928378-3360252852-1002 should be another key that starts off the same way with S-1-5- which should be your original login. Does it have a _Classes key at all?
  • 0

#23
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Good Afternoon. Opened Regedit and went to the keys. Didn't see any class files. Attached a screen shot of what I saw. Hope it helps. FYI...did a msconfig and this is running in Selective Startup for some reason. Don't know if that makes a difference. Thanks for your time Ron.

Attached Thumbnails

  • RegScreenShotJpg.jpg

Edited by Jayli, 02 October 2012 - 11:22 AM.

  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,777 posts
  • MVP
Open regedit and navigate to HKEY_CURRENT_USER\Software\Classes

Is there anything there? It appears to me that the S-1-5-21-3719756025-897928378-3360252852-1002_Classes key is built on the fly from this key. Or maybe it's the other way around.

Go into msconfig and tell it to do a normal startup. Then apply and reboot. Perhaps something critical has been turned off.

Don't suppose you have the Windows disk for this thing do you? Is this a Dell or other PC that might have the factory configuration on a hidden partition so that we could just reload it?

Have you tried activating windows? Perhaps windows has pulled the plug on this system and nothing is going to work right until it gets activated.
  • 0

#25
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
FYI... I'm using the computer that we're trying to fix. It works like nothing at all is wrong. Not slow, not timing out, etc.


Nothing in the registry that matches that class key.

Changed to Normal Mode and rebooted. No problems.

Dell Latitude D830 Laptop. Yes, I tried to Activate, but it said the number wasn't valid. Sorry, but no Windows disk, b/c I just bought this 10 days ago from ebay. I looked this model up online and it looks like this originally came with Vista. The MS Sticker on the bottom has been destroyed. I could care less about the OS ( would prefer XP Pro), but don't want to lose my programs that are installed and working.


We can attempt the reload, unless it's going to destroy the rest of my software that's already installed. Pls advise. Thanks.
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,777 posts
  • MVP
If you reload it to the dell factory load (assuming it is still there) it would revert back to Vista or XP Pro and remove any installed programs.

If you don't get it activated in 30 days it turns into a pumpkin and all you can do with it is activate.

Is there anything in HKEY_CLASSES_ROOT ?

Normally there will be a long list of extensions (*, .123, .386, .3fr....)
  • 0

#27
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Pumpkin huh...Lol. Just in time for Halloween. =) Yeah, I've been doing research on that and have a plan B. Love the net! Anyway, yes, the Hkey_Classes_Root has a TON of files /folders. I was doing research and trying to make sure I didn't have the Autorun.inf or Recycler virus. Something is definitely hiding my files. Tried to get rid of the virus with cmd. Didn't even find it on my system. Thanks.
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,777 posts
  • MVP
Let's try resetting the registry permissions to the defaults.

Download SubInACL.exe

http://www.microsoft...&displaylang=en

By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\

Please allow it to do so.


Download and Save the attached file, reset.zip, right click on it and Extract all and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, Run, cmd, OK Type with an ENter after each line:

cd  "\Program Files\Windows Resource Kits\Tools"

reset.cmd



I'm not seeing any signs of an infection but we can run some more scans.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


This next one is a good thing to run at night:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version of the report is at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt
  • 0

#29
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Alrighty. Here are a the 3 logs. Will run scan tonight and post results tomorrow or late tonight. Nice Job Ron! Thanks!!

OTL logfile created on: 10/3/2012 8:13:00 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\JayLi\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: | Country: | Language: | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.93% Memory free
4.00 Gb Paging File | 2.97 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 15.27 Gb Free Space | 20.51% Space Free | Partition Type: NTFS

Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 19:09:38 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/12 08:40:34 | 000,417,792 | ---- | M] (SA International) -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
PRC - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
PRC - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) -- C:\Windows\System32\SAiAdmin.exe
PRC - [2011/05/27 01:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2009/10/17 03:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2007/12/19 15:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\Windows\System32\SAiLicSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/05 21:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/08/16 20:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/30 20:01:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/12 08:40:34 | 000,417,792 | ---- | M] (SA International) [Auto | Running] -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe -- (SAiDownloader)
SRV - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiDownloaderVista.exe -- (SAiDownloaderVista)
SRV - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiAdmin.exe -- (SAiAdmin)
SRV - [2011/05/27 01:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/10/17 03:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 15:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiLicSvr.exe -- (SAiLicSvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 05:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/27 07:05:08 | 000,041,896 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/03/18 09:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 09:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/17 03:41:16 | 000,450,248 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/10/14 09:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/10/14 09:29:48 | 000,035,448 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2009/10/12 21:15:28 | 000,305,168 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 21:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 7C F6 9F DC A0 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/10/01 18:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/01 18:13:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/10/01 18:13:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/01 20:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/22 01:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/30 11:23:15 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/09/30 11:23:15 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/09/22 01:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/03 07:44:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35048641-5242-4676-B360-E7CF5876E6E2}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: AVG_TRAY - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: uTorrent - hkey= - key= - File not found
MsConfig - StartUpReg: ZoneAlarm Client - hkey= - key= - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WRkrn - Driver
SafeBootNet: WRSVC - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/03 19:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/10/03 07:12:55 | 000,000,000 | ---D | C] -- C:\RegBack
[2012/10/03 07:12:55 | 000,000,000 | ---D | C] -- \RegBack
[2012/10/01 20:37:47 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/10/01 20:37:47 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/10/01 20:37:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/10/01 20:37:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/01 20:37:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/01 20:37:28 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Templates
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Start Menu
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\SendTo
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Recent
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\PrintHood
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\NetHood
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\My Documents
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Local Settings
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Cookies
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Application Data
[2012/10/01 20:28:58 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Adobe Flash Builder 4.5
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Videos
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Searches
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Saved Games
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Pictures
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Music
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Links
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Favorites
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Downloads
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Documents
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Desktop
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Contacts
[2012/10/01 20:28:56 | 000,000,000 | -H-D | C] -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/10/01 20:28:56 | 000,000,000 | -H-D | C] -- C:\Users\JayLi\AppData
[2012/10/01 20:23:34 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/01 20:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/01 20:23:33 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/01 20:23:27 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/10/01 20:23:24 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/01 20:23:21 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/01 20:23:11 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/01 20:22:17 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/01 20:22:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/01 20:13:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MFAData
[2012/09/30 11:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/09/30 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/09/30 11:23:15 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012/09/30 11:23:15 | 000,000,000 | ---D | C] -- \Mozilla
[2012/09/30 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v2
[2012/09/30 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/09/30 11:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/09/30 10:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/30 04:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/30 04:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/30 02:02:14 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2012/09/30 02:02:14 | 000,000,000 | ---D | C] -- \RRTVAULT
[2012/09/25 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/24 19:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/24 19:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/24 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/24 19:07:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/24 19:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/24 19:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/24 19:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/24 19:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/24 16:41:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/24 16:35:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/24 16:35:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/24 16:35:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/24 16:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 16:35:05 | 000,000,000 | ---D | C] -- \Qoobox
[2012/09/24 16:34:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/24 13:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/24 13:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/24 13:11:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/24 13:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/24 11:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/24 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/23 19:55:20 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2012/09/23 19:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vinyl Express LXi
[2012/09/23 19:52:12 | 000,086,016 | R--- | C] (SA International) -- C:\Windows\System32\SAiLicSvr.exe
[2012/09/23 19:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2012/09/23 19:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SignWarehouse
[2012/09/23 19:48:43 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/09/23 19:48:43 | 000,077,824 | ---- | C] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
[2012/09/23 19:48:43 | 000,065,536 | ---- | C] (SA International) -- C:\Windows\System32\SAiAdmin.exe
[2012/09/23 19:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAi
[2012/09/23 19:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\SignWarehouse
[2012/09/23 19:47:05 | 000,014,336 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\HotFldrUI.dll
[2012/09/22 01:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/22 01:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/22 01:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/21 17:09:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2012/09/17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/16 13:40:17 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/09/16 13:40:17 | 000,000,000 | ---D | C] -- \Recovery
[2012/09/16 13:35:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/16 12:59:49 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2012/09/14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/05 19:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/09/05 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2012/09/05 17:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Minnetonka Audio Software
[2012/09/05 17:07:00 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/09/05 17:07:00 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/09/05 17:06:48 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/09/05 17:06:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/09/05 16:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky SDK
[2012/09/05 16:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2012/09/05 16:46:07 | 000,072,584 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\zllsputility.exe
[2012/09/05 16:46:05 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys
[2012/09/05 16:46:03 | 000,305,168 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/09/05 16:45:46 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2012/09/05 16:45:45 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2012/09/05 16:45:44 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2012/09/05 16:45:38 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2012/09/05 16:45:38 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2012/09/05 16:45:38 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2012/09/05 16:45:37 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2012/09/05 16:45:37 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2012/09/05 16:45:36 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2012/09/05 16:45:26 | 000,450,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2012/09/05 16:45:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2012/09/05 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2012/09/05 16:44:59 | 000,620,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2012/09/05 16:44:59 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2012/09/05 16:44:59 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012/09/05 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/09/05 16:16:42 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/05 16:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

