Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:DOS/Alureon.A [Solved]

Started by gg101 , Oct 29 2012 12:29 AM

  • This topic is locked This topic is locked

#1
gg101
Posted 29 October 2012 - 12:29 AM

gg101

    Member

  • Member
  • PipPip
  • 41 posts
My laptop is infected with the Trojan:DOS/Alureon.A virus. On safemode I ran MSE and was able to remove it and then I ran malwarebytes and two trojans showed up c:\Windows\svchost.exe after the scan it said I would need to restart in order to remove the virus and so I restarted my laptop in safemode I once again ran a scan with malwarebytes to make sure it was gone and two trojans popped up again. I also tried running tdss rootkill by kaspersky and it came back with no threats. This trojan will only show up on malewarebytes. Please help me get rid of it before it messes up my laptop. I dont know what else I to do. My desktop will not let open OTL when I download it, it says I cannot download on a temporary folder...

Edited by gg101, 29 October 2012 - 12:39 AM.

  • 0

Advertisements

#2
maliprog
Posted 29 October 2012 - 12:38 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello gg101 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 3

Please don't forget to include these items in your reply:
  • OTL log
  • OTL Extras log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
gg101
Posted 29 October 2012 - 01:57 AM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
here is my combo fix, I will now run otl and copy and paste that as well.


ComboFix 12-10-29.01 - Glory 10/29/2012 2:33.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.2192 [GMT -5:00]
Running from: I:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Bcool
c:\programdata\Bcool\50560fbd6fea6.html
c:\programdata\Bcool\50560fbd6fedf.js
c:\programdata\Bcool\505610e2efcff.html
c:\programdata\Bcool\505610e2efd0b.js
c:\programdata\Bcool\aecnllmcoglomfdpaghaaginkokmkonk.crx
c:\programdata\Bcool\data\505610e2efd0b.js
c:\programdata\Bcool\data\jsondb.js
c:\programdata\Bcool\kllaooahmfmhnbikagcedmagefjghhmj.crx
c:\programdata\Bcool\settings.ini
c:\programdata\Bcool\uninstall.exe
c:\programdata\Microsoft\Windows\DRM\1640.tmp
c:\programdata\Microsoft\Windows\DRM\1641.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-28 18:08 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B187F3B-303D-4706-AE6B-09D08C0E23B8}\mpengine.dll
2012-10-28 04:21 . 2012-10-28 04:21 -------- d-----w- C:\found.000
2012-10-27 03:08 . 2012-10-27 03:08 -------- d-----w- c:\windows\Sun
2012-10-27 00:12 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-11 18:45 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-11 18:44 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 18:44 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-11 18:43 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 18:43 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 18:43 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 18:43 . 2012-08-18 15:37 425984 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-11 18:43 . 2012-08-18 15:37 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-10-11 18:43 . 2012-08-18 15:42 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-10-11 18:43 . 2012-08-18 15:34 338432 ----a-w- c:\windows\system32\conhost.exe
2012-10-11 18:43 . 2012-08-18 11:17 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-10-11 18:41 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 18:41 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-11 18:41 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 18:41 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 18:41 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 18:41 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 18:41 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 18:41 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 18:41 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 18:41 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 00:54 . 2011-02-08 23:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 17:00 . 2012-09-17 04:46 321384 ----a-w- c:\windows\SysWow64\Sendori.dll
2012-09-17 04:49 . 2012-09-17 04:49 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-17 04:46 . 2012-09-17 04:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2011-04-27 20:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 11:15 . 2012-09-25 00:39 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-25 00:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-25 00:39 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-25 00:39 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-25 00:39 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-25 00:39 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-25 00:39 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-25 00:39 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-25 00:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-25 00:39 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-25 00:39 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-25 00:39 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-25 00:39 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-25 00:40 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-25 00:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-25 00:39 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-25 00:39 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-25 00:39 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-25 00:39 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-25 00:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-25 00:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-25 00:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 20:22 . 2012-08-22 20:22 209269 ----a-w- C:\torrent.exe
2012-08-18 11:19 . 2012-10-11 18:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:55 . 2012-09-16 02:30 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-16 02:30 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-17 04:49 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-27 00:23 1493160 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-17 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"cdloader"="c:\users\Glory\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-30 981656]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-09-26 82792]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-17 947808]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-17 856160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-30 1089608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\23787~1.43\{16CDF~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-09-26 118632]
R2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-10 2309656]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 116648]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
R2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-09-26 15208]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-17 722528]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 116648]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-17 31080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-17 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-09-26 3569512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 1088544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 18:21]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 18:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-05-15 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.gboxapp.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Bcool\uninstall.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-10-29 02:53:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-29 07:53
.
Pre-Run: 205,800,996,864 bytes free
Post-Run: 206,390,996,992 bytes free
.
- - End Of File - - 55BD1BF7B2E5703DD71D5EF0E3B814E7
  • 0

#4
gg101
Posted 29 October 2012 - 03:49 AM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL logfile created on: 10/29/2012 3:00:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.98% Memory free
5.86 Gb Paging File | 4.60 Gb Available in Paging File | 78.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.49 Gb Total Space | 192.19 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive D: | 14.31 Gb Total Space | 2.36 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 3.74 Gb Total Space | 2.53 Gb Free Space | 67.74% Space Free | Partition Type: FAT32

Computer Name: GLORY-PC | User Name: Glory | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - File not found --
PRC - [2012/10/29 02:02:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2012/09/26 12:00:00 | 003,569,512 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/03/15 17:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Stopped] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
SRV:64bit: - [2010/01/18 17:04:08 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/10 06:24:19 | 002,309,656 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/09/26 12:00:00 | 003,569,512 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2012/09/26 12:00:00 | 000,118,632 | ---- | M] (Sendori, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2012/09/26 12:00:00 | 000,015,208 | ---- | M] (sendori) [Auto | Stopped] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2012/09/16 23:49:20 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2011/07/04 13:26:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/16 23:49:22 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/09/16 23:46:10 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/05 14:57:18 | 000,144,896 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2010/02/05 19:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/19 20:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 20:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 20:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{27535942-7BB1-4158-AD53-939206F65BE2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{53B8828B-3F14-4D12-83C6-86518CDE7E37}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{27535942-7BB1-4158-AD53-939206F65BE2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{53B8828B-3F14-4D12-83C6-86518CDE7E37}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxap...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {819E66B8-F9CC-4F4F-B852-84B88C1D4408}
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0001c659d04b37f
IE - HKCU\..\SearchScopes\{27535942-7BB1-4158-AD53-939206F65BE2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{53B8828B-3F14-4D12-83C6-86518CDE7E37}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{819E66B8-F9CC-4F4F-B852-84B88C1D4408}: "URL" = http://www.google.co...1I7GZBN_enUS501
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-09-16 23:49:23&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxap...q={searchTerms}
IE - HKCU\..\SearchScopes\{F1235FA0-589A-44FE-AD28-937A270EC3C0}: "URL" = http://websearch.ask...7F-68AB53308F31
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/15 00:56:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/16 23:49:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/10/11 06:38:17 | 000,000,000 | ---D | M]

[2012/09/06 20:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/10/29 02:46:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [cdloader] C:\Users\Glory\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1686139-EB42-487E-A713-9E9197F3AFC2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\23787~1.43\{16CDF~1\browsemngr.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/10/29 02:46:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/29 02:31:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/29 02:31:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/29 02:31:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/29 02:30:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/29 01:46:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/27 23:21:24 | 000,000,000 | ---D | C] -- C:\found.000
[2012/10/26 22:08:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[1 C:\Users\Glory\Desktop\*.tmp files -> C:\Users\Glory\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/29 02:46:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/29 02:44:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/29 02:44:18 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/29 02:20:36 | 000,000,575 | ---- | M] () -- C:\Users\Glory\Desktop\OTL.exe - Shortcut.lnk
[2012/10/29 01:53:28 | 000,000,616 | ---- | M] () -- C:\Users\Glory\Desktop\ComboFix - Shortcut.lnk
[2012/10/29 01:46:48 | 000,791,694 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/29 01:46:48 | 000,668,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/29 01:46:48 | 000,125,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/28 14:01:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 14:01:42 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/28 14:00:20 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/28 13:04:40 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/27 23:22:30 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat
[2012/10/27 00:35:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/22 19:07:31 | 000,001,868 | ---- | M] () -- C:\Users\Glory\Desktop\Award Letter 2012-2013.html
[2012/10/03 13:20:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\Glory\Desktop\*.tmp files -> C:\Users\Glory\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 02:31:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/29 02:31:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/29 02:31:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/29 02:31:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/29 02:31:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/29 02:20:36 | 000,000,575 | ---- | C] () -- C:\Users\Glory\Desktop\OTL.exe - Shortcut.lnk
[2012/10/29 01:53:28 | 000,000,616 | ---- | C] () -- C:\Users\Glory\Desktop\ComboFix - Shortcut.lnk
[2012/10/27 23:22:30 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat
[2012/10/22 19:07:30 | 000,001,868 | ---- | C] () -- C:\Users\Glory\Desktop\Award Letter 2012-2013.html
[2011/12/21 00:53:43 | 000,012,216 | -HS- | C] () -- C:\Users\Glory\AppData\Local\n2ml12y3fq2qjt
[2011/12/21 00:53:43 | 000,012,216 | -HS- | C] () -- C:\ProgramData\n2ml12y3fq2qjt
[2011/12/04 23:17:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/11/26 16:02:45 | 000,790,236 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/06 20:49:24 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\Babylon
[2012/09/17 01:49:36 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\DAEMON Tools Lite
[2011/07/04 13:40:08 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\DAEMON Tools Pro
[2011/05/14 16:10:00 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\funkitron
[2010/11/26 16:16:33 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\mjusbsp
[2012/09/16 23:45:58 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\OpenCandy
[2010/11/26 07:11:21 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\PictureMover
[2012/09/17 01:45:34 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\SoftGrid Client
[2010/11/26 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\TP
[2012/10/26 22:01:01 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\uTorrent
[2011/01/31 18:49:31 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\WildTangent
[2012/09/06 20:58:06 | 000,000,000 | ---D | M] -- C:\Users\Glory\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/08/22 15:22:00 | 000,209,269 | ---- | M] () -- C:\torrent.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/05/15 00:05:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/05/15 00:02:59 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/05/15 00:05:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/05/15 00:02:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/05/15 00:05:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/05/15 00:02:59 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/05/15 00:05:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/05/15 00:02:59 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/05/15 00:05:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/05/15 00:05:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/05/15 00:05:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/05/15 00:05:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#5
gg101
Posted 29 October 2012 - 03:51 AM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL Extras logfile created on: 10/29/2012 3:00:38 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 51.98% Memory free
5.86 Gb Paging File | 4.60 Gb Available in Paging File | 78.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.49 Gb Total Space | 192.19 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive D: | 14.31 Gb Total Space | 2.36 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 3.74 Gb Total Space | 2.53 Gb Free Space | 67.74% Space Free | Partition Type: FAT32

Computer Name: GLORY-PC | User Name: Glory | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FC6C53-17AF-4782-AB43-51AEC2B61A14}" = lport=2869 | protocol=6 | dir=in | app=system |
"{05EF53B8-6908-4552-9D08-E30FB9207924}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07B43B9B-6462-4B43-8BCF-8AF8F6992735}" = lport=10244 | protocol=6 | dir=in | app=system |
"{0925CF9F-46B5-46B8-811A-C3D7C9BF61AB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C221998-8258-46F5-BB8A-3C827C3EF19D}" = rport=445 | protocol=6 | dir=out | app=system |
"{0E92D0F0-222A-4CB6-9B33-42AE951FAFBE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{110E181A-BAB4-4C6C-BCAC-C47A93112E0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18B18D4B-88C4-4DB4-8085-B544B5987CE9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24B7C900-D4B8-4869-9A75-9BCB9214FFB1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26E95E8D-3734-4F80-8741-DE690F7BCA3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2AD1E94D-1E9D-49C6-96D5-D8A30BE2EB8F}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F562D7E-E05F-4B4E-A660-E8BFAEF99D2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D6F9829-00A2-48D9-8ABF-C659C2E61215}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A8BA171-DA74-4652-AECB-AAF236BAE224}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E6F1330-0CD7-4F82-8ABA-E196DB3CA53E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E7E3438-3E93-4624-AD99-ED199FCEADD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6113A566-7023-4652-B98B-E56FEA8B3BB7}" = lport=10244 | protocol=6 | dir=in | app=system |
"{640AD340-B519-4EE2-B6F0-FB63DAC56199}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66427715-C796-4867-A66A-98E5DEB7D512}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{735F2AC3-D01D-4DA8-B72F-3E5D2B00D023}" = rport=137 | protocol=17 | dir=out | app=system |
"{736555B6-4198-4EB9-A991-BB763A20887A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{75970EC4-183F-4911-8B08-A55EA5534F8A}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AF35824-DF15-4C49-9B59-3853125652EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{861E82E3-F156-475F-912E-CBFC5C471C19}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{881D3F1F-8902-4C0A-851A-F61A5ED35720}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91DE78E0-BFAA-48D2-8E06-383AAC177A06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{97B69F24-756E-434A-8E4D-B47A41C7AE1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AF96E06-DD6F-4E0B-9BAE-47A21A24317E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0AC6A7E-09F1-43F6-9A08-BC7B71259621}" = lport=445 | protocol=6 | dir=in | app=system |
"{A34AF8F8-0748-48D9-B929-F83AB651A004}" = lport=137 | protocol=17 | dir=in | app=system |
"{A40EF470-1DD4-4C9E-BBDF-79C6475A2997}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC6DDD45-9A4D-48B6-848B-0E7AB9A5E816}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B1E270E4-900E-4209-B461-4EB6DE50B2FA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B218FA5E-368F-4C12-A3C4-7F9646410CC2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA984C5E-9207-4695-9B06-518921A803FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C27D34BD-3769-4F28-9D25-C03CF44A3FF1}" = lport=138 | protocol=17 | dir=in | app=system |
"{CACE5AB5-CAE6-4ED5-A769-5B8172077895}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2575719-B40E-4A13-8A04-FF908AC22292}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D378C1DB-B67A-4782-9466-A0FF927591E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D3AB537A-54B7-4F2C-B33D-E42714C1282F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D782B4E5-40B9-4826-8202-E7AAB54CB7BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA647B4A-B402-493A-AF2D-56DE5EB38379}" = rport=138 | protocol=17 | dir=out | app=system |
"{DC2D05E5-F8E9-4C42-8CA9-03882360CAC5}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{E84C390F-8DCA-4018-900D-28CA91F0940B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EBFC7FD5-2A35-49B2-A9D8-1C6D5DB567A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9FC394E-7429-4FEE-AA03-4511BB767537}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB65D406-B384-476D-B282-6E4740A70EF3}" = lport=139 | protocol=6 | dir=in | app=system |
"{FC3C9D84-90F1-4B92-8B7A-9DB0CBB95203}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDB49FD4-831D-4047-8AD7-39F64BC4BEBA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0252D709-1FB2-4FF3-8E66-D51F07BC62FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{049BD50B-F5CE-4CC9-9E77-E7F9CE018166}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0948C08D-5D6A-4904-AC02-C1FD75729515}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0AC001B9-9B90-4ADF-8C64-AF85665C2EB8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{14573C02-A5CA-494C-AD5B-80121F92338A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{17A1D11B-8B0A-4DCD-BA36-4DA34A1DF96E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17A9C287-FD0A-4093-A7DC-FD4BBECA57E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{19E934B9-1E2D-4B8D-9A4B-562B81A42D87}" = protocol=58 | dir=out | [email protected],-28546 |
"{1E3AD4A5-7981-4753-BCE4-B2830B6049F7}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{266A34F4-B585-4F11-9CA9-B2464D2B684D}" = protocol=1 | dir=in | [email protected],-28543 |
"{2EA9B6C3-AEF7-4374-80D2-287526D85F88}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{304BFA7B-845E-46F3-B489-C02D5D162C23}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{30CC6945-0C4A-43AB-994D-1C976A57AA7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{310376E9-6AEE-40BE-B687-12047FA31ABC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{340270D4-B483-4A86-8E72-DD35B80159B3}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{432A7902-EEF7-4436-868E-2292CBCADBDF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4A39E278-7D24-49AF-8187-5DAA292703EC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A43D709-BA3E-461F-B472-CFCA00293623}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{4E9CDDD2-BD71-44E7-9B12-BB5B6DA06D33}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{53C00E1F-0476-4F4E-B0F1-283A200A2E5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{551C5900-B3AC-43E0-BF31-F6B0C5C966F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DEF636B-FBD8-430E-B154-EAC94D571164}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{655593A4-5B5E-4D7B-8259-6EA7BF4E1E66}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{6C496BB9-3E1B-41C6-B04B-5494295943C0}" = protocol=1 | dir=out | [email protected],-28544 |
"{72F3789F-106F-4B9E-9C26-ADEF281858EF}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{807B617E-68F5-4DC8-9FDE-5D8EAAFA462F}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{835E9C73-8A37-4DB1-9EC6-F9871EF1A436}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85303A6E-B2AA-4B2C-9E80-95E1B80FA294}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88E2C1AF-99FA-4643-A7A6-96D7A7426FDE}" = protocol=58 | dir=in | [email protected],-28545 |
"{9C002F52-4A1D-43A3-822B-90D2FE138D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A08754E5-6087-4BB7-8B5C-58EBBEDCC52A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{AAA0C03C-6216-495C-889A-BD200CAE1923}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{B40D1B6C-CCE1-476F-BCF6-2304E1822EE3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7CEE16F-CCB9-4C35-876B-EF1EFD21B400}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{BA562D18-C298-4F8D-AF8D-58E8319E4CE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C74DA611-1E49-4C60-9AEA-78C876F6801B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC3FE930-BEEE-42D9-AF79-110CE861B25C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD1D6AA5-CDB6-4438-A95F-FC50F4A3073F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{CD36C3AE-35A4-4DDE-9556-FCAC4C5538B8}" = protocol=6 | dir=out | app=system |
"{D4E32AAB-6D25-48D9-9DCD-59FE1E36B47E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D72DE8B7-E327-4F76-892F-AA81D66CEBD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA72E4DA-5253-42DE-B047-2AC5B2533C89}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DBB40C9C-BBAE-47DB-81EA-72C260300CAF}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{F7931B4C-7A60-497C-B25D-E4F7CE9FADFB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool
"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe AIR" = Adobe AIR
"AVG Secure Search" = AVG Security Toolbar
"DAEMON Tools Lite" = DAEMON Tools Lite
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"My HP Game Console" = HP Game Console
"Sendori" = Sendori
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HP webOS® Doctor™ Build 80.77, webOS 3.0.4" = HP webOS® Doctor™ Build 80.77, webOS 3.0.4
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/18/2012 12:34:52 PM | Computer Name = Glory-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: 505610e2efcc9.dll, version: 1.0.0.1,
time stamp: 0x501674b7 Exception code: 0xc0000005 Fault offset: 0x00007790 Faulting
process id: 0x1a48 Faulting application start time: 0x01cd95bb85011b1a Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\Bcool\505610e2efcc9.dll Report Id: c53c4066-01ae-11e2-94ee-60eb6933e6ed

Error - 9/21/2012 9:00:04 PM | Computer Name = Glory-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: dc0 Start
Time: 01cd985d7589eef5 Termination Time: 32 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: d2cefdba-0450-11e2-b432-60eb6933e6ed

Error - 9/21/2012 9:01:01 PM | Computer Name = Glory-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1be4 Start
Time: 01cd985d9de0005a Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: f56f8236-0450-11e2-b432-60eb6933e6ed

Error - 9/21/2012 10:44:40 PM | Computer Name = Glory-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1948 Start
Time: 01cd986ae92d5ef4 Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 709466a9-045f-11e2-b432-60eb6933e6ed

Error - 9/22/2012 3:15:46 PM | Computer Name = Glory-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1364 Start
Time: 01cd98f68e2b5929 Termination Time: 187 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: e4e13d51-04e9-11e2-b432-60eb6933e6ed

Error - 9/22/2012 3:18:57 PM | Computer Name = Glory-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1b88 Start
Time: 01cd98f6f52a8e91 Termination Time: 15 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 572eb236-04ea-11e2-b432-60eb6933e6ed

Error - 9/22/2012 3:19:59 PM | Computer Name = Glory-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1598 Start
Time: 01cd98f721031dd2 Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 7ae65546-04ea-11e2-b432-60eb6933e6ed

Error - 9/26/2012 7:53:39 PM | Computer Name = Glory-PC | Source = SendoriService | ID = 99
Description = Retrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
failed due to the following error: 80070424.

Error - 9/26/2012 7:53:53 PM | Computer Name = Glory-PC | Source = Application Hang | ID = 1002
Description = The program SETUP.EXE version 14.0.4755.1000 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 14b4 Start
Time: 01cd9c4224f77523 Termination Time: 15 Application Path: H:\SETUP.EXE Report
Id: 69b515d4-0835-11e2-836b-60eb6933e6ed

Error - 10/11/2012 2:40:29 PM | Computer Name = Glory-PC | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 0.0.0.0, time stamp:
0x4b5407e6 Faulting module name: OLEAUT32.dll, version: 6.1.7600.16872, time stamp:
0x4e588139 Exception code: 0xc0000005 Fault offset: 0x00000000000034b2 Faulting process
id: 0x674 Faulting application start time: 0x01cd9e86287cd836 Faulting application
path: C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe Faulting module
path: C:\Windows\system32\OLEAUT32.dll Report Id: 20fda21a-13d3-11e2-9b43-60eb6933e6ed

[ Hewlett-Packard Events ]
Error - 1/31/2011 6:41:32 PM | Computer Name = Glory-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 4/9/2011 11:09:25 PM | Computer Name = Glory-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 5/30/2011 9:04:54 PM | Computer Name = Glory-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 6/5/2011 7:35:20 PM | Computer Name = Glory-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/12/2011 7:54:33 PM | Computer Name = Glory-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 10/22/2011 10:11:40 PM | Computer Name = Glory-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 3/11/2012 1:56:24 AM | Computer Name = Glory-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 6/17/2012 12:08:53 AM | Computer Name = Glory-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

[ System Events ]
Error - 7/10/2012 10:44:48 AM | Computer Name = Glory-PC | Source = NetBT | ID = 4321
Description = The name "GLORY-PC :0" could not be registered on the interface
with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not
allow the name to be claimed by this computer.

Error - 7/12/2012 1:17:52 PM | Computer Name = Glory-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A1686139-EB42-487E-A713-9E9197F3AFC2}
because another computer on the network has the same name. The server could not
start.

Error - 7/12/2012 1:17:52 PM | Computer Name = Glory-PC | Source = NetBT | ID = 4321
Description = The name "GLORY-PC :20" could not be registered on the interface
with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not
allow the name to be claimed by this computer.

Error - 7/12/2012 1:17:52 PM | Computer Name = Glory-PC | Source = NetBT | ID = 4321
Description = The name "GLORY-PC :0" could not be registered on the interface
with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not
allow the name to be claimed by this computer.

Error - 7/12/2012 1:17:52 PM | Computer Name = Glory-PC | Source = NetBT | ID = 4321
Description = The name "GLORY-PC :0" could not be registered on the interface
with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not
allow the name to be claimed by this computer.

Error - 7/12/2012 1:17:52 PM | Computer Name = Glory-PC | Source = NetBT | ID = 4321
Description = The name "GLORY-PC :0" could not be registered on the interface
with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not
allow the name to be claimed by this computer.

Error - 7/12/2012 1:21:00 PM | Computer Name = Glory-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{A1686139-EB42-487E-A713-9E9197F3AFC2}
because another computer on the network has the same name. The server could not
start.

Error - 7/12/2012 1:21:00 PM | Computer Name = Glory-PC | Source = NetBT | ID = 4321
Description = The name "GLORY-PC :0" could not be registered on the interface
with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not
allow the name to be claimed by this computer.

Error - 7/12/2012 1:21:00 PM | Computer Name = Glory-PC | Source = NetBT | ID = 4321
Description = The name "GLORY-PC :20" could not be registered on the interface
with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not
allow the name to be claimed by this computer.

Error - 7/12/2012 1:21:07 PM | Computer Name = Glory-PC | Source = NetBT | ID = 4321
Description = The name "GLORY-PC :0" could not be registered on the interface
with IP address 192.168.1.6. The computer with the IP address 192.168.1.8 did not
allow the name to be claimed by this computer.


< End of report >
  • 0

#6
maliprog
Posted 29 October 2012 - 04:02 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gg101,

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    C:\Users\Glory\AppData\Local\n2ml12y3fq2qjt
    C:\ProgramData\n2ml12y3fq2qjt

    :Commands
    [purity]
    [emptyjava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
gg101
Posted 29 October 2012 - 12:07 PM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hi, I ran OTL with the new commands and the run fix and my laptop restarted but no log came up so I searched for C:\_OTL\MovedFiles and I did not find it in my c drive. I am now running rkill. Is there anywhere else I should look?

also, Rkill took 10 hours to scan and when trying to save the report my laptop froze. I checked task manager and the cpu usage was at 99% so I waited for 15 minutes to see if there was any change and it never saved. a tab also came up earlier in the day saying that the email portion is either not valid or not set up and I would have to check with outlook. I dont have outlook set up at all. Lastly it had a tab that came up and said "previous application launch failed".

I am running a scan again and hopefully it will work. Or is there something else to try?

Edited by gg101, 29 October 2012 - 11:05 PM.

  • 0

#8
maliprog
Posted 30 October 2012 - 12:11 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gg101,

I am now running rkill. Is there anywhere else I should look?


I didn't tell you to run rKill. Did you meant VRT?

I am running a scan again and hopefully it will work. Or is there something else to try?


Just let me know if you fail to save report this time. Also tell me did it found anything?
  • 0

#9
gg101
Posted 30 October 2012 - 11:25 AM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi, I found OTL fix log, here it is.. As far as the VRT log, I was able to save this time and when I copied and tried to paste it on here is will not let me for some reason. I did click on the detected thread and that was empty. the scan was a big file 486 mb. I will try to find a way to get it on here for you.


========== OTL ==========
========== FILES ==========
C:\Users\Glory\AppData\Local\n2ml12y3fq2qjt moved successfully.
C:\ProgramData\n2ml12y3fq2qjt moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Glory
->Java cache emptied: 412088624 bytes

User: Mcx1-GLORY-PC

User: Public

Total Java Files Cleaned = 393.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10292012_123010

Edited by gg101, 30 October 2012 - 11:28 AM.

  • 0

#10
gg101
Posted 30 October 2012 - 01:43 PM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here is the VRT log in bits, I am not able to paste it all at once. I will continue to paste more, it is a large file....