========== Files - Modified Within 30 Days ==========

[2012/10/03 20:02:15 | 000,016,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 20:02:15 | 000,016,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 17:06:38 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/03 17:06:38 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/03 17:01:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 17:01:49 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/03 07:44:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/02 16:29:25 | 000,001,407 | ---- | M] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/01 20:41:14 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/01 20:41:14 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/01 20:36:37 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/01 20:36:31 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/10/01 20:36:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/01 20:36:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/01 20:36:28 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/10/01 20:36:28 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/10/01 20:29:36 | 000,001,382 | RHS- | M] () -- C:\Users\JayLi\ntuser.pol
[2012/10/01 20:23:34 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/01 20:23:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/30 02:02:14 | 000,004,131 | ---- | M] () -- C:\ProgramData\ihfeumzb.qzk
[2012/09/24 17:08:36 | 216,684,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/24 17:07:20 | 000,000,971 | ---- | M] () -- C:\Windows\System32\userawacs.cfg
[2012/09/24 16:40:06 | 000,000,144 | ---- | M] () -- C:\Windows\System32\pdfl.dat
[2012/09/24 16:15:34 | 000,000,726 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/24 13:11:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 11:59:56 | 000,000,110 | ---- | M] () -- C:\Windows\System32\usergui.cfg
[2012/09/23 19:56:06 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/09/23 19:56:06 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/09/23 19:45:16 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/09/22 01:46:38 | 000,001,485 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/09/22 01:28:39 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/16 13:39:50 | 000,040,251 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/09/16 12:59:59 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/09 23:37:00 | 000,000,139 | ---- | M] () -- C:\Windows\System32\devnum.vbs
[2012/09/08 20:54:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\netwin.bat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/05 19:26:57 | 000,002,162 | ---- | M] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 19:26:57 | 000,002,138 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 18:03:10 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2012/09/05 18:03:09 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2012/09/05 18:03:09 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2012/09/05 18:03:09 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2012/09/05 18:03:09 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 16:17:23 | 000,000,144 | ---- | M] () -- C:\Windows\System32\lkfl.dat
[2012/09/05 16:17:23 | 000,000,080 | ---- | M] () -- C:\Windows\System32\ibfl.dat