Automatic Scan: completed 10 hours ago (events: 1960, objects: 1922, time: 00:10:54)
10/29/2012 11:54:41 PM Task started
10/29/2012 11:54:42 PM OK System Memory
10/29/2012 11:54:42 PM OK sndappv2.exe\sndappv2.exe
10/29/2012 11:54:42 PM OK sndappv2.exe\ntdll.dll
10/29/2012 11:54:42 PM OK sndappv2.exe\kernel32.dll
10/29/2012 11:54:42 PM OK sndappv2.exe\KERNELBASE.dll
10/29/2012 11:54:42 PM OK sndappv2.exe\VERSION.dll
10/29/2012 11:54:42 PM OK sndappv2.exe\msvcrt.dll
10/29/2012 11:54:42 PM OK sndappv2.exe\PSAPI.DLL
10/29/2012 11:54:42 PM OK sndappv2.exe\WS2_32.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\kernel32.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\ntdll.dll
10/29/2012 11:54:43 PM OK sndappv2.exe\RPCRT4.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\KERNELBASE.dll
10/29/2012 11:54:43 PM OK C:\Windows\system32\VERSION.dll
10/29/2012 11:54:43 PM OK sndappv2.exe\SspiCli.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\PSAPI.DLL
10/29/2012 11:54:43 PM OK sndappv2.exe\CRYPTBASE.dll
10/29/2012 11:54:43 PM OK sndappv2.exe\sechost.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\msvcrt.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\WS2_32.dll
10/29/2012 11:54:43 PM OK sndappv2.exe\NSI.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\SspiCli.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\RPCRT4.dll
10/29/2012 11:54:43 PM OK sndappv2.exe\USER32.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\CRYPTBASE.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\sechost.dll
10/29/2012 11:54:43 PM OK sndappv2.exe\GDI32.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\NSI.dll
10/29/2012 11:54:43 PM OK sndappv2.exe\LPK.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\GDI32.dll
10/29/2012 11:54:43 PM OK C:\Windows\syswow64\USER32.dll
10/29/2012 11:54:43 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:43 PM OK sndappv2.exe\USP10.dll
10/29/2012 11:54:44 PM OK C:\Windows\syswow64\LPK.dll
10/29/2012 11:54:44 PM OK C:\Windows\syswow64\USP10.dll
10/29/2012 11:54:44 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:44 PM OK sndappv2.exe\ADVAPI32.dll
10/29/2012 11:54:44 PM OK sndappv2.exe\ole32.dll
10/29/2012 11:54:44 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:44 PM OK C:\Windows\syswow64\ADVAPI32.dll
10/29/2012 11:54:44 PM OK sndappv2.exe\OLEAUT32.dll
10/29/2012 11:54:44 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:44 PM OK C:\Windows\syswow64\ole32.dll
10/29/2012 11:54:44 PM OK sndappv2.exe\Secur32.dll
10/29/2012 11:54:44 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:44 PM OK C:\Windows\syswow64\OLEAUT32.dll
10/29/2012 11:54:45 PM OK sndappv2.exe\CRYPT32.dll
10/29/2012 11:54:45 PM OK C:\Windows\system32\Secur32.dll
10/29/2012 11:54:45 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:45 PM OK sndappv2.exe\MSASN1.dll
10/29/2012 11:54:45 PM OK C:\Windows\syswow64\CRYPT32.dll
10/29/2012 11:54:45 PM OK C:\Windows\syswow64\MSASN1.dll
10/29/2012 11:54:45 PM OK sndappv2.exe\IMM32.DLL
10/29/2012 11:54:45 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:45 PM OK sndappv2.exe\MSCTF.dll
10/29/2012 11:54:45 PM OK C:\Windows\system32\IMM32.DLL
10/29/2012 11:54:45 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:46 PM OK sndappv2.exe\SHLWAPI.dll
10/29/2012 11:54:46 PM OK C:\Windows\syswow64\MSCTF.dll
10/29/2012 11:54:46 PM OK sndappv2.exe\ATL.DLL
10/29/2012 11:54:46 PM OK C:\Windows\syswow64\SHLWAPI.dll
10/29/2012 11:54:46 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/29/2012 11:54:46 PM OK sndappv2.exe\WININET.dll
10/29/2012 11:54:46 PM OK C:\Windows\system32\ATL.DLL
10/29/2012 11:54:47 PM OK C:\Program Files (x86)\Sendori\sndappv2.exe
10/29/2012 11:54:47 PM OK sndappv2.exe\Normaliz.dll
10/29/2012 11:54:47 PM OK C:\Windows\syswow64\WININET.dll
10/29/2012 11:54:47 PM OK C:\Windows\syswow64\Normaliz.dll
10/29/2012 11:54:47 PM OK sndappv2.exe\iertutil.dll
10/29/2012 11:54:47 PM OK C:\Windows\syswow64\iertutil.dll
10/29/2012 11:54:47 PM OK sndappv2.exe\urlmon.dll
10/29/2012 11:54:48 PM OK sndappv2.exe\WINMM.dll
10/29/2012 11:54:48 PM OK sndappv2.exe\SHELL32.dll
10/29/2012 11:54:48 PM OK C:\Windows\system32\WINMM.dll
10/29/2012 11:54:48 PM OK C:\Windows\syswow64\urlmon.dll
10/29/2012 11:54:48 PM OK sndappv2.exe\ntmarta.dll
10/29/2012 11:54:49 PM OK C:\Windows\system32\ntmarta.dll
10/29/2012 11:54:49 PM OK C:\Windows\syswow64\SHELL32.dll
10/29/2012 11:54:49 PM OK sndappv2.exe\WLDAP32.dll
10/29/2012 11:54:49 PM OK sndappv2.exe\CRYPTSP.dll
10/29/2012 11:54:49 PM OK C:\Windows\syswow64\WLDAP32.dll
10/29/2012 11:54:49 PM OK sndappv2.exe\rsaenh.dll
10/29/2012 11:54:49 PM OK C:\Windows\system32\CRYPTSP.dll
10/29/2012 11:54:49 PM OK C:\Windows\system32\rsaenh.dll
10/29/2012 11:54:50 PM OK sndappv2.exe\CLBCatQ.DLL
10/29/2012 11:54:50 PM OK C:\Windows\syswow64\CLBCatQ.DLL
10/29/2012 11:54:50 PM OK sndappv2.exe\RpcRtRemote.dll
10/29/2012 11:54:50 PM OK C:\Windows\system32\RpcRtRemote.dll
10/29/2012 11:54:50 PM OK sndappv2.exe\mswsock.dll
10/29/2012 11:54:50 PM OK C:\Windows\system32\mswsock.dll
10/29/2012 11:54:50 PM OK sndappv2.exe\wshtcpip.dll
10/29/2012 11:54:51 PM OK C:\Windows\system32\wshtcpip.dll
10/29/2012 11:54:51 PM OK svchost.exe\svchost.exe
10/29/2012 11:54:51 PM Not processed \\.\globalroot\systemroot\svchost.exe Object not found
10/29/2012 11:54:52 PM OK svchost.exe\ntdll.dll
10/29/2012 11:54:52 PM OK svchost.exe\kernel32.dll
10/29/2012 11:54:52 PM OK svchost.exe\KERNELBASE.dll
10/29/2012 11:54:52 PM OK svchost.exe\USER32.dll
10/29/2012 11:54:53 PM OK svchost.exe\GDI32.dll
10/29/2012 11:54:53 PM OK svchost.exe\LPK.dll
10/29/2012 11:54:53 PM OK svchost.exe\USP10.dll
10/29/2012 11:54:53 PM OK svchost.exe\msvcrt.dll
10/29/2012 11:54:54 PM OK svchost.exe\ADVAPI32.dll
10/29/2012 11:54:54 PM OK svchost.exe\sechost.dll
10/29/2012 11:54:54 PM OK svchost.exe\RPCRT4.dll
10/29/2012 11:54:54 PM OK svchost.exe\SspiCli.dll
10/29/2012 11:54:55 PM OK svchost.exe\CRYPTBASE.dll
10/29/2012 11:54:55 PM OK svchost.exe\ole32.dll
10/29/2012 11:54:55 PM OK svchost.exe\IMM32.DLL
10/29/2012 11:54:55 PM OK svchost.exe\MSCTF.dll
10/29/2012 11:54:56 PM OK svchost.exe\SHLWAPI.dll
10/29/2012 11:54:56 PM OK svchost.exe\WS2_32.dll
10/29/2012 11:54:56 PM OK svchost.exe\NSI.dll
10/29/2012 11:54:56 PM OK svchost.exe\ATL.DLL
10/29/2012 11:54:57 PM OK svchost.exe\WININET.dll
10/29/2012 11:54:57 PM OK svchost.exe\Normaliz.dll
10/29/2012 11:54:57 PM OK svchost.exe\iertutil.dll
10/29/2012 11:54:57 PM OK svchost.exe\urlmon.dll
10/29/2012 11:54:58 PM OK svchost.exe\OLEAUT32.dll
10/29/2012 11:54:58 PM OK svchost.exe\WINMM.dll
10/29/2012 11:54:58 PM OK svchost.exe\SHELL32.dll
10/29/2012 11:54:59 PM OK svchost.exe\ntmarta.dll
10/29/2012 11:54:59 PM OK svchost.exe\WLDAP32.dll
10/29/2012 11:54:59 PM OK svchost.exe\dsound.DLL
10/29/2012 11:55:00 PM OK C:\Windows\system32\dsound.DLL
10/29/2012 11:55:00 PM OK svchost.exe\POWRPROF.dll
10/29/2012 11:55:00 PM OK C:\Windows\system32\POWRPROF.dll
10/29/2012 11:55:00 PM OK svchost.exe\SETUPAPI.dll
10/29/2012 11:55:00 PM OK C:\Windows\syswow64\SETUPAPI.dll
10/29/2012 11:55:01 PM OK svchost.exe\CFGMGR32.dll
10/29/2012 11:55:01 PM OK C:\Windows\syswow64\CFGMGR32.dll
10/29/2012 11:55:01 PM OK svchost.exe\DEVOBJ.dll
10/29/2012 11:55:01 PM OK svchost.exe\Secur32.dll
10/29/2012 11:55:01 PM OK C:\Windows\syswow64\DEVOBJ.dll
10/29/2012 11:55:01 PM OK svchost.exe\profapi.dll
10/29/2012 11:55:02 PM OK svchost.exe\CLBCatQ.DLL
10/29/2012 11:55:02 PM OK C:\Windows\system32\profapi.dll
10/29/2012 11:55:02 PM OK svchost.exe\CRYPTSP.dll
10/29/2012 11:55:02 PM OK svchost.exe\rsaenh.dll
10/29/2012 11:55:02 PM OK svchost.exe\RpcRtRemote.dll
10/29/2012 11:55:03 PM OK svchost.exe\ieframe.dll
10/29/2012 11:55:03 PM OK svchost.exe\PSAPI.DLL
10/29/2012 11:55:03 PM OK svchost.exe\OLEACC.dll
10/29/2012 11:55:04 PM OK C:\Windows\syswow64\OLEACC.dll
10/29/2012 11:55:04 PM OK svchost.exe\comctl32.dll
10/29/2012 11:55:04 PM OK C:\Windows\syswow64\ieframe.dll
10/29/2012 11:55:04 PM OK C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
10/29/2012 11:55:04 PM OK svchost.exe\SXS.DLL
10/29/2012 11:55:04 PM OK svchost.exe\PROPSYS.dll
10/29/2012 11:55:05 PM OK C:\Windows\system32\SXS.DLL
10/29/2012 11:55:05 PM OK C:\Windows\system32\PROPSYS.dll
10/29/2012 11:55:05 PM OK svchost.exe\apphelp.dll
10/29/2012 11:55:05 PM OK C:\Windows\system32\apphelp.dll
10/29/2012 11:55:05 PM OK svchost.exe\dnsapi.DLL
10/29/2012 11:55:05 PM OK C:\Windows\system32\dnsapi.DLL
10/29/2012 11:55:06 PM OK svchost.exe\iphlpapi.DLL
10/29/2012 11:55:06 PM OK svchost.exe\WINNSI.DLL
10/29/2012 11:55:06 PM OK C:\Windows\system32\iphlpapi.DLL
10/29/2012 11:55:06 PM OK C:\Windows\system32\WINNSI.DLL
10/29/2012 11:55:06 PM OK svchost.exe\RASAPI32.dll
10/29/2012 11:55:06 PM OK svchost.exe\rasman.dll
10/29/2012 11:55:06 PM OK C:\Windows\system32\RASAPI32.dll
10/29/2012 11:55:07 PM OK C:\Windows\system32\rasman.dll
10/29/2012 11:55:07 PM OK svchost.exe\rtutils.dll
10/29/2012 11:55:07 PM OK svchost.exe\mswsock.dll
10/29/2012 11:55:07 PM OK C:\Windows\system32\rtutils.dll
10/29/2012 11:55:07 PM OK svchost.exe\wship6.dll
10/29/2012 11:55:08 PM OK C:\Windows\system32\wship6.dll
10/29/2012 11:55:08 PM OK svchost.exe\wshtcpip.dll
10/29/2012 11:55:08 PM OK svchost.exe\MSHTML.dll
10/29/2012 11:55:08 PM OK svchost.exe\VERSION.dll
10/29/2012 11:55:09 PM OK svchost.exe\NLAapi.dll
10/29/2012 11:55:09 PM OK svchost.exe\rasadhlp.dll
10/29/2012 11:55:09 PM OK C:\Windows\system32\NLAapi.dll
10/29/2012 11:55:09 PM OK C:\Windows\system32\MSHTML.dll
10/29/2012 11:55:09 PM OK C:\Windows\system32\rasadhlp.dll
10/29/2012 11:55:09 PM OK svchost.exe\fwpuclnt.dll
10/29/2012 11:55:09 PM OK C:\Windows\system32\fwpuclnt.dll
10/29/2012 11:55:10 PM OK svchost.exe\MLANG.dll
10/29/2012 11:55:10 PM OK C:\Windows\system32\MLANG.dll
10/29/2012 11:55:10 PM OK svchost.exe\msls31.dll
10/29/2012 11:55:10 PM OK C:\Windows\system32\msls31.dll
10/29/2012 11:55:10 PM OK svchost.exe\jscript9.dll
10/29/2012 11:55:10 PM OK svchost.exe\d2d1.dll
10/29/2012 11:55:11 PM OK C:\Windows\system32\d2d1.dll
10/29/2012 11:55:11 PM OK svchost.exe\DWrite.dll
10/29/2012 11:55:11 PM OK C:\Windows\syswow64\jscript9.dll
10/29/2012 11:55:11 PM OK C:\Windows\system32\DWrite.dll
10/29/2012 11:55:11 PM OK svchost.exe\dxgi.dll
10/29/2012 11:55:11 PM OK svchost.exe\dwmapi.dll
10/29/2012 11:55:12 PM OK C:\Windows\system32\dxgi.dll
10/29/2012 11:55:12 PM OK C:\Windows\system32\dwmapi.dll
10/29/2012 11:55:12 PM OK svchost.exe\WINTRUST.dll
10/29/2012 11:55:12 PM OK svchost.exe\CRYPT32.dll
10/29/2012 11:55:12 PM OK C:\Windows\syswow64\WINTRUST.dll
10/29/2012 11:55:12 PM OK svchost.exe\MSASN1.dll
10/29/2012 11:55:13 PM OK svchost.exe\d3d10_1.dll
10/29/2012 11:55:13 PM OK C:\Windows\system32\d3d10_1.dll
10/29/2012 11:55:13 PM OK svchost.exe\d3d10_1core.dll
10/29/2012 11:55:13 PM OK C:\Windows\system32\d3d10_1core.dll
10/29/2012 11:55:13 PM OK svchost.exe\D3D10Warp.dll
10/29/2012 11:55:14 PM OK svchost.exe\vbscript.dll
10/29/2012 11:55:14 PM OK C:\Windows\system32\D3D10Warp.dll
10/29/2012 11:55:14 PM OK C:\Windows\syswow64\vbscript.dll
10/29/2012 11:55:14 PM OK svchost.exe\msxml3.dll
10/29/2012 11:55:14 PM OK svchost.exe\Flash11e.ocx
10/29/2012 11:55:15 PM OK svchost.exe\MSIMG32.dll
10/29/2012 11:55:15 PM OK C:\Windows\system32\msxml3.dll
10/29/2012 11:55:15 PM OK C:\Windows\system32\MSIMG32.dll
10/29/2012 11:55:15 PM OK svchost.exe\COMDLG32.dll
10/29/2012 11:55:15 PM OK C:\Windows\syswow64\COMDLG32.dll
10/29/2012 11:55:15 PM OK svchost.exe\COMCTL32.dll
10/29/2012 11:55:16 PM OK C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll
10/29/2012 11:55:16 PM OK svchost.exe\d3d9.dll
10/29/2012 11:55:16 PM OK svchost.exe\d3d8thk.dll
10/29/2012 11:55:16 PM OK C:\Windows\system32\d3d9.dll
10/29/2012 11:55:16 PM OK C:\Windows\system32\d3d8thk.dll
10/29/2012 11:55:17 PM OK svchost.exe\mscms.dll
10/29/2012 11:55:17 PM OK svchost.exe\USERENV.dll
10/29/2012 11:55:17 PM OK C:\Windows\system32\mscms.dll
10/29/2012 11:55:17 PM OK C:\Windows\system32\USERENV.dll
10/29/2012 11:55:18 PM OK svchost.exe\UxTheme.dll
10/29/2012 11:55:18 PM OK svchost.exe\credssp.dll
10/29/2012 11:55:18 PM OK C:\Windows\system32\UxTheme.dll
10/29/2012 11:55:18 PM OK svchost.exe\schannel.dll
10/29/2012 11:55:18 PM OK C:\Windows\system32\credssp.dll
10/29/2012 11:55:18 PM OK C:\Windows\syswow64\Macromed\Flash\Flash11e.ocx
10/29/2012 11:55:18 PM OK svchost.exe\ncrypt.dll
10/29/2012 11:55:18 PM OK C:\Windows\syswow64\schannel.dll
10/29/2012 11:55:19 PM OK svchost.exe\bcrypt.dll
10/29/2012 11:55:19 PM OK C:\Windows\system32\ncrypt.dll
10/29/2012 11:55:19 PM OK svchost.exe\XmlLite.dll
10/29/2012 11:55:19 PM OK C:\Windows\system32\bcrypt.dll
10/29/2012 11:55:19 PM OK svchost.exe\bcryptprimitives.dll
10/29/2012 11:55:19 PM OK C:\Windows\system32\XmlLite.dll
10/29/2012 11:55:20 PM OK C:\Windows\syswow64\bcryptprimitives.dll
10/29/2012 11:55:20 PM OK svchost.exe\GPAPI.dll
10/29/2012 11:55:20 PM OK C:\Windows\system32\GPAPI.dll
10/29/2012 11:55:20 PM OK svchost.exe\MMDevAPI.DLL
10/29/2012 11:55:21 PM OK svchost.exe\wdmaud.drv
10/29/2012 11:55:21 PM OK C:\Windows\system32\MMDevAPI.DLL
10/29/2012 11:55:21 PM OK svchost.exe\ksuser.dll
10/29/2012 11:55:21 PM OK C:\Windows\system32\wdmaud.drv
10/29/2012 11:55:21 PM OK svchost.exe\AVRT.dll
10/29/2012 11:55:21 PM OK C:\Windows\system32\ksuser.dll
10/29/2012 11:55:21 PM OK C:\Windows\system32\AVRT.dll
10/29/2012 11:55:21 PM OK svchost.exe\windowscodecs.dll
10/29/2012 11:55:22 PM OK svchost.exe\d3d10.dll
10/29/2012 11:55:22 PM OK C:\Windows\system32\windowscodecs.dll
10/29/2012 11:55:22 PM OK svchost.exe\d3d10core.dll
10/29/2012 11:55:22 PM OK C:\Windows\system32\d3d10.dll
10/29/2012 11:55:22 PM OK C:\Windows\system32\d3d10core.dll
10/29/2012 11:55:23 PM OK svchost.exe\Dxtrans.dll
10/29/2012 11:55:23 PM OK svchost.exe\ddrawex.dll
10/29/2012 11:55:23 PM OK C:\Windows\syswow64\Dxtrans.dll
10/29/2012 11:55:23 PM OK C:\Windows\syswow64\ddrawex.dll
10/29/2012 11:55:23 PM OK svchost.exe\DDRAW.dll
10/29/2012 11:55:24 PM OK C:\Windows\syswow64\DDRAW.dll
10/29/2012 11:55:24 PM OK svchost.exe\DCIMAN32.dll
10/29/2012 11:55:24 PM OK svchost.exe\winspool.drv
10/29/2012 11:55:24 PM OK C:\Windows\syswow64\DCIMAN32.dll
10/29/2012 11:55:24 PM OK svchost.exe\Dxtmsft.dll
10/29/2012 11:55:24 PM OK C:\Windows\system32\winspool.drv
10/29/2012 11:55:24 PM OK svchost.exe\ImgUtil.dll
10/29/2012 11:55:24 PM OK C:\Windows\syswow64\Dxtmsft.dll
10/29/2012 11:55:25 PM OK svchost.exe\MSOXMLMF.DLL
10/29/2012 11:55:25 PM OK C:\Windows\system32\ImgUtil.dll
10/29/2012 11:55:25 PM OK svchost.exe\MSVCR90.dll
10/29/2012 11:55:25 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
10/29/2012 11:55:25 PM OK svchost.exe\wmp.dll
10/29/2012 11:55:26 PM OK C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
10/29/2012 11:55:26 PM OK svchost.exe\gdiplus.dll
10/29/2012 11:55:26 PM OK svchost.exe\wmploc.dll
10/29/2012 11:55:26 PM OK C:\Windows\system32\wmp.dll
10/29/2012 11:55:26 PM OK C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\gdiplus.dll
10/29/2012 11:55:26 PM OK svchost.exe\msxml6.dll
10/29/2012 11:55:27 PM OK svchost.exe\vgx.dll
10/29/2012 11:55:27 PM OK C:\Windows\system32\wmploc.dll
10/29/2012 11:55:27 PM OK C:\Windows\system32\msxml6.dll
10/29/2012 11:55:27 PM OK C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\vgx.dll
10/29/2012 11:55:27 PM OK Rkill.exe\Rkill.exe
10/29/2012 11:55:28 PM OK C:\Users\Glory\Desktop\Rkill.exe:Zone.Identifier
10/29/2012 11:55:28 PM Archive: RAR C:\Users\Glory\Desktop\Rkill.exe
10/29/2012 11:55:28 PM OK C:\Users\Glory\Desktop\Rkill.exe/archive comment
10/29/2012 11:55:30 PM OK C:\Users\Glory\Desktop\Rkill.exe/5123135.exe/#
10/29/2012 11:55:30 PM OK C:\Users\Glory\Desktop\Rkill.exe/5123135.exe
10/29/2012 11:55:31 PM OK C:\Users\Glory\Desktop\Rkill.exe/5123135.prg
10/29/2012 11:56:13 PM Archive: RAR C:\Users\Glory\Desktop\Rkill.exe/5123135rar.exe
10/29/2012 11:56:13 PM Password protected C:\Users\Glory\Desktop\Rkill.exe/5123135rar.exe
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/5123135rar.prg
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/background.png
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/1/kl1.cat
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/1/kl1.inf
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/1/kl1.sys
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/2/501/5123135drv.cat
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/2/501/5123135drv.inf
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/2/501/5123135drv.sys
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/2/600/5123135drv.cat
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/2/600/5123135drv.inf
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win32/2/600/5123135drv.sys
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/1/kl1.cat
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/1/kl1.inf
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/1/kl1.sys
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/2/501/5123135drv.cat
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/2/501/5123135drv.inf
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/2/501/5123135drv.sys
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/2/600/5123135drv.cat
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/2/600/5123135drv.inf
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/Drivers/Win64/2/600/5123135drv.sys
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/helper64.exe
10/29/2012 11:56:13 PM OK C:\Users\Glory\Desktop\Rkill.exe/helper64.prg
10/29/2012 11:56:14 PM OK Rkill.exe\ntdll.dll
10/29/2012 11:56:14 PM OK Rkill.exe\kernel32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\KERNELBASE.dll
10/29/2012 11:56:14 PM OK Rkill.exe\ADVAPI32.DLL
10/29/2012 11:56:14 PM OK Rkill.exe\msvcrt.dll
10/29/2012 11:56:14 PM OK Rkill.exe\sechost.dll
10/29/2012 11:56:14 PM OK Rkill.exe\RPCRT4.dll
10/29/2012 11:56:14 PM OK Rkill.exe\SspiCli.dll
10/29/2012 11:56:14 PM OK Rkill.exe\CRYPTBASE.dll
10/29/2012 11:56:14 PM OK Rkill.exe\COMCTL32.DLL
10/29/2012 11:56:14 PM OK Rkill.exe\GDI32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\USER32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\LPK.dll
10/29/2012 11:56:14 PM OK Rkill.exe\USP10.dll
10/29/2012 11:56:14 PM OK Rkill.exe\SHLWAPI.dll
10/29/2012 11:56:14 PM OK Rkill.exe\COMDLG32.DLL
10/29/2012 11:56:14 PM OK Rkill.exe\SHELL32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\OLE32.DLL
10/29/2012 11:56:14 PM OK C:\Windows\syswow64\ADVAPI32.dll Object was not changed (iChecker)
10/29/2012 11:56:14 PM OK Rkill.exe\IMM32.DLL
10/29/2012 11:56:14 PM OK Rkill.exe\MSCTF.dll
10/29/2012 11:56:14 PM OK Rkill.exe\WS2_32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\NSI.dll
10/29/2012 11:56:14 PM OK Rkill.exe\ATL.DLL
10/29/2012 11:56:14 PM OK Rkill.exe\WININET.dll
10/29/2012 11:56:14 PM OK Rkill.exe\Normaliz.dll
10/29/2012 11:56:14 PM OK Rkill.exe\iertutil.dll
10/29/2012 11:56:14 PM OK Rkill.exe\urlmon.dll
10/29/2012 11:56:14 PM OK Rkill.exe\OLEAUT32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\WINMM.dll
10/29/2012 11:56:14 PM OK Rkill.exe\riched32.dll
10/29/2012 11:56:14 PM OK C:\Windows\syswow64\COMDLG32.dll Object was not changed (iChecker)
10/29/2012 11:56:14 PM OK C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll Object was not changed (iChecker)
10/29/2012 11:56:14 PM OK Rkill.exe\RICHED20.dll
10/29/2012 11:56:14 PM OK C:\Windows\system32\riched32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\UxTheme.dll
10/29/2012 11:56:14 PM OK Rkill.exe\PROPSYS.dll
10/29/2012 11:56:14 PM OK Rkill.exe\CLBCatQ.DLL
10/29/2012 11:56:14 PM OK Rkill.exe\ntmarta.dll
10/29/2012 11:56:14 PM OK Rkill.exe\WLDAP32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\profapi.dll
10/29/2012 11:56:14 PM OK Rkill.exe\SETUPAPI.dll
10/29/2012 11:56:14 PM OK Rkill.exe\CFGMGR32.dll
10/29/2012 11:56:14 PM OK Rkill.exe\DEVOBJ.dll
10/29/2012 11:56:14 PM OK Rkill.exe\apphelp.dll
10/29/2012 11:56:14 PM OK C:\Windows\syswow64\ole32.dll Object was not changed (iChecker)
10/29/2012 11:56:14 PM OK C:\Windows\system32\RICHED20.dll
10/29/2012 11:56:14 PM OK Rkill.exe\shdocvw.dll
10/29/2012 11:56:14 PM OK Rkill.exe\Secur32.dll
10/29/2012 11:56:14 PM OK C:\Windows\system32\shdocvw.dll
10/29/2012 11:56:14 PM OK 5123135.exe\5123135.exe
10/29/2012 11:56:14 PM OK 5123135.exe\ntdll.dll
10/29/2012 11:56:14 PM OK 5123135.exe\kernel32.dll
10/29/2012 11:56:14 PM OK 5123135.exe\KERNELBASE.dll
10/29/2012 11:56:14 PM OK 5123135.exe\gdiplus.dll
10/29/2012 11:56:14 PM OK 5123135.exe\msvcrt.dll
10/29/2012 11:56:14 PM OK 5123135.exe\USER32.dll
10/29/2012 11:56:14 PM OK 5123135.exe\GDI32.dll
10/29/2012 11:56:14 PM OK 5123135.exe\LPK.dll
10/29/2012 11:56:14 PM OK 5123135.exe\USP10.dll
10/29/2012 11:56:14 PM OK 5123135.exe\ADVAPI32.dll
10/29/2012 11:56:14 PM OK 5123135.exe\sechost.dll
10/29/2012 11:56:14 PM OK 5123135.exe\RPCRT4.dll
10/29/2012 11:56:14 PM OK 5123135.exe\SspiCli.dll
10/29/2012 11:56:14 PM OK 5123135.exe\CRYPTBASE.dll
10/29/2012 11:56:14 PM OK 5123135.exe\ole32.dll
10/29/2012 11:56:14 PM OK 5123135.exe\PSAPI.DLL
10/29/2012 11:56:15 PM OK 5123135.exe\SETUPAPI.dll
10/29/2012 11:56:15 PM OK 5123135.exe\CFGMGR32.dll
10/29/2012 11:56:15 PM OK 5123135.exe\OLEAUT32.dll
10/29/2012 11:56:15 PM OK 5123135.exe\DEVOBJ.dll
10/29/2012 11:56:15 PM OK 5123135.exe\FLTLIB.DLL
10/29/2012 11:56:15 PM OK 5123135.exe\SHELL32.dll
10/29/2012 11:56:15 PM OK 5123135.exe\SHLWAPI.dll
10/29/2012 11:56:15 PM OK 5123135.exe\IMM32.DLL
10/29/2012 11:56:15 PM OK 5123135.exe\MSCTF.dll
10/29/2012 11:56:15 PM OK 5123135.exe\WS2_32.dll
10/29/2012 11:56:15 PM OK 5123135.exe\NSI.dll
10/29/2012 11:56:15 PM OK 5123135.exe\ATL.DLL
10/29/2012 11:56:15 PM OK 5123135.exe\WININET.dll
10/29/2012 11:56:15 PM OK 5123135.exe\Normaliz.dll
10/29/2012 11:56:15 PM OK 5123135.exe\iertutil.dll
10/29/2012 11:56:15 PM OK 5123135.exe\urlmon.dll
10/29/2012 11:56:15 PM OK 5123135.exe\WINMM.dll
10/29/2012 11:56:15 PM OK 5123135.exe\wintrust.dll
10/29/2012 11:56:15 PM OK 5123135.exe\CRYPT32.dll
10/29/2012 11:56:15 PM OK 5123135.exe\MSASN1.dll
10/29/2012 11:56:15 PM OK 5123135.exe\CRYPTSP.dll
10/29/2012 11:56:15 PM OK 5123135.exe\rsaenh.dll
10/29/2012 11:56:15 PM OK 5123135.exe\imagehlp.dll
10/29/2012 11:56:15 PM OK 5123135.exe\ncrypt.dll
10/29/2012 11:56:15 PM OK 5123135.exe\bcrypt.dll
10/29/2012 11:56:15 PM OK 5123135.exe\bcryptprimitives.dll
10/29/2012 11:56:15 PM OK 5123135.exe\USERENV.dll
10/29/2012 11:56:15 PM OK 5123135.exe\profapi.dll
10/29/2012 11:56:15 PM OK 5123135.exe\GPAPI.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\FLTLIB.DLL
10/29/2012 11:56:15 PM OK 5123135.exe\cryptnet.dll
10/29/2012 11:56:15 PM OK 5123135.exe\WLDAP32.dll
10/29/2012 11:56:15 PM OK 5123135.exe\SensApi.dll
10/29/2012 11:56:15 PM OK 5123135.exe\WindowsCodecs.dll
10/29/2012 11:56:15 PM OK C:\Windows\syswow64\WINTRUST.dll Object was not changed (iChecker)
10/29/2012 11:56:15 PM OK C:\Users\Glory\AppData\Local\Temp\RarSFX0\5123135.exe Object was not changed (iChecker)
10/29/2012 11:56:15 PM OK 5123135.exe\comctl32.dll
10/29/2012 11:56:15 PM OK 5123135.exe\UxTheme.dll
10/29/2012 11:56:15 PM OK 5123135.exe\CLBCatQ.DLL
10/29/2012 11:56:15 PM OK 5123135.exe\propsys.dll
10/29/2012 11:56:15 PM OK 5123135.exe\ntmarta.dll
10/29/2012 11:56:15 PM OK 5123135.exe\apphelp.dll
10/29/2012 11:56:15 PM OK 5123135.exe\shdocvw.dll
10/29/2012 11:56:15 PM OK 5123135.exe\LINKINFO.dll
10/29/2012 11:56:15 PM OK C:\Windows\syswow64\imagehlp.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\SensApi.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\cryptnet.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\windowscodecs.dll Object was not changed (iChecker)
10/29/2012 11:56:15 PM OK C:\Windows\system32\PROPSYS.dll Object was not changed (iChecker)
10/29/2012 11:56:15 PM OK 5123135.exe\ntshrui.dll
10/29/2012 11:56:15 PM OK 5123135.exe\srvcli.dll
10/29/2012 11:56:15 PM OK 5123135.exe\cscapi.dll
10/29/2012 11:56:15 PM OK 5123135.exe\slc.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\LINKINFO.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\ntshrui.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\cscapi.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\slc.dll
10/29/2012 11:56:15 PM OK C:\Windows\system32\srvcli.dll
10/29/2012 11:56:28 PM OK C:\Windows\win.ini
10/29/2012 11:56:30 PM OK C:\Windows\system.ini
10/29/2012 11:56:37 PM OK C:\Windows\syswow64\explorer.exe
10/29/2012 11:56:41 PM OK C:\Windows\explorer.exe
10/29/2012 11:56:45 PM OK C:\Windows\ehome\McrMgr.exe
10/29/2012 11:56:49 PM OK C:\Windows\syswow64\userinit.exe
10/29/2012 11:56:53 PM OK C:\Windows\system32\userinit.exe
10/29/2012 11:57:21 PM OK C:\Windows\system32\igfxdev.dll
10/30/2012 12:00:37 AM OK C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe/#
10/30/2012 12:00:37 AM OK C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe/#
10/30/2012 12:00:37 AM OK C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
10/30/2012 12:00:37 AM OK C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10/30/2012 12:00:37 AM OK C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
10/30/2012 12:00:38 AM OK C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe/#
10/30/2012 12:00:38 AM OK C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10/30/2012 12:00:38 AM OK C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
10/30/2012 12:00:38 AM OK C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
10/30/2012 12:00:39 AM OK C:\Program Files (x86)\Ask.com\Updater\Updater.exe
10/30/2012 12:00:39 AM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
10/30/2012 12:00:39 AM OK C:\Program Files (x86)\Sendori\SendoriTray.exe
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\vprot.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\vprot.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\vprot.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\vprot.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\vprot.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\vprot.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\vprot.exe
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe/#
10/30/2012 12:00:40 AM OK C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe
10/30/2012 12:00:40 AM OK C:\Windows\syswow64\rundll32.exe
10/30/2012 12:00:41 AM OK C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll/data0000.res
10/30/2012 12:00:41 AM OK C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll/data0001.res
10/30/2012 12:00:41 AM OK C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
10/30/2012 12:00:41 AM OK C:\Windows\syswow64\grpconv.exe
10/30/2012 12:00:42 AM OK C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
10/30/2012 12:00:42 AM OK C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe/data0000.res
10/30/2012 12:00:43 AM OK C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
10/30/2012 12:00:43 AM OK C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
10/30/2012 12:00:43 AM OK C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
10/30/2012 12:00:43 AM OK C:\Program Files\Java\jre6\bin\jusched.exe
10/30/2012 12:00:43 AM OK C:\Windows\system32\igfxtray.exe
10/30/2012 12:00:43 AM OK C:\Windows\system32\hkcmd.exe
10/30/2012 12:00:43 AM OK C:\Windows\system32\igfxpers.exe
10/30/2012 12:00:44 AM OK C:\Program Files\Microsoft Security Client\msseces.exe
10/30/2012 12:00:44 AM OK C:\Program Files\Microsoft Office\Office14\BCSSync.exe
10/30/2012 12:00:46 AM OK C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
10/30/2012 12:00:46 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\cdloader2.exe/#
10/30/2012 12:00:46 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\cdloader2.exe
10/30/2012 12:00:47 AM OK C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
10/30/2012 12:00:47 AM OK C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
10/30/2012 12:00:49 AM OK C:\Windows\system32\aelupsvc.dll
10/30/2012 12:00:49 AM OK C:\Windows\system32\appidsvc.dll
10/30/2012 12:00:49 AM OK C:\Windows\system32\appinfo.dll
10/30/2012 12:00:49 AM OK C:\Windows\system32\audiosrv.dll
10/30/2012 12:00:49 AM OK C:\Windows\system32\AxInstSv.dll
10/30/2012 12:00:49 AM OK C:\Windows\system32\bdesvc.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\BFE.DLL
10/30/2012 12:00:50 AM OK C:\Windows\system32\qmgr.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\browser.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\bthserv.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\certprop.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\cryptsvc.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\rpcss.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\defragsvc.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\dhcpcore.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\dnsrslvr.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\dot3svc.dll
10/30/2012 12:00:50 AM OK C:\Windows\system32\dps.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\eapsvc.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\es.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\fdPHost.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\FDResPub.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\FntCache.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\gpsvc.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\hidserv.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\KMSVC.DLL
10/30/2012 12:00:51 AM OK C:\Windows\system32\ListSvc.dll
10/30/2012 12:00:51 AM OK C:\Windows\system32\provsvc.dll
10/30/2012 12:00:52 AM OK C:\Windows\system32\IKEEXT.DLL
10/30/2012 12:00:52 AM OK C:\Windows\system32\IPBusEnum.dll
10/30/2012 12:00:52 AM OK C:\Windows\system32\msdtckrm.dll
10/30/2012 12:00:52 AM OK C:\Windows\system32\srvsvc.dll
10/30/2012 12:00:52 AM OK C:\Windows\system32\wkssvc.dll
10/30/2012 12:00:52 AM OK C:\Windows\system32\lltdsvc.dll
10/30/2012 12:00:52 AM OK C:\Windows\system32\lmhsvc.dll
10/30/2012 12:00:52 AM OK C:\Windows\system32\Mcx2Svc.dll
10/30/2012 12:00:52 AM OK C:\Windows\system32\mmcss.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\iscsiexe.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\QAGENTRT.DLL
10/30/2012 12:00:53 AM OK C:\Windows\system32\netman.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\netprofm.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\nlasvc.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\nsisvc.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\pnrpsvc.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\p2psvc.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\pcasvc.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\pla.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\umpnpmgr.dll
10/30/2012 12:00:53 AM OK C:\Windows\system32\pnrpauto.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\IPSECSVC.DLL
10/30/2012 12:00:54 AM OK C:\Windows\system32\umpo.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\profsvc.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\qwave.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\rasauto.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\rasmans.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\mprdim.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\regsvc.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\RpcEpMap.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\SCardSvr.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\schedsvc.dll
10/30/2012 12:00:54 AM OK C:\Windows\system32\sdrsvc.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\seclogon.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\Sens.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\sensrsvc.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\SessEnv.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\ipnathlp.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\shsvcs.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\sppuinotify.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\ssdpsrv.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\sstpsvc.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\wiaservc.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\swprv.dll
10/30/2012 12:00:55 AM OK C:\Windows\system32\sysmain.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\TabSvc.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\tapisrv.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\tbssvc.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\termsrv.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\themeservice.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\trkwks.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\upnphost.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\uxsms.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\w32time.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\wbiosrvc.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\wcncsvc.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\WcsPlugInService.dll
10/30/2012 12:00:56 AM OK C:\Windows\system32\wdi.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\WebClnt.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\wecsvc.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\wercplsupport.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\wersvc.dll
10/30/2012 12:00:57 AM OK C:\Program Files\Windows Defender\MpSvc.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\winhttp.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\wbem\WMIsvc.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\WsmSvc.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\wlansvc.dll
10/30/2012 12:00:57 AM OK C:\Windows\system32\wpcsvc.dll
10/30/2012 12:00:58 AM OK C:\Windows\system32\wpdbusenum.dll
10/30/2012 12:00:58 AM OK C:\Windows\system32\wscsvc.dll
10/30/2012 12:00:58 AM OK C:\Windows\system32\wuaueng.dll
10/30/2012 12:00:58 AM OK C:\Windows\system32\WUDFSvc.dll
10/30/2012 12:00:58 AM OK C:\Windows\system32\wwansvc.dll
10/30/2012 12:01:01 AM OK C:\Windows\system32\drivers\1394ohci.sys
10/30/2012 12:01:01 AM OK C:\Windows\system32\drivers\acpi.sys
10/30/2012 12:01:01 AM OK C:\Windows\system32\drivers\acpipmi.sys
10/30/2012 12:01:01 AM OK C:\Windows\system32\drivers\adp94xx.sys
10/30/2012 12:01:01 AM OK C:\Windows\system32\drivers\adpahci.sys
10/30/2012 12:01:01 AM OK C:\Windows\system32\drivers\adpu320.sys
10/30/2012 12:01:01 AM OK C:\Windows\system32\svchost.exe
10/30/2012 12:01:01 AM OK C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10/30/2012 12:01:01 AM OK C:\Windows\system32\drivers\afd.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\AGP440.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\alg.exe
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\aliide.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\amdide.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\amdk8.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\amdppm.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\amdsata.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\amdsbs.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\amdxata.sys
10/30/2012 12:01:02 AM OK C:\Windows\system32\drivers\appid.sys
10/30/2012 12:01:02 AM OK C:\Program Files (x86)\Sendori\SendoriSvc.exe
10/30/2012 12:01:03 AM OK C:\Windows\system32\drivers\arc.sys
10/30/2012 12:01:03 AM OK C:\Windows\system32\drivers\arcsas.sys
10/30/2012 12:01:03 AM OK C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10/30/2012 12:01:03 AM OK C:\Windows\system32\drivers\asyncmac.sys
10/30/2012 12:01:03 AM OK C:\Windows\system32\drivers\atapi.sys
10/30/2012 12:01:03 AM OK C:\Windows\system32\drivers\avgtpx64.sys
10/30/2012 12:01:03 AM OK C:\Windows\system32\drivers\bxvbda.sys
10/30/2012 12:01:03 AM OK C:\Windows\system32\drivers\b57nd60a.sys
10/30/2012 12:01:04 AM OK C:\Windows\system32\drivers\beep.sys
10/30/2012 12:01:04 AM OK C:\Windows\system32\drivers\blbdrive.sys
10/30/2012 12:01:04 AM OK C:\Windows\system32\drivers\bowser.sys
10/30/2012 12:01:04 AM OK C:\Windows\system32\drivers\BrFiltLo.sys
10/30/2012 12:01:04 AM OK C:\Windows\system32\drivers\BrFiltUp.sys
10/30/2012 12:01:04 AM OK C:\Windows\system32\drivers\bridge.sys
10/30/2012 12:01:04 AM OK C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
10/30/2012 12:01:05 AM OK C:\Windows\system32\drivers\BrSerId.sys
10/30/2012 12:01:05 AM OK C:\Windows\system32\drivers\BrSerWdm.sys
10/30/2012 12:01:05 AM OK C:\Windows\system32\drivers\BrUsbMdm.sys
10/30/2012 12:01:05 AM OK C:\Windows\system32\drivers\BrUsbSer.sys
10/30/2012 12:01:05 AM OK C:\Windows\system32\drivers\bthmodem.sys
10/30/2012 12:01:05 AM OK C:\Windows\system32\drivers\cdfs.sys
10/30/2012 12:01:05 AM OK C:\Windows\system32\drivers\cdrom.sys
10/30/2012 12:01:05 AM OK C:\Windows\system32\drivers\circlass.sys
10/30/2012 12:01:05 AM OK C:\Windows\system32\clfs.sys
10/30/2012 12:01:05 AM OK C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10/30/2012 12:01:06 AM OK C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10/30/2012 12:01:06 AM OK C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10/30/2012 12:01:06 AM OK C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10/30/2012 12:01:06 AM OK C:\Windows\system32\drivers\CmBatt.sys
10/30/2012 12:01:06 AM OK C:\Windows\system32\drivers\cmdide.sys
10/30/2012 12:01:06 AM OK C:\Windows\system32\drivers\cng.sys
10/30/2012 12:01:06 AM OK C:\Windows\system32\drivers\compbatt.sys
10/30/2012 12:01:06 AM OK C:\Windows\system32\drivers\CompositeBus.sys
10/30/2012 12:01:06 AM OK C:\Windows\system32\dllhost.exe
10/30/2012 12:01:06 AM OK C:\Windows\system32\drivers\crcdisk.sys
10/30/2012 12:01:06 AM OK C:\Windows\system32\drivers\dfsc.sys
10/30/2012 12:01:07 AM OK C:\Windows\system32\drivers\discache.sys
10/30/2012 12:01:07 AM OK C:\Windows\system32\drivers\disk.sys
10/30/2012 12:01:07 AM OK C:\Windows\system32\drivers\drmkaud.sys
10/30/2012 12:01:07 AM OK C:\Windows\system32\drivers\dtsoftbus01.sys
10/30/2012 12:01:07 AM OK C:\Windows\system32\drivers\dxgkrnl.sys
10/30/2012 12:01:07 AM OK C:\Windows\system32\drivers\evbda.sys
10/30/2012 12:01:07 AM OK C:\Windows\system32\lsass.exe
10/30/2012 12:01:07 AM OK C:\Windows\ehome\ehrecvr.exe
10/30/2012 12:01:07 AM OK C:\Windows\ehome\ehsched.exe
10/30/2012 12:01:07 AM OK C:\Windows\system32\drivers\elxstor.sys
10/30/2012 12:01:07 AM OK C:\Windows\system32\drivers\errdev.sys
10/30/2012 12:01:08 AM OK C:\Windows\system32\drivers\exfat.sys
10/30/2012 12:01:08 AM OK C:\Windows\system32\drivers\fastfat.sys
10/30/2012 12:01:08 AM OK C:\Windows\system32\FXSSVC.exe
10/30/2012 12:01:08 AM OK C:\Windows\system32\drivers\fdc.sys
10/30/2012 12:01:08 AM OK C:\Windows\system32\drivers\fileinfo.sys
10/30/2012 12:01:08 AM OK C:\Windows\system32\drivers\filetrace.sys
10/30/2012 12:01:08 AM OK C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10/30/2012 12:01:08 AM OK C:\Windows\system32\drivers\flpydisk.sys
10/30/2012 12:01:08 AM OK C:\Windows\system32\drivers\fltMgr.sys
10/30/2012 12:01:08 AM OK C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
10/30/2012 12:01:09 AM OK C:\Windows\system32\drivers\fsdepends.sys
10/30/2012 12:01:09 AM OK C:\Windows\system32\drivers\fvevol.sys
10/30/2012 12:01:09 AM OK C:\Windows\system32\drivers\GAGP30KX.SYS
10/30/2012 12:01:09 AM OK C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10/30/2012 12:01:09 AM OK C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10/30/2012 12:01:10 AM OK C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10/30/2012 12:01:10 AM OK C:\Windows\system32\drivers\hcw85cir.sys
10/30/2012 12:01:10 AM OK C:\Windows\system32\drivers\HdAudio.sys
10/30/2012 12:01:10 AM OK C:\Windows\system32\drivers\hdaudbus.sys
10/30/2012 12:01:10 AM OK C:\Windows\system32\drivers\hidbatt.sys
10/30/2012 12:01:10 AM OK C:\Windows\system32\drivers\hidbth.sys
10/30/2012 12:01:10 AM OK C:\Windows\system32\drivers\hidir.sys
10/30/2012 12:01:10 AM OK C:\Windows\system32\drivers\hidusb.sys
10/30/2012 12:01:10 AM OK C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
10/30/2012 12:01:11 AM OK C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10/30/2012 12:01:11 AM OK C:\Windows\system32\drivers\HpSAMD.sys
10/30/2012 12:01:11 AM OK C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
10/30/2012 12:01:11 AM OK C:\Windows\system32\drivers\http.sys
10/30/2012 12:01:11 AM OK C:\Windows\system32\drivers\hwpolicy.sys
10/30/2012 12:01:11 AM OK C:\Windows\system32\drivers\i8042prt.sys
10/30/2012 12:01:11 AM OK C:\Windows\system32\drivers\iaStor.sys
10/30/2012 12:01:11 AM OK C:\Windows\system32\drivers\iaStorV.sys