========== Files Created - No Company Name ==========

[2012/10/01 20:29:02 | 000,002,162 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate 6.lnk
[2012/10/01 20:29:02 | 000,001,407 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/01 20:29:02 | 000,000,290 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/10/01 20:29:02 | 000,000,272 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/10/01 20:28:56 | 000,001,382 | RHS- | C] () -- C:\Users\JayLi\ntuser.pol
[2012/10/01 20:23:34 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/30 02:02:14 | 000,004,131 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk
[2012/09/24 16:41:42 | 216,684,254 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/24 16:35:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/24 16:35:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/24 16:35:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/24 16:35:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/24 16:35:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/24 13:11:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 11:59:56 | 000,000,971 | ---- | C] () -- C:\Windows\System32\userawacs.cfg
[2012/09/24 11:59:56 | 000,000,110 | ---- | C] () -- C:\Windows\System32\usergui.cfg
[2012/09/23 19:55:20 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/09/23 19:55:20 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/09/23 19:45:16 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/09/22 01:28:39 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/22 01:28:39 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/16 13:06:08 | 000,000,139 | ---- | C] () -- C:\Windows\System32\devnum.vbs
[2012/09/08 21:28:16 | 000,000,027 | ---- | C] () -- C:\Windows\System32\netwin.bat
[2012/09/08 19:04:43 | 000,000,726 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/05 19:26:57 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 17:53:17 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
[2012/09/05 17:53:17 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2012/09/05 17:53:17 | 000,000,087 | ---- | C] () -- C:\Windows\System32\ssprs.tgz
[2012/09/05 17:53:17 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2012/09/05 17:53:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/05 16:45:26 | 000,001,485 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/09/05 16:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2012/09/05 16:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2012/09/05 16:17:23 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2012/08/29 22:00:03 | 1609,015,296 | -HS- | C] () -- \hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 21:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHZ2080BH G2 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 74.00GB
Starting Offset: 105906176
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >
Invalid Environment Variable: APPDATA

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\erdnt\cache\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2008/04/29 11:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\erdnt\cache\mswsock.dll
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\System32\nlaapi.dll
[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\erdnt\cache\user32.dll
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\erdnt\cache\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >


OTL Extras logfile created on: 10/3/2012 8:13:00 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\JayLi\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: | Country: | Language: | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.93% Memory free
4.00 Gb Paging File | 2.97 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 15.27 Gb Free Space | 20.51% Space Free | Partition Type: NTFS

Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" [2012/08/29 23:04:18 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B93E784D-2F82-4350-9B81-4904E8B8DDFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CF767A-8D16-42CE-BB7C-9BFFE7B59EE7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2A390C2E-A46A-4689-A84F-79C9D85A97FB}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{30D0DE62-E4D2-47DC-9F0F-DAD2DF64E98A}" = dir=out | app=%programfiles%\zone labs\zonealarm\zlclient.exe |
"{400C0E6E-A22D-4114-94E8-04A689EB30BC}" = dir=out | app=%programfiles%\zone labs\zonealarm\zonealarm.exe |
"{4D9FA906-42E6-4F4F-A1E6-CA63BF2C6D67}" = protocol=17 | dir=in | app=c:\windows\system32\sailicsvr.exe |
"{506865DC-2E44-4CBD-9CC1-3B1222345D78}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5DD8A96E-F8BB-4685-BF69-4E71B2125B08}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app2.exe |
"{769D4FBF-112A-49DB-9054-F16B6791DD9E}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{81C9D12B-25A8-4D5F-8E4D-C3BC550F0478}" = protocol=6 | dir=in | app=c:\windows\system32\sailicsvr.exe |
"{88DADF8B-22F9-4FB6-8800-549F87B89DC1}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app.exe |
"{89AAA4C1-4044-40E8-9035-F971E7E114FA}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app2.exe |
"{8EFDCD72-5A1F-43C1-80C0-2414995A3A19}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{981B7D4B-262A-4D22-AC14-D2C34B519586}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\tftp_client.exe |
"{9ABD715E-684E-4243-89A9-7A65E18F9230}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\tftp_client.exe |
"{A3C74FFA-1BBB-4038-A454-7820203C6B1A}" = dir=out | svc=wuauserv | app=%programfiles%\zone labs\zonealarm\zlclient.exe |
"{A7E19000-9844-43AC-A8BE-59C803B30F97}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app.exe |
"{BFD0D470-C0A4-45CF-9236-F13AAA135BAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D50B6F32-0FD7-49C8-B93F-EEE6F7E3644D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EE374E42-04D3-40AC-87FF-39DBB8A2F661}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2C0E2B08-0991-43DF-9515-77FA4C5A9DD2}" = Adobe Setup
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{38B62043-14E7-4BF2-911B-DFC8F04CA169}" = Vinyl Express LXi
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7444785E-886F-4989-A69E-6394E36F3982}" = Sentinel Protection Installer 7.6.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9EA5CC76-8B4D-407B-87F4-DB052978D8A7}" = Adobe Setup
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9307988-3EA8-415E-A91E-0EB1FBF439DA}" = Adobe After Effects CS4 Third Party Content
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B5FCBF46-D2DA-455C-8AB1-148181AEBA14}" = Adobe After Effects CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7E3FF32-7E00-4703-9C34-5777C08A56AA}" = Toon Boom Studio 4.5
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D45B21D2-1ABA-46C4-A226-722DC28EAAC4}" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E528A747-DC66-4FD4-AB53-110D024561CC}" = Adobe Premiere Pro CS4
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs
"Adobe_15f4da9bfad48542a17f089e7c5e0ab" = Adobe After Effects CS4 Third Party Content
"Adobe_1b5a11fde44351ae0f4c7fd0e4daadc" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Revo Uninstaller" = Revo Uninstaller 1.94
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WM Recorder 14" = WM Recorder 14
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2012 1:26:22 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/3/2012 3:42:47 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: unhide.exe, version: 1.9.0.0, time stamp:
0x4f882799 Faulting module name: unhide.exe, version: 1.9.0.0, time stamp: 0x4f882799
Exception
code: 0xc0000005 Fault offset: 0x000131d3 Faulting process id: 0x994 Faulting application
start time: 0x01cda19f42753fec Faulting application path: C:\Users\JayLi\Downloads\unhide.exe
Faulting
module path: C:\Users\JayLi\Downloads\unhide.exe Report Id: 8173b3c8-0d92-11e2-be1c-001a6bf9aff0

Error - 10/3/2012 3:43:11 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: unhide.exe, version: 1.9.0.0, time stamp:
0x4f882799 Faulting module name: unhide.exe, version: 1.9.0.0, time stamp: 0x4f882799
Exception
code: 0xc0000005 Fault offset: 0x000131d3 Faulting process id: 0xaa8 Faulting application
start time: 0x01cda19f4272cee3 Faulting application path: C:\Users\JayLi\Downloads\unhide.exe
Faulting
module path: C:\Users\JayLi\Downloads\unhide.exe Report Id: 8f9a3182-0d92-11e2-be1c-001a6bf9aff0

Error - 10/3/2012 3:44:00 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: unhide.exe, version: 1.9.0.0, time stamp:
0x4f882799 Faulting module name: unhide.exe, version: 1.9.0.0, time stamp: 0x4f882799
Exception
code: 0xc0000005 Fault offset: 0x000131d3 Faulting process id: 0x758 Faulting application
start time: 0x01cda19f6f47727e Faulting application path: C:\Users\JayLi\Downloads\unhide.exe
Faulting
module path: C:\Users\JayLi\Downloads\unhide.exe Report Id: ad5ede58-0d92-11e2-be1c-001a6bf9aff0

Error - 10/3/2012 3:44:21 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: unhide.exe, version: 1.9.0.0, time stamp:
0x4f882799 Faulting module name: unhide.exe, version: 1.9.0.0, time stamp: 0x4f882799
Exception
code: 0xc0000005 Fault offset: 0x000131d3 Faulting process id: 0xd98 Faulting application
start time: 0x01cda19f6f45ebd9 Faulting application path: C:\Users\JayLi\Downloads\unhide.exe
Faulting
module path: C:\Users\JayLi\Downloads\unhide.exe Report Id: b9c9e9f4-0d92-11e2-be1c-001a6bf9aff0