10/30/2012 12:01:11 AM OK C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\igdkmd64.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\iirsp.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\RTKVHD64.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\IntcHdmi.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\intelide.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\intelppm.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\ipfltdrv.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\IPMIDrv.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\ipnat.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\irenum.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\isapnp.sys
10/30/2012 12:01:12 AM OK C:\Windows\system32\drivers\msiscsi.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\kbdclass.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\kbdhid.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\ksecdd.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\ksecpkg.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\ksthunk.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\lltdio.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\lsi_fc.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\lsi_sas.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\lsi_sas2.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\lsi_scsi.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\luafv.sys
10/30/2012 12:01:13 AM OK C:\Windows\system32\drivers\megasas.sys
10/30/2012 12:01:14 AM OK C:\Windows\system32\drivers\MegaSR.sys
10/30/2012 12:01:14 AM OK C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
10/30/2012 12:01:14 AM OK C:\Windows\system32\drivers\modem.sys
10/30/2012 12:01:14 AM OK C:\Windows\system32\drivers\monitor.sys
10/30/2012 12:01:14 AM OK C:\Windows\system32\drivers\mouclass.sys
10/30/2012 12:01:14 AM OK C:\Windows\system32\drivers\mouhid.sys
10/30/2012 12:01:14 AM OK C:\Windows\system32\drivers\mountmgr.sys
10/30/2012 12:01:14 AM OK C:\Windows\system32\drivers\MpFilter.sys
10/30/2012 12:01:14 AM OK C:\Windows\system32\drivers\mpio.sys
10/30/2012 12:01:15 AM OK C:\Windows\system32\drivers\mpsdrv.sys
10/30/2012 12:01:15 AM OK C:\Windows\system32\drivers\mrxdav.sys
10/30/2012 12:01:15 AM OK C:\Windows\system32\drivers\mrxsmb.sys
10/30/2012 12:01:15 AM OK C:\Windows\system32\drivers\mrxsmb10.sys
10/30/2012 12:01:15 AM OK C:\Windows\system32\drivers\mrxsmb20.sys
10/30/2012 12:01:15 AM OK C:\Windows\system32\drivers\msahci.sys
10/30/2012 12:01:15 AM OK C:\Windows\system32\drivers\msdsm.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\msdtc.exe
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\msfs.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\mshidkmdf.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\msisadrv.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\msiexec.exe
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\mskssrv.sys
10/30/2012 12:01:16 AM OK C:\Program Files\Microsoft Security Client\MsMpEng.exe
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\mspclock.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\mspqm.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\msrpc.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\mssmbios.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\mstee.sys
10/30/2012 12:01:16 AM OK C:\Windows\system32\drivers\MTConfig.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\mup.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\nwifi.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\ndis.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\ndiscap.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\ndistapi.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\ndisuio.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\ndiswan.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\ndproxy.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\netbios.sys
10/30/2012 12:01:17 AM OK C:\Windows\system32\drivers\netbt.sys
10/30/2012 12:01:17 AM OK C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10/30/2012 12:01:18 AM OK C:\Windows\system32\drivers\netw5v64.sys
10/30/2012 12:01:18 AM OK C:\Windows\system32\drivers\nfrd960.sys
10/30/2012 12:01:18 AM OK C:\Windows\system32\drivers\NisDrvWFP.sys
10/30/2012 12:01:18 AM OK C:\Program Files\Microsoft Security Client\NisSrv.exe
10/30/2012 12:01:18 AM OK C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
10/30/2012 12:01:18 AM OK C:\Windows\system32\drivers\npfs.sys
10/30/2012 12:01:18 AM OK C:\Windows\system32\drivers\nsiproxy.sys
10/30/2012 12:01:19 AM OK C:\Windows\system32\drivers\ntfs.sys
10/30/2012 12:01:19 AM OK C:\Windows\system32\drivers\null.sys
10/30/2012 12:01:21 AM OK C:\Windows\system32\drivers\nvraid.sys
10/30/2012 12:01:23 AM OK C:\Windows\system32\drivers\nvstor.sys
10/30/2012 12:01:23 AM OK C:\Windows\system32\drivers\NV_AGP.SYS
10/30/2012 12:01:23 AM OK C:\Windows\system32\drivers\ohci1394.sys
10/30/2012 12:01:23 AM OK C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10/30/2012 12:01:23 AM OK C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10/30/2012 12:01:23 AM OK C:\Windows\system32\drivers\parport.sys
10/30/2012 12:01:23 AM OK C:\Windows\system32\drivers\partmgr.sys
10/30/2012 12:01:23 AM OK C:\Windows\system32\drivers\pci.sys
10/30/2012 12:01:23 AM OK C:\Windows\system32\drivers\pciide.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\pcmcia.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\pcw.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\PEAuth.sys
10/30/2012 12:01:24 AM OK C:\Windows\syswow64\perfhost.exe
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\raspptp.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\processr.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\pacer.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\ql2300.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\ql40xx.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\qwavedrv.sys
10/30/2012 12:01:24 AM OK C:\Windows\system32\drivers\rasacd.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\agilevpn.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\rasl2tp.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\raspppoe.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\rassstp.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\rdbss.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\rdpbus.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\RDPCDD.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\RDPENCDD.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\RDPREFMP.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\rdpwd.sys
10/30/2012 12:01:25 AM OK C:\Windows\system32\drivers\rdyboost.sys
10/30/2012 12:01:26 AM OK C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10/30/2012 12:01:26 AM OK C:\Windows\system32\Locator.exe
10/30/2012 12:01:26 AM OK C:\Windows\system32\drivers\rspndr.sys
10/30/2012 12:01:26 AM OK C:\Windows\system32\drivers\RtsUStor.sys
10/30/2012 12:01:26 AM OK C:\Windows\system32\drivers\Rt64win7.sys
10/30/2012 12:01:26 AM OK C:\Windows\system32\drivers\rtl8192se.sys
10/30/2012 12:01:26 AM OK C:\Windows\system32\drivers\sbp2port.sys
10/30/2012 12:01:26 AM OK C:\Windows\system32\drivers\scfilter.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\sdbus.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\secdrv.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\serenum.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\serial.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\sermouse.sys
10/30/2012 12:01:27 AM OK C:\Program Files (x86)\Sendori\Sendori.Service.exe
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\sffdisk.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\sffp_mmc.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\sffp_sd.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\sfloppy.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\sisraid2.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\sisraid4.sys
10/30/2012 12:01:27 AM OK C:\Windows\system32\drivers\smb.sys
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:28 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe/#
10/30/2012 12:01:29 AM OK C:\Program Files (x86)\Sendori\sndappv2.exe
10/30/2012 12:01:29 AM OK C:\Windows\system32\snmptrap.exe
10/30/2012 12:01:29 AM OK C:\Windows\system32\drivers\spldr.sys
10/30/2012 12:01:29 AM OK C:\Windows\system32\spoolsv.exe
10/30/2012 12:01:29 AM OK C:\Windows\system32\sppsvc.exe
10/30/2012 12:01:29 AM OK C:\Windows\system32\drivers\srv.sys
10/30/2012 12:01:29 AM OK C:\Windows\system32\drivers\srv2.sys
10/30/2012 12:01:29 AM OK C:\Windows\system32\drivers\VSTAZL6.SYS
10/30/2012 12:01:30 AM OK C:\Windows\system32\drivers\VSTDPV6.SYS
10/30/2012 12:01:30 AM OK C:\Windows\system32\drivers\VSTCNXT6.SYS
10/30/2012 12:01:30 AM OK C:\Windows\system32\drivers\srvnet.sys
10/30/2012 12:01:30 AM OK C:\Windows\system32\drivers\stexstor.sys
10/30/2012 12:01:32 AM OK C:\Windows\system32\drivers\swenum.sys
10/30/2012 12:01:34 AM OK C:\Windows\system32\drivers\SynTP.sys
10/30/2012 12:01:34 AM OK C:\Windows\system32\drivers\tcpip.sys
10/30/2012 12:01:34 AM OK C:\Windows\system32\drivers\tcpipreg.sys
10/30/2012 12:01:34 AM OK C:\Windows\system32\drivers\tdpipe.sys
10/30/2012 12:01:34 AM OK C:\Windows\system32\drivers\tdtcp.sys
10/30/2012 12:01:34 AM OK C:\Windows\system32\drivers\tdx.sys
10/30/2012 12:01:35 AM OK C:\Windows\system32\drivers\termdd.sys
10/30/2012 12:01:35 AM OK C:\Windows\servicing\TrustedInstaller.exe
10/30/2012 12:01:35 AM OK C:\Windows\system32\drivers\tssecsrv.sys
10/30/2012 12:01:35 AM OK C:\Windows\system32\drivers\tunnel.sys
10/30/2012 12:01:35 AM OK C:\Windows\system32\drivers\UAGP35.SYS
10/30/2012 12:01:35 AM OK C:\Windows\system32\drivers\udfs.sys
10/30/2012 12:01:35 AM OK C:\Windows\system32\UI0Detect.exe
10/30/2012 12:01:35 AM OK C:\Windows\system32\drivers\ULIAGPKX.SYS
10/30/2012 12:01:35 AM OK C:\Windows\system32\drivers\umbus.sys
10/30/2012 12:01:35 AM OK C:\Windows\system32\drivers\umpass.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\USBAUDIO.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\usbccgp.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\usbcir.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\usbehci.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\usbhub.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\usbohci.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\usbprint.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\usbscan.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\USBSTOR.SYS
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\usbuhci.sys
10/30/2012 12:01:36 AM OK C:\Windows\system32\drivers\vdrvroot.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\vds.exe
10/30/2012 12:01:37 AM OK C:\Windows\system32\drivers\vgapnp.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\drivers\vga.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\drivers\vhdmp.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\drivers\viaide.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\drivers\volmgr.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\drivers\volmgrx.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\drivers\volsnap.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\drivers\vsmraid.sys
10/30/2012 12:01:37 AM OK C:\Windows\system32\VSSVC.exe
10/30/2012 12:01:38 AM OK C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
10/30/2012 12:01:38 AM OK C:\Windows\system32\drivers\vwifibus.sys
10/30/2012 12:01:38 AM OK C:\Windows\system32\drivers\vwififlt.sys
10/30/2012 12:01:38 AM OK C:\Windows\system32\drivers\wacompen.sys
10/30/2012 12:01:38 AM OK C:\Windows\system32\drivers\wanarp.sys
10/30/2012 12:01:38 AM OK C:\Windows\system32\Wat\WatAdminSvc.exe
10/30/2012 12:01:38 AM OK C:\Windows\system32\wbengine.exe
10/30/2012 12:01:38 AM OK C:\Windows\system32\drivers\wd.sys
10/30/2012 12:01:38 AM OK C:\Windows\system32\drivers\Wdf01000.sys
10/30/2012 12:01:39 AM OK C:\Windows\system32\drivers\wfplwf.sys
10/30/2012 12:01:39 AM OK C:\Windows\system32\drivers\wimmount.sys
10/30/2012 12:01:39 AM OK C:\Windows\system32\drivers\winusb.sys
10/30/2012 12:01:39 AM OK C:\Windows\system32\drivers\wmiacpi.sys
10/30/2012 12:01:39 AM OK C:\Windows\system32\wbem\WmiApSrv.exe
10/30/2012 12:01:39 AM OK C:\Program Files\Windows Media Player\wmpnetwk.exe
10/30/2012 12:01:40 AM OK C:\Windows\system32\drivers\ws2ifsl.sys
10/30/2012 12:01:41 AM OK C:\Windows\system32\SearchIndexer.exe
10/30/2012 12:01:43 AM OK C:\Windows\system32\drivers\WUDFPf.sys
10/30/2012 12:01:47 AM OK C:\Windows\system32\drivers\WUDFRd.sys
10/30/2012 12:01:51 AM OK C:\Windows\system32\drivers\yk62x64.sys
10/30/2012 12:02:02 AM OK C:\Windows\system32\autochk.exe
10/30/2012 12:02:02 AM OK C:\Windows\system32\scecli.dll
10/30/2012 12:02:02 AM OK C:\Windows\syswow64\unregmp2.exe
10/30/2012 12:02:02 AM OK C:\Windows\syswow64\ie4uinit.exe
10/30/2012 12:02:02 AM OK C:\Windows\syswow64\iedkcs32.dll
10/30/2012 12:02:02 AM OK C:\Windows\syswow64\regsvr32.exe
10/30/2012 12:02:03 AM OK C:\Windows\syswow64\themeui.dll
10/30/2012 12:02:03 AM OK C:\Program Files (x86)\Windows Mail\WinMail.exe
10/30/2012 12:02:04 AM OK C:\Windows\syswow64\SHELL32.dll
10/30/2012 12:02:07 AM OK C:\Windows\syswow64\mscories.dll
10/30/2012 12:02:07 AM OK C:\Windows\system32\unregmp2.exe
10/30/2012 12:02:07 AM OK C:\Windows\system32\ie4uinit.exe
10/30/2012 12:02:07 AM OK C:\Windows\system32\rundll32.exe
  • 0

Advertisements

#11
gg101
Posted 30 October 2012 - 02:19 PM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
10/30/2012 12:02:07 AM OK C:\Windows\system32\iedkcs32.dll
10/30/2012 12:02:07 AM OK C:\Windows\system32\regsvr32.exe
10/30/2012 12:02:07 AM OK C:\Windows\system32\themeui.dll
10/30/2012 12:02:07 AM OK C:\Program Files\Windows Mail\WinMail.exe
10/30/2012 12:02:08 AM OK C:\Windows\system32\shell32.dll
10/30/2012 12:02:08 AM OK C:\Windows\system32\mscories.dll
10/30/2012 12:02:08 AM OK C:\Windows\syswow64\msrle32.dll
10/30/2012 12:02:08 AM OK C:\Windows\syswow64\msvidc32.dll
10/30/2012 12:02:08 AM OK C:\Windows\syswow64\imaadp32.acm
10/30/2012 12:02:08 AM OK C:\Windows\syswow64\msg711.acm
10/30/2012 12:02:08 AM OK C:\Windows\syswow64\msgsm32.acm
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\msadp32.acm
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\midimap.dll
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\msacm32.drv
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\msyuv.dll
10/30/2012 12:02:09 AM OK C:\Windows\system32\msyuv.dll
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\iyuv_32.dll
10/30/2012 12:02:09 AM OK C:\Windows\system32\iyuv_32.dll
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\tsbyuv.dll
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\l3codeca.acm
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\iccvid.dll
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\sirenacm.dll
10/30/2012 12:02:09 AM OK C:\Windows\syswow64\l3codecp.acm
10/30/2012 12:02:10 AM OK C:\Windows\syswow64\wdmaud.drv
10/30/2012 12:02:10 AM OK C:\Windows\system32\wdmaud.drv
10/30/2012 12:02:10 AM OK C:\Windows\system32\msrle32.dll
10/30/2012 12:02:10 AM OK C:\Windows\system32\msvidc32.dll
10/30/2012 12:02:10 AM OK C:\Windows\system32\imaadp32.acm
10/30/2012 12:02:10 AM OK C:\Windows\system32\msg711.acm
10/30/2012 12:02:10 AM OK C:\Windows\system32\msgsm32.acm
10/30/2012 12:02:10 AM OK C:\Windows\system32\msadp32.acm
10/30/2012 12:02:10 AM OK C:\Windows\system32\midimap.dll
10/30/2012 12:02:10 AM OK C:\Windows\system32\msacm32.drv
10/30/2012 12:02:10 AM OK C:\Windows\system32\tsbyuv.dll
10/30/2012 12:02:10 AM OK C:\Windows\system32\l3codeca.acm
10/30/2012 12:02:11 AM OK C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
10/30/2012 12:02:13 AM OK C:\Windows\system32\webcheck.dll
10/30/2012 12:02:14 AM OK C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
10/30/2012 12:02:14 AM OK C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
10/30/2012 12:02:14 AM OK C:\Windows\system32\shdocvw.dll
10/30/2012 12:02:15 AM OK C:\Windows\system32\mf.dll
10/30/2012 12:02:15 AM OK C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
10/30/2012 12:02:15 AM OK C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
10/30/2012 12:02:15 AM OK C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
10/30/2012 12:02:15 AM OK C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll
10/30/2012 12:02:16 AM OK C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
10/30/2012 12:02:16 AM OK C:\Program Files (x86)\WinRAR\RarExt.dll
10/30/2012 12:02:16 AM OK C:\Program Files (x86)\WinRAR\RarExt64.dll
10/30/2012 12:02:16 AM OK C:\Windows\syswow64\webcheck.dll
10/30/2012 12:02:17 AM OK C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL
10/30/2012 12:02:18 AM OK C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
10/30/2012 12:02:18 AM OK C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
10/30/2012 12:02:18 AM OK C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
10/30/2012 12:02:18 AM OK C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
10/30/2012 12:02:19 AM OK C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll
10/30/2012 12:02:19 AM OK C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
10/30/2012 12:02:19 AM OK C:\Program Files\Microsoft Security Client\shellext.dll
10/30/2012 12:02:20 AM OK C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL
10/30/2012 12:02:20 AM OK C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
10/30/2012 12:02:20 AM OK C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
10/30/2012 12:02:20 AM OK C:\Program Files\Microsoft Office\Office14\MLSHEXT.DLL
10/30/2012 12:02:21 AM OK C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
10/30/2012 12:02:21 AM OK C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
10/30/2012 12:02:22 AM OK C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
10/30/2012 12:02:22 AM OK C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
10/30/2012 12:02:22 AM OK C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
10/30/2012 12:02:23 AM OK C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
10/30/2012 12:02:23 AM OK C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
10/30/2012 12:02:23 AM OK C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
10/30/2012 12:02:24 AM OK C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
10/30/2012 12:02:24 AM OK C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
10/30/2012 12:02:24 AM OK C:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
10/30/2012 12:02:25 AM OK C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
10/30/2012 12:02:25 AM OK C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
10/30/2012 12:02:25 AM OK C:\Program Files\Java\jre6\bin\jp2ssv.dll
10/30/2012 12:02:25 AM OK C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
10/30/2012 12:02:26 AM OK C:\Windows\Downloaded Program Files\Photochannel.dll
10/30/2012 12:02:26 AM OK C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll
10/30/2012 12:02:26 AM OK C:\Program Files\Java\jre6\bin\jp2iexp.dll
10/30/2012 12:02:26 AM OK C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll
10/30/2012 12:02:27 AM OK C:\Program Files (x86)\Common Files\muvee Technologies\MainConcept3(muvee)\muveempgdmx.ax
10/30/2012 12:02:27 AM OK C:\Program Files (x86)\Common Files\muvee Technologies\MainConcept3(muvee)\muveemp4demux.ax
10/30/2012 12:02:27 AM OK C:\Windows\system32\prnfldr.dll
10/30/2012 12:02:28 AM OK C:\Windows\syswow64\ieframe.dll
10/30/2012 12:02:29 AM OK C:\Windows\system32\ieframe.dll
10/30/2012 12:02:29 AM OK C:\Windows\system32\mscoree.dll
10/30/2012 12:02:29 AM OK C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
10/30/2012 12:02:29 AM OK C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
10/30/2012 12:02:30 AM OK C:\Windows\syswow64\mshtml.dll
10/30/2012 12:02:30 AM OK C:\Windows\system32\MSHTML.dll
10/30/2012 12:02:31 AM OK C:\Windows\syswow64\urlmon.dll
10/30/2012 12:02:31 AM OK C:\Windows\system32\urlmon.dll
10/30/2012 12:02:31 AM OK C:\Windows\syswow64\MSVidCtl.dll
10/30/2012 12:02:31 AM OK C:\Windows\system32\MSVidCtl.dll
10/30/2012 12:02:32 AM OK C:\Windows\system32\itss.dll
10/30/2012 12:02:33 AM OK C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
10/30/2012 12:02:33 AM OK C:\Windows\system32\inetcomm.dll
10/30/2012 12:02:33 AM OK C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
10/30/2012 12:02:34 AM OK C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
10/30/2012 12:02:34 AM OK C:\Windows\system32\EhStorShell.dll
10/30/2012 12:02:34 AM OK C:\Windows\system32\ntshrui.dll
10/30/2012 12:02:34 AM OK C:\Windows\syswow64\SystemPropertiesPerformance.exe
10/30/2012 12:02:34 AM OK C:\Windows\system32\SystemPropertiesPerformance.exe
10/30/2012 12:02:35 AM OK C:\Windows\system32\cmd.exe
10/30/2012 12:02:35 AM OK C:\Windows\syswow64\wlgpclnt.dll
10/30/2012 12:02:35 AM OK C:\Windows\syswow64\fdeploy.dll
10/30/2012 12:02:35 AM OK C:\Windows\syswow64\dskquota.dll
10/30/2012 12:02:35 AM OK C:\Windows\syswow64\gptext.dll
10/30/2012 12:02:36 AM OK C:\Windows\syswow64\srchadmin.dll
10/30/2012 12:02:40 AM OK C:\Windows\syswow64\scecli.dll
10/30/2012 12:02:44 AM OK C:\Windows\syswow64\gpprnext.dll
10/30/2012 12:02:49 AM OK C:\Windows\syswow64\dot3gpclnt.dll
10/30/2012 12:02:53 AM OK C:\Windows\system32\gptext.dll
10/30/2012 12:02:57 AM OK C:\Windows\syswow64\polstore.dll
10/30/2012 12:03:02 AM OK C:\Windows\system32\wlgpclnt.dll
10/30/2012 12:03:06 AM OK C:\Windows\system32\fdeploy.dll
10/30/2012 12:03:10 AM OK C:\Windows\system32\dskquota.dll
10/30/2012 12:03:13 AM OK C:\Windows\system32\srchadmin.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\gpprnext.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\dot3gpclnt.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\polstore.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\auditcse.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\iprtrmgr.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\bitsigd.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\scext.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\lsasrv.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\efslsaext.dll
10/30/2012 12:03:14 AM OK C:\Windows\system32\credssp.dll
10/30/2012 12:03:15 AM OK C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
10/30/2012 12:03:15 AM OK C:\Windows\system32\cmcfg32.dll
10/30/2012 12:03:15 AM Packed: UPX i:\ComboFix.exe
10/30/2012 12:03:15 AM Archive: NSIS i:\ComboFix.exe/UPX
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/data0001
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/$PLUGINSDIR\System.dll
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/$PLUGINSDIR\UserInfo.dll
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/023.dat
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/023v.dat
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/023w7.dat
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/AWF.cmd
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/ActiveDrv.vbs
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/AppDataFile.cfx
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/AppDataFolder.cfx
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/Assoc.cmd
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/Auto-RC.cmd
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/BFE.dat
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/Boot-Rk.cmd
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/Boot.bat
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/BootDrv.vbs
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/CF-Script.cmd
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/Catch-sub.cmd
10/30/2012 12:03:15 AM OK i:\ComboFix.exe/UPX/Combo-Fix.sys
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/ComboFix-Download.3XE
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Combobatch.bat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Create.cmd
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Creg.dat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/CregC.cmd
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/CregC.dat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/DPF.str
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/DelClsid.bat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/DelClsid64.bat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/DesktopFile.cfx
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Dnl.dat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/DrvRun.vbs
10/30/2012 12:03:16 AM Packed: UPX i:\ComboFix.exe/UPX/ERDNT.e_e
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/ERDNT.e_e/UPX
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/ERDNT.e_e
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/ERDNTDOS.LOC
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/ERDNTWIN.LOC
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/ERUNT.3XE
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/ERUNT.LOC
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Exe.reg
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FD-SV.cmd
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FIND3M.bat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FIXLSP.bat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FIXLSP64.cmd
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FKMGen.cmd
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FavoriteFolder.cfx
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FavoritesFile.cfx
10/30/2012 12:03:16 AM Packed: UPX i:\ComboFix.exe/UPX/FileKill.3XE
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FileKill.3XE/UPX
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/FileKill.3XE
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Fin.dat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/GetHive.cmd
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Imefile.dat
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Install-RC.cmd
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/KNetSvcs.vbs
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Kill-All.cmd
10/30/2012 12:03:16 AM OK i:\ComboFix.exe/UPX/Ksvchost.vbs
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/Lang.bat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/List-B.bat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/List-C.bat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/List-D.bat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/List.bat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/LocalAppDataFile.cfx
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/LocalAppDataFolder.cfx
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/LocalService.dat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/LocalServiceNetworkRestricted.dat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/LocalSettingsFile.cfx
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/LocalSystemNetworkRestricted.dat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/MDWht.dat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/MoveIt.bat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/MpsSvc.dat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/ND_.bat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/ND_64.bat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/NT-OS.cmd
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/NetworkService.dat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/NirCmd.3XE
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/NirCmd.chm
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/NirCmdC.3XE
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/NirScript.dat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/OSid.vbs
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/P.cmd
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/PV.3XE
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/PersonalFile.cfx
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/PersonalFolder.cfx
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/Policies.dat
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/Prep.inf
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/ProfilesFile.cfx
10/30/2012 12:03:17 AM OK i:\ComboFix.exe/UPX/ProfilesFolder.cfx
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/ProgramsFile.cfx
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/ProgramsFolder.cfx
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/Purity.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/RCLink.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/REGDACL.sed
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/RegDo.sed
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/RegScan.cmd
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/RegScan64.cmd
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/Rkey.cmd
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/Rust.str
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/SRestore.cmd
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/Safeboot.def.w7.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/SetEnvmt.bat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/ShAccess.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/SnapShot.cmd
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/StartMenuFile.cfx
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/StartMenuFolder.cfx
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/StartUpFile.cfx
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/SuppScan.cmd
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/SvcDrv.vbs
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/TemplatesFile.cfx
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/TemplatesFolder.cfx
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/UndoW7_XP.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/Update-CF.cmd
10/30/2012 12:03:18 AM Archive: ZIP i:\ComboFix.exe/UPX/VBR.pif
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2049.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2050.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2051.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2052.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2053.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2054.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2055.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2056.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2057.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2058.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2059.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2060.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2061.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2062.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2063.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_2064.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_64.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_65.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_66.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_67.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_68.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_69.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_70.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_71.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_72.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_73.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_74.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_75.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_76.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_77.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif/vbr_78.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VBR.pif
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VINFO3
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VInfo
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VInfo2
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/Vipev.dat
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/VwinTemp.dacl
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/Wmi_rem.vbs
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/XPSBoot.reg
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/appinit.bad
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/asp.str
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/av.cmd
10/30/2012 12:03:18 AM OK i:\ComboFix.exe/UPX/av.vbs
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/badclsid.c
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/c.bat
10/30/2012 12:03:19 AM Packed: UPX i:\ComboFix.exe/UPX/catchme.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/catchme.3XE/UPX
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/catchme.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/clsid.c
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/dd.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/ddsDo.sed
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/dumphive.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/embedded.sed
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/extract.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/ffdefstr.dll
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/ffext.pif
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/files.pif
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/fl0.bat
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/grep.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/gsar.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/handle.3XE/data0000.res/data0001.res
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/handle.3XE/data0000.res
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/handle.3XE/data0002.res
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/handle.3XE/data0003.res
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/handle.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/hidec.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/history.bat
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/hwid.pif
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/image001.gif
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/iphlpsvc.vista.dat
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/iphlpsvc.w7.dat
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/katch.cmd
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/lnkread.vbs
10/30/2012 12:03:19 AM Packed: PE_Patch i:\ComboFix.exe/UPX/mbr.3XE/data0000.res
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/mbr.3XE/data0000.res/PE_Patch
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/mbr.3XE/data0000.res
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/mbr.3XE/#
10/30/2012 12:03:19 AM Packed: PE_Patch i:\ComboFix.exe/UPX/mbr.3XE/#
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/mbr.3XE/#/PE_Patch
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/mbr.3XE/#
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/mbr.3XE/#
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/mbr.3XE
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/mbr.chk
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/md5sum.pif
10/30/2012 12:03:19 AM OK i:\ComboFix.exe/UPX/md5sum00.pif
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/mtee.3XE
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/ncmd.com
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/ndis_combofix.dat
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/netsvc.bad.dat
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/netsvc.dat
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/netsvc.vista.dat
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/netsvc.xp.dat
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pausep.3XE
10/30/2012 12:03:20 AM Packed: PE_Patch.PECompact i:\ComboFix.exe/UPX/pev.3XE
10/30/2012 12:03:20 AM Packed: PecBundle i:\ComboFix.exe/UPX/pev.3XE/PE_Patch.PECompact
10/30/2012 12:03:20 AM Packed: PECompact i:\ComboFix.exe/UPX/pev.3XE/PE_Patch.PECompact/PecBundle
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pev.3XE/PE_Patch.PECompact/PecBundle/PECompact
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pev.3XE/PE_Patch.PECompact/PecBundle
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pev.3XE/PE_Patch.PECompact
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pev.3XE
10/30/2012 12:03:20 AM Packed: PE_Patch.PECompact i:\ComboFix.exe/UPX/pevb.3XE
10/30/2012 12:03:20 AM Packed: PecBundle i:\ComboFix.exe/UPX/pevb.3XE/PE_Patch.PECompact
10/30/2012 12:03:20 AM Packed: PECompact i:\ComboFix.exe/UPX/pevb.3XE/PE_Patch.PECompact/PecBundle
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pevb.3XE/PE_Patch.PECompact/PecBundle/PECompact
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pevb.3XE/PE_Patch.PECompact/PecBundle
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pevb.3XE/PE_Patch.PECompact
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/pevb.3XE
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/powp.dat
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/region.dat
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/restore_pt.vbs
10/30/2012 12:03:20 AM Packed: PE_Patch i:\ComboFix.exe/UPX/rmbr.3XE/data0000.res
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/data0000.res/PE_Patch
10/30/2012 12:03:20 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/data0000.res
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM Packed: PE_Patch i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#/PE_Patch
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE/#
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rmbr.3XE
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/rogues.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/run2.sed
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/s0rt.3XE
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/safeboot.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/safeboot.def.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/safeboot.def.vista.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/sed.3XE
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/setpath.3XE
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/sqlite3.3XE
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/srizbi.md5
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/svc_wht.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/svchost.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/svchost.vista.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/svchost.vista.x64.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/svchost.w7.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/svchost.w7.x64.dat
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/swreg.3XE
10/30/2012 12:03:21 AM OK i:\ComboFix.exe/UPX/swsc.3XE
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/swxcacls.3XE
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/system_ini.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/tail.3XE
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/toolbar.sed
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/vistaMcode.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/vistareg.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/vun.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/w7Mcode.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/w7reg.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/w_sock.dll
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/xpmcode.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/xpreg.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/zDomain.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/zhsvc.dat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/zip.3XE
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/Curl - license.txt
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/EXTRACT.TXT
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/FI - license.txt
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/UnxUtilsDist.com
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/UnxUtilsDist.html
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/UnxUtilsDist.pif
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/Zip - license.txt
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/dumphive-license.txt
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/mtee.txt
10/30/2012 12:03:22 AM Archive: ZIP i:\ComboFix.exe/UPX/pv_5_2_2.zip
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/pv_5_2_2.zip/pv.exe
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/pv_5_2_2.zip/pv.txt
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/pv_5_2_2.zip
10/30/2012 12:03:22 AM Archive: ZIP i:\ComboFix.exe/UPX/streamtools.zip
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip/FS.bat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip/RS.bat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip/CS.exe
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip/DS.exe
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip/LS.exe
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip/readme.txt
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip/SF.exe
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip/SFs.bat
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/streamtools.zip
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/$PLUGINSDIR\nsExec.dll
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/$PLUGINSDIR\ExecCmd.dll
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/$PLUGINSDIR\nsProcess.dll
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/$PLUGINSDIR\Banner.dll
10/30/2012 12:03:22 AM OK i:\ComboFix.exe/UPX/$PLUGINSDIR\NSISdl.dll
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/UPX
10/30/2012 12:03:23 AM Archive: NSIS i:\ComboFix.exe
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/data0001
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/$PLUGINSDIR\System.dll
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/$PLUGINSDIR\UserInfo.dll
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/023.dat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/023v.dat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/023w7.dat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/AWF.cmd
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/ActiveDrv.vbs
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/AppDataFile.cfx
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/AppDataFolder.cfx
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Assoc.cmd
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Auto-RC.cmd
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/BFE.dat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Boot-Rk.cmd
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Boot.bat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/BootDrv.vbs
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/CF-Script.cmd
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Catch-sub.cmd
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Combo-Fix.sys
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/ComboFix-Download.3XE
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Combobatch.bat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Create.cmd
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Creg.dat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/CregC.cmd
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/CregC.dat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/DPF.str
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/DelClsid.bat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/DelClsid64.bat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/DesktopFile.cfx
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/Dnl.dat
10/30/2012 12:03:23 AM OK i:\ComboFix.exe/DrvRun.vbs
10/30/2012 12:03:24 AM Packed: UPX i:\ComboFix.exe/ERDNT.e_e
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/ERDNT.e_e/UPX
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/ERDNT.e_e
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/ERDNTDOS.LOC
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/ERDNTWIN.LOC
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/ERUNT.3XE
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/ERUNT.LOC
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/Exe.reg
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FD-SV.cmd
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FIND3M.bat
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FIXLSP.bat
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FIXLSP64.cmd
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FKMGen.cmd
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FavoriteFolder.cfx
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FavoritesFile.cfx
10/30/2012 12:03:24 AM Packed: UPX i:\ComboFix.exe/FileKill.3XE
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FileKill.3XE/UPX
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/FileKill.3XE
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/Fin.dat
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/GetHive.cmd
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/Imefile.dat
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/Install-RC.cmd
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/KNetSvcs.vbs
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/Kill-All.cmd
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/Ksvchost.vbs
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/Lang.bat
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/List-B.bat
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/List-C.bat
10/30/2012 12:03:24 AM OK i:\ComboFix.exe/List-D.bat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/List.bat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/LocalAppDataFile.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/LocalAppDataFolder.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/LocalService.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/LocalServiceNetworkRestricted.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/LocalSettingsFile.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/LocalSystemNetworkRestricted.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/MDWht.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/MoveIt.bat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/MpsSvc.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/ND_.bat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/ND_64.bat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/NT-OS.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/NetworkService.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/NirCmd.3XE
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/NirCmd.chm
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/NirCmdC.3XE
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/NirScript.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/OSid.vbs
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/P.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/PV.3XE
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/PersonalFile.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/PersonalFolder.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Policies.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Prep.inf
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/ProfilesFile.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/ProfilesFolder.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/ProgramsFile.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/ProgramsFolder.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Purity.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/RCLink.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/REGDACL.sed
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/RegDo.sed
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/RegScan.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/RegScan64.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Rkey.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Rust.str
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/SRestore.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Safeboot.def.w7.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/SetEnvmt.bat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/ShAccess.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/SnapShot.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/StartMenuFile.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/StartMenuFolder.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/StartUpFile.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/SuppScan.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/SvcDrv.vbs
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/TemplatesFile.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/TemplatesFolder.cfx
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/UndoW7_XP.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Update-CF.cmd
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/VBR.pif
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/VINFO3
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/VInfo
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/VInfo2
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Vipev.dat
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/VwinTemp.dacl
10/30/2012 12:03:25 AM OK i:\ComboFix.exe/Wmi_rem.vbs
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/XPSBoot.reg
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/appinit.bad
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/asp.str
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/av.cmd
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/av.vbs
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/badclsid.c
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/c.bat
10/30/2012 12:03:26 AM Packed: UPX i:\ComboFix.exe/catchme.3XE
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/catchme.3XE/UPX
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/catchme.3XE
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/clsid.c
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/dd.3XE
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/ddsDo.sed
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/dumphive.3XE
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/embedded.sed
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/extract.3XE
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/ffdefstr.dll
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/ffext.pif
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/files.pif
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/fl0.bat
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/grep.3XE
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/gsar.3XE
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/handle.3XE/data0000.res Object was not changed (iChecker)
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/handle.3XE/data0002.res Object was not changed (iChecker)
10/30/2012 12:03:26 AM OK i:\ComboFix.exe/handle.3XE/data0003.res Object was not changed (iChecker)
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/handle.3XE
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/hidec.3XE
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/history.bat
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/hwid.pif
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/image001.gif
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/iphlpsvc.vista.dat
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/iphlpsvc.w7.dat
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/katch.cmd
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/lnkread.vbs
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/mbr.3XE/data0000.res Object was not changed (iChecker)
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/mbr.3XE/#
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/mbr.3XE/# Object was not changed (iChecker)
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/mbr.3XE/#
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/mbr.3XE
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/mbr.chk
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/md5sum.pif
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/md5sum00.pif
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/mtee.3XE
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/ncmd.com
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/ndis_combofix.dat
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/netsvc.bad.dat
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/netsvc.dat
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/netsvc.vista.dat
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/netsvc.xp.dat
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/pausep.3XE
10/30/2012 12:03:27 AM Packed: PE_Patch.PECompact i:\ComboFix.exe/pev.3XE
10/30/2012 12:03:27 AM Packed: PecBundle i:\ComboFix.exe/pev.3XE/PE_Patch.PECompact
10/30/2012 12:03:27 AM Packed: PECompact i:\ComboFix.exe/pev.3XE/PE_Patch.PECompact/PecBundle
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/pev.3XE/PE_Patch.PECompact/PecBundle/PECompact
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/pev.3XE/PE_Patch.PECompact/PecBundle
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/pev.3XE/PE_Patch.PECompact
10/30/2012 12:03:27 AM OK i:\ComboFix.exe/pev.3XE
10/30/2012 12:03:28 AM Packed: PE_Patch.PECompact i:\ComboFix.exe/pevb.3XE
10/30/2012 12:03:28 AM Packed: PecBundle i:\ComboFix.exe/pevb.3XE/PE_Patch.PECompact
10/30/2012 12:03:28 AM Packed: PECompact i:\ComboFix.exe/pevb.3XE/PE_Patch.PECompact/PecBundle
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/pevb.3XE/PE_Patch.PECompact/PecBundle/PECompact
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/pevb.3XE/PE_Patch.PECompact/PecBundle
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/pevb.3XE/PE_Patch.PECompact
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/pevb.3XE
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/powp.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/region.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/restore_pt.vbs
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/data0000.res Object was not changed (iChecker)
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/# Object was not changed (iChecker)
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE/#
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rmbr.3XE
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/rogues.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/run2.sed
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/s0rt.3XE
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/safeboot.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/safeboot.def.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/safeboot.def.vista.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/sed.3XE
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/setpath.3XE
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/sqlite3.3XE
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/srizbi.md5
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/svc_wht.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/svchost.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/svchost.vista.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/svchost.vista.x64.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/svchost.w7.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/svchost.w7.x64.dat
10/30/2012 12:03:28 AM OK i:\ComboFix.exe/swreg.3XE
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/swsc.3XE
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/swxcacls.3XE
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/system_ini.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/tail.3XE
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/toolbar.sed
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/vistaMcode.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/vistareg.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/vun.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/w7Mcode.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/w7reg.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/w_sock.dll
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/xpmcode.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/xpreg.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/zDomain.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/zhsvc.dat
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/zip.3XE
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/Curl - license.txt
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/EXTRACT.TXT
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/FI - license.txt
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/UnxUtilsDist.com
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/UnxUtilsDist.html
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/UnxUtilsDist.pif
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/Zip - license.txt
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/dumphive-license.txt
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/mtee.txt
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/pv_5_2_2.zip
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/streamtools.zip
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/$PLUGINSDIR\nsExec.dll
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/$PLUGINSDIR\ExecCmd.dll
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/$PLUGINSDIR\nsProcess.dll
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/$PLUGINSDIR\Banner.dll
10/30/2012 12:03:29 AM OK i:\ComboFix.exe/$PLUGINSDIR\NSISdl.dll
10/30/2012 12:03:30 AM OK i:\ComboFix.exe/#
10/30/2012 12:03:31 AM OK i:\ComboFix.exe/#
10/30/2012 12:03:31 AM OK i:\ComboFix.exe
10/30/2012 12:03:31 AM OK C:\Program Files\DVD Maker\DVDMaker.exe
10/30/2012 12:03:31 AM OK C:\Program Files (x86)\Internet Explorer\iediagcmd.exe
10/30/2012 12:03:31 AM OK C:\Program Files (x86)\Internet Explorer\iexplore.exe
10/30/2012 12:03:31 AM OK C:\Program Files\Microsoft Office\Office14\INFOPATH.EXE
10/30/2012 12:03:32 AM OK C:\Windows\system32\javaws.exe
10/30/2012 12:03:32 AM OK C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe
10/30/2012 12:03:32 AM OK C:\Program Files (x86)\CyberLink\MediaShow\MediaShow.exe
10/30/2012 12:03:32 AM OK C:\Program Files (x86)\Windows Media Player\wmplayer.exe
10/30/2012 12:03:33 AM OK C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE
10/30/2012 12:04:08 AM OK C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
10/30/2012 12:04:08 AM OK C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
10/30/2012 12:04:09 AM OK C:\Program Files\Microsoft Office\Office14\MSPUB.EXE
10/30/2012 12:04:09 AM OK C:\Program Files (x86)\CyberLink\DVD Suite\PS.exe
10/30/2012 12:04:09 AM OK C:\Program Files\Microsoft Office\Office14\OIS.EXE
10/30/2012 12:04:09 AM OK C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
10/30/2012 12:04:10 AM OK C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
10/30/2012 12:04:10 AM OK C:\Windows\system32\mspaint.exe
10/30/2012 12:04:11 AM OK C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe
10/30/2012 12:04:12 AM OK C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
10/30/2012 12:04:12 AM OK C:\Program Files (x86)\CyberLink\PowerDirector\PDR.exe
10/30/2012 12:04:12 AM OK C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.exe
10/30/2012 12:04:12 AM OK C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
10/30/2012 12:04:13 AM OK C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe
10/30/2012 12:04:13 AM OK C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
10/30/2012 12:04:13 AM OK C:\Program Files\Windows Sidebar\sidebar.exe
10/30/2012 12:04:14 AM OK C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe/#
10/30/2012 12:04:14 AM OK C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
10/30/2012 12:04:14 AM OK C:\Windows\system32\SnippingTool.exe
10/30/2012 12:04:14 AM OK C:\Program Files\Windows Mail\wab.exe
10/30/2012 12:04:14 AM OK C:\Program Files\Windows Mail\wabmig.exe
10/30/2012 12:04:14 AM OK C:\Program Files (x86)\WinRAR\WinRAR.exe/#
10/30/2012 12:04:14 AM OK C:\Program Files (x86)\WinRAR\WinRAR.exe
10/30/2012 12:04:15 AM OK C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
10/30/2012 12:04:15 AM OK C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
10/30/2012 12:04:15 AM OK C:\Program Files\Windows NT\Accessories\wordpad.exe
10/30/2012 12:04:15 AM OK C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
10/30/2012 12:04:15 AM OK C:\Windows\system32\KBDUS.DLL
10/30/2012 12:04:15 AM OK C:\Windows\system32\csrss.exe
10/30/2012 12:04:16 AM OK C:\Windows\system32\basesrv.dll
10/30/2012 12:04:16 AM OK C:\Windows\system32\winsrv.dll
10/30/2012 12:04:16 AM OK C:\Windows\system32\sxssrv.dll
10/30/2012 12:04:16 AM OK C:\Windows\system32\syncui.dll
10/30/2012 12:04:16 AM OK C:\Windows\system32\cryptext.dll
10/30/2012 12:04:17 AM OK C:\Windows\system32\rshx32.dll
10/30/2012 12:04:17 AM OK C:\Windows\system32\docprop.dll
10/30/2012 12:04:17 AM OK C:\Windows\system32\twext.dll
10/30/2012 12:04:17 AM OK C:\Windows\system32\mydocs.dll
10/30/2012 12:04:17 AM OK C:\Windows\system32\DfsShlEx.dll
10/30/2012 12:04:18 AM OK C:\Program Files\Windows Sidebar\sbdrop.dll
10/30/2012 12:04:18 AM OK C:\Windows\system32\igfxpph.dll
10/30/2012 12:04:18 AM OK C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
10/30/2012 12:04:18 AM OK C:\Windows\system32\zipfldr.dll
10/30/2012 12:04:19 AM OK C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
10/30/2012 12:04:19 AM OK C:\Windows\system32\diskcopy.dll
10/30/2012 12:04:19 AM OK C:\Windows\system32\wpdshext.dll
10/30/2012 12:04:20 AM OK C:\Windows\syswow64\dskquoui.dll
10/30/2012 12:04:20 AM OK C:\Windows\system32\dskquoui.dll
10/30/2012 12:04:20 AM OK C:\Windows\system32\stobject.dll
10/30/2012 12:04:20 AM OK C:\Windows\system32\clbcatq.dll
10/30/2012 12:04:20 AM OK C:\Windows\syswow64\CLBCatQ.DLL
10/30/2012 12:04:21 AM OK C:\Windows\system32\ole32.dll
10/30/2012 12:04:21 AM OK C:\Windows\syswow64\ole32.dll
10/30/2012 12:04:21 AM OK C:\Windows\system32\advapi32.dll
10/30/2012 12:04:21 AM OK C:\Windows\syswow64\ADVAPI32.dll
10/30/2012 12:04:21 AM OK C:\Windows\system32\comdlg32.dll
10/30/2012 12:04:21 AM OK C:\Windows\syswow64\COMDLG32.dll
10/30/2012 12:04:21 AM OK C:\Windows\system32\gdi32.dll
10/30/2012 12:04:22 AM OK C:\Windows\syswow64\GDI32.dll
10/30/2012 12:04:22 AM OK C:\Windows\system32\iertutil.dll
10/30/2012 12:04:22 AM OK C:\Windows\syswow64\iertutil.dll
10/30/2012 12:04:22 AM OK C:\Windows\system32\imagehlp.dll
10/30/2012 12:04:22 AM OK C:\Windows\syswow64\imagehlp.dll
10/30/2012 12:04:22 AM OK C:\Windows\system32\IMM32.DLL
10/30/2012 12:04:22 AM OK C:\Windows\syswow64\imm32.dll
10/30/2012 12:04:24 AM OK C:\Windows\system32\kernel32.dll
10/30/2012 12:04:25 AM OK C:\Windows\syswow64\kernel32.dll
10/30/2012 12:04:25 AM OK C:\Windows\system32\lpk.dll
10/30/2012 12:04:26 AM OK C:\Windows\syswow64\LPK.dll
10/30/2012 12:04:26 AM OK C:\Windows\system32\msctf.dll
10/30/2012 12:04:26 AM OK C:\Windows\syswow64\MSCTF.dll
10/30/2012 12:04:26 AM OK C:\Windows\system32\msvcrt.dll
10/30/2012 12:04:26 AM OK C:\Windows\syswow64\msvcrt.dll
10/30/2012 12:04:26 AM OK C:\Windows\system32\normaliz.dll
10/30/2012 12:04:26 AM OK C:\Windows\syswow64\Normaliz.dll
10/30/2012 12:04:26 AM OK C:\Windows\system32\nsi.dll
10/30/2012 12:04:27 AM OK C:\Windows\syswow64\NSI.dll
10/30/2012 12:04:27 AM OK C:\Windows\system32\oleaut32.dll
10/30/2012 12:04:27 AM OK C:\Windows\syswow64\OLEAUT32.dll
10/30/2012 12:04:27 AM OK C:\Windows\system32\psapi.dll
10/30/2012 12:04:27 AM OK C:\Windows\syswow64\PSAPI.DLL
10/30/2012 12:04:27 AM OK C:\Windows\system32\rpcrt4.dll
10/30/2012 12:04:27 AM OK C:\Windows\syswow64\RPCRT4.dll
10/30/2012 12:04:27 AM OK C:\Windows\system32\sechost.dll
10/30/2012 12:04:28 AM OK C:\Windows\syswow64\sechost.dll
10/30/2012 12:04:28 AM OK C:\Windows\system32\setupapi.dll
10/30/2012 12:04:28 AM OK C:\Windows\syswow64\SETUPAPI.dll
10/30/2012 12:04:28 AM OK C:\Windows\system32\shlwapi.dll
10/30/2012 12:04:28 AM OK C:\Windows\syswow64\SHLWAPI.dll
10/30/2012 12:04:29 AM OK C:\Windows\system32\user32.dll
10/30/2012 12:04:29 AM OK C:\Windows\syswow64\USER32.dll
10/30/2012 12:04:29 AM OK C:\Windows\system32\usp10.dll
10/30/2012 12:04:29 AM OK C:\Windows\syswow64\USP10.dll
10/30/2012 12:04:29 AM OK C:\Windows\system32\wininet.dll
10/30/2012 12:04:30 AM OK C:\Windows\syswow64\WININET.dll
10/30/2012 12:04:30 AM OK C:\Windows\system32\Wldap32.dll
10/30/2012 12:04:30 AM OK C:\Windows\syswow64\WLDAP32.dll
10/30/2012 12:04:31 AM OK C:\Windows\system32\ws2_32.dll
10/30/2012 12:04:33 AM OK C:\Windows\syswow64\WS2_32.dll
10/30/2012 12:04:33 AM OK C:\Windows\system32\difxapi.dll
10/30/2012 12:04:33 AM OK C:\Windows\syswow64\difxapi.dll
10/30/2012 12:04:34 AM OK C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
10/30/2012 12:04:34 AM OK C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
10/30/2012 12:04:34 AM OK C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
10/30/2012 12:04:35 AM OK C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
10/30/2012 12:04:35 AM OK C:\Windows\system32\PortableDeviceApi.dll
10/30/2012 12:04:36 AM OK C:\Program Files (x86)\Windows Sidebar\sidebar.exe
10/30/2012 12:04:36 AM OK C:\Program Files (x86)\Ask.com\UpdateTask.exe
10/30/2012 12:04:36 AM OK C:\Windows\system32\sc.exe
10/30/2012 12:04:36 AM OK C:\Windows\system32\mscms.dll
10/30/2012 12:04:36 AM OK C:\Windows\system32\sdclt.exe
10/30/2012 12:04:37 AM OK C:\Windows\system32\wermgr.exe
10/30/2012 12:04:37 AM OK C:\Windows\system32\schtasks.exe
10/30/2012 12:04:37 AM OK C:\Program Files\Windows Media Player\wmpnscfg.exe
10/30/2012 12:04:37 AM OK C:\Windows\system32\MsCtfMonitor.dll
10/30/2012 12:04:37 AM OK C:\Windows\system32\ndfapi.dll
10/30/2012 12:04:37 AM OK C:\Windows\system32\wdc.dll
10/30/2012 12:04:38 AM OK C:\Windows\system32\srrstr.dll
10/30/2012 12:04:38 AM OK C:\Windows\system32\AuxiliaryDisplayServices.dll
10/30/2012 12:04:38 AM OK C:\Windows\system32\wpcmig.dll
10/30/2012 12:04:38 AM OK C:\Windows\system32\wpcumi.dll
10/30/2012 12:04:38 AM OK C:\Windows\system32\raserver.exe
10/30/2012 12:04:39 AM OK C:\Windows\system32\regidle.dll
10/30/2012 12:04:39 AM OK C:\Windows\system32\rasmbmgr.dll
10/30/2012 12:04:39 AM OK C:\Windows\system32\RacEngn.dll
10/30/2012 12:04:39 AM OK C:\Windows\system32\powercfg.exe
10/30/2012 12:04:39 AM OK C:\Windows\system32\energy.dll
10/30/2012 12:04:39 AM OK C:\Windows\system32\perftrack.dll
10/30/2012 12:04:39 AM OK C:\Windows\system32\gatherNetworkInfo.vbs
10/30/2012 12:04:39 AM OK C:\Windows\system32\PlaySndSrv.dll
10/30/2012 12:04:40 AM OK C:\Windows\system32\lpremove.exe
10/30/2012 12:04:40 AM OK C:\Windows\system32\HotStartUserAgent.dll
10/30/2012 12:04:40 AM OK C:\Windows\system32\memdiag.dll
10/30/2012 12:04:40 AM OK C:\Windows\ehome\ehprivjob.exe
10/30/2012 12:04:40 AM OK C:\Windows\ehome\ehrec.exe
10/30/2012 12:04:40 AM OK C:\Windows\ehome\mcupdate.exe
10/30/2012 12:04:40 AM OK C:\Windows\ehome\ehtrace.dll
10/30/2012 12:04:41 AM OK C:\Windows\ehome\McxTask.exe
10/30/2012 12:04:41 AM OK C:\Windows\system32\WinSATAPI.dll
10/30/2012 12:04:41 AM OK C:\Windows\system32\LocationNotifications.exe
10/30/2012 12:04:41 AM OK C:\Windows\system32\DFDWiz.exe
10/30/2012 12:04:41 AM OK C:\Windows\system32\dfdts.dll
10/30/2012 12:04:41 AM OK C:\Windows\system32\sdiagschd.dll
10/30/2012 12:04:42 AM OK C:\Windows\system32\Defrag.exe
10/30/2012 12:04:42 AM OK C:\Windows\system32\usbceip.dll
10/30/2012 12:04:42 AM OK C:\Windows\system32\kernelceip.dll
10/30/2012 12:04:42 AM OK C:\Windows\system32\wsqmcons.exe
10/30/2012 12:04:42 AM OK C:\Windows\system32\dimsjob.dll
10/30/2012 12:04:42 AM OK C:\Windows\system32\bthudtask.exe
10/30/2012 12:04:42 AM OK C:\Windows\system32\acproxy.dll
10/30/2012 12:04:42 AM OK C:\Windows\system32\aepdu.dll
10/30/2012 12:04:43 AM OK C:\Windows\system32\aitagent.exe
10/30/2012 12:04:43 AM OK C:\Windows\system32\appidcertstorecheck.exe
10/30/2012 12:04:43 AM OK C:\Windows\system32\appidpolicyconverter.exe
10/30/2012 12:04:43 AM OK C:\Windows\system32\msdrm.dll
10/30/2012 12:04:43 AM OK C:\Program Files\Microsoft Security Client\MpCmdRun.exe
10/30/2012 12:04:43 AM OK C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
10/30/2012 12:04:44 AM OK C:\Windows\AutoKMS\AutoKMS.exe/res_0001/res_0001
10/30/2012 12:04:44 AM OK C:\Windows\AutoKMS\AutoKMS.exe/res_0001
10/30/2012 12:04:44 AM OK C:\Windows\AutoKMS\AutoKMS.exe/res_0002
10/30/2012 12:04:44 AM OK C:\Windows\AutoKMS\AutoKMS.exe
10/30/2012 12:04:44 AM OK C:\Windows\syswow64\mswsock.dll
10/30/2012 12:04:44 AM OK C:\Windows\system32\mswsock.dll
10/30/2012 12:04:44 AM OK C:\Windows\syswow64\Sendori.dll
10/30/2012 12:04:45 AM OK C:\Windows\syswow64\nlaapi.dll
10/30/2012 12:04:45 AM OK C:\Windows\syswow64\winrnr.dll
10/30/2012 12:04:45 AM OK C:\Windows\syswow64\NapiNSP.dll
10/30/2012 12:04:45 AM OK C:\Windows\syswow64\pnrpnsp.dll
10/30/2012 12:04:45 AM OK C:\Windows\system32\NLAapi.dll
10/30/2012 12:04:45 AM OK C:\Windows\system32\winrnr.dll
10/30/2012 12:04:45 AM OK C:\Windows\system32\NapiNSP.dll
10/30/2012 12:04:45 AM OK C:\Windows\system32\pnrpnsp.dll
10/30/2012 12:04:45 AM OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
10/30/2012 12:04:45 AM OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
10/30/2012 12:04:46 AM OK C:\Users\Glory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
10/30/2012 12:04:47 AM OK C:\Users\Glory\AppData\Local\Temp\1393975\5123135.exe
10/30/2012 12:04:47 AM OK C:\Users\Glory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
10/30/2012 12:04:48 AM OK C:\Users\Glory\AppData\Local\Temp\_uninst_.bat
10/30/2012 12:04:54 AM OK C:\Windows\syswow64\Magnify.exe
10/30/2012 12:04:56 AM OK C:\Windows\syswow64\osk.exe
10/30/2012 12:04:57 AM OK C:\Windows\system32\Magnify.exe
10/30/2012 12:04:57 AM OK C:\Windows\system32\Narrator.exe
10/30/2012 12:04:57 AM OK C:\Windows\system32\osk.exe
10/30/2012 12:04:57 AM OK C:\Users\Public\Desktop\Adobe Reader 9.lnk
10/30/2012 12:04:57 AM OK C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
10/30/2012 12:04:57 AM OK C:\Users\Public\Desktop\desktop.ini
10/30/2012 12:04:57 AM OK C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
10/30/2012 12:04:57 AM OK C:\Users\Public\Desktop\eBay.lnk
10/30/2012 12:04:57 AM OK C:\Users\Public\Desktop\HP Support Assistant.lnk
10/30/2012 12:04:57 AM OK C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
10/30/2012 12:04