Error - 10/3/2012 4:30:42 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/3/2012 4:48:23 PM | Computer Name = LisetteMiller | Source = VSS | ID = 8194
Description =

Error - 10/3/2012 4:53:52 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 10/3/2012 4:55:57 PM | Computer Name = LisetteMiller | Source = VSS | ID = 8194
Description =

Error - 10/3/2012 5:02:12 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

[ System Events ]
Error - 10/2/2012 4:49:35 PM | Computer Name = LisetteMiller | Source = DCOM | ID = 10005
Description =

Error - 10/2/2012 4:49:35 PM | Computer Name = LisetteMiller | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 10/2/2012 4:49:35 PM | Computer Name = LisetteMiller | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 10/2/2012 11:16:06 PM | Computer Name = LisetteMiller | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 10/3/2012 2:58:11 AM | Computer Name = LisetteMiller | Source = DCOM | ID = 10010
Description =

Error - 10/3/2012 2:58:44 AM | Computer Name = LisetteMiller | Source = DCOM | ID = 10010
Description =

Error - 10/3/2012 7:44:34 AM | Computer Name = LisetteMiller | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

[ Windows PowerShell Events ]
Error - 9/21/2012 5:10:41 PM | Computer Name = LisetteMiller | Source = PowerShell | ID = 103
Description =

Error - 9/21/2012 8:10:15 PM | Computer Name = LisetteMiller | Source = PowerShell | ID = 103
Description =


< End of report >

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 66.48 0 K 24 K
procexp.exe 1072 5.85 17,000 K 29,884 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 3.76 0 K 0 K Hardware Interrupts and DPCs
System 4 1.13 120 K 30,996 K
firefox.exe 2060 3.05 116,508 K 143,416 K Firefox Mozilla Corporation
csrss.exe 564 2.27 1,696 K 7,204 K Client Server Runtime Process Microsoft Corporation
SAiDownloaderVistaUI.exe 1156 1.37 1,268 K 4,060 K SAi Downloader UI SA International
SAiDownloaderVista.exe 1324 1.35 2,388 K 4,012 K SAi Downloader SA International
svchost.exe 2004 0.58 21,124 K 15,836 K Host Process for Windows Services Microsoft Corporation
sntlkeyssrvr.exe 2088 0.46 1,880 K 3,140 K SafeNet, Inc.
svchost.exe 904 0.30 2,768 K 4,804 K Host Process for Windows Services Microsoft Corporation
explorer.exe 3488 0.26 40,372 K 49,868 K Windows Explorer Microsoft Corporation
AvastSvc.exe 1784 0.23 27,516 K 3,364 K avast! Service AVAST Software
AvastUI.exe 2856 0.16 10,920 K 5,476 K avast! Antivirus AVAST Software
SearchIndexer.exe 2144 0.08 54,268 K 45,640 K Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 1412 0.08 14,944 K 15,660 K Host Process for Windows Services Microsoft Corporation
mbamservice.exe 696 0.07 115,356 K 45,948 K Malwarebytes Anti-Malware Malwarebytes Corporation
svchost.exe 1080 0.06 18,844 K 22,348 K Host Process for Windows Services Microsoft Corporation
vsmon.exe 1496 0.05 20,892 K 16,696 K TrueVector Service Check Point Software Technologies LTD
csrss.exe 504 0.11 1,360 K 2,884 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1252 0.03 6,728 K 9,268 K Host Process for Windows Services Microsoft Corporation
mbamgui.exe 2860 0.03 3,236 K 6,752 K Malwarebytes Anti-Malware Malwarebytes Corporation
wmpnetwk.exe 3252 0.01 3,772 K 2,944 K Windows Media Player Network Sharing Service Microsoft Corporation
WUDFHost.exe 1356 1,096 K 2,448 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
WmiPrvSE.exe 2664 2,144 K 4,800 K WMI Provider Host Microsoft Corporation
winlogon.exe 648 1,672 K 3,612 K Windows Logon Application Microsoft Corporation
wininit.exe 552 932 K 2,692 K Windows Start-Up Application Microsoft Corporation
taskhost.exe 2680 2,444 K 4,760 K Host Process for Windows Tasks Microsoft Corporation
svchost.exe 1048 73,468 K 72,048 K Host Process for Windows Services Microsoft Corporation
svchost.exe 812 2,680 K 5,444 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2844 1,292 K 3,192 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2988 1,476 K 3,852 K Host Process for Windows Services Microsoft Corporation
svchost.exe 972 16,896 K 12,392 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1960 4,696 K 7,768 K Host Process for Windows Services Microsoft Corporation
sppsvc.exe 2120 2,448 K 5,964 K Microsoft Software Protection Platform Service Microsoft Corporation
spoolsv.exe 1920 4,860 K 6,336 K Spooler SubSystem App Microsoft Corporation
smss.exe 420 272 K 676 K Windows Session Manager Microsoft Corporation
services.exe 612 4,244 K 5,712 K Services and Controller app Microsoft Corporation
SAiLicSvr.exe 1448 1,420 K 3,616 K License Server SA International
SAiAdmin.exe 832 880 K 2,864 K SAi Admin SA International
notepad.exe 2052 1,216 K 4,972 K Notepad Microsoft Corporation
notepad.exe 1528 1,608 K 5,376 K Notepad Microsoft Corporation
mbamscheduler.exe 508 1,772 K 3,304 K Malwarebytes Anti-Malware Malwarebytes Corporation
lsm.exe 668 1,404 K 2,644 K Local Session Manager Service Microsoft Corporation
lsass.exe 656 3,076 K 5,908 K Local Security Authority Process Microsoft Corporation
jusched.exe 3100 1,184 K 2,912 K Java™ Update Scheduler Sun Microsystems, Inc.
ISWSVC.exe 1812 3,496 K 2,492 K ZoneAlarm ForceField Check Point Software Technologies
GrooveMonitor.exe 3328 1,948 K 5,556 K GrooveMonitor Utility Microsoft Corporation
dwm.exe 3368 1,620 K 4,200 K Desktop Window Manager Microsoft Corporation
ctfmon.exe 4088 1,716 K 2,948 K CTF Loader Microsoft Corporation
conhost.exe 3408 1,324 K 4,784 K Console Window Host Microsoft Corporation
cmd.exe 2388 2,144 K 2,912 K Windows Command Processor Microsoft Corporation
  • 0

#30
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Here's the Boot Log. Thanks. I still cannot Unhide folders/files. It's still doing the same thing..automatically reverting back to hiding files. I've seen a program called Unhide.exe on other forum. I've seen good comments about it.

10/03/2012 21:00
Scan of all local drives

File C:\Users\Default\AppData\Local\Adobe\Updater6\Install\encore4\Encore-4.0.1-mul-AdobeUpdate.zip|>extensions\AdobeEncore4All-121108114212\Assets\1163 Error 42125 {ZIP archive is corrupted.}
File C:\Users\JayLi\AppData\Local\Adobe\Updater6\Install\encore4\Encore-4.0.1-mul-AdobeUpdate.zip|>extensions\AdobeEncore4All-121108114212\Assets\1163 Error 42125 {ZIP archive is corrupted.}
File C:\Users\JayLi\Downloads\HiJackThis.msi|>Sample.cab|>HiJackThisEXE Error 42127 {CAB archive is corrupted.}
File C:\Users\Lisette Miller\AppData\Local\Adobe\Updater6\Install\encore4\Encore-4.0.1-mul-AdobeUpdate.zip|>extensions\AdobeEncore4All-121108114212\Assets\1163 Error 42125 {ZIP archive is corrupted.}
File C:\Users\Lisette Miller\Downloads\setup_11.0.0.1245.x01_2012_09_26_02_53.exe.part|>6562746rar.exe Error 42126 {RAR archive is corrupted.}
Number of searched folders: 43144
Number of tested files: 962846
Number of infected files: 0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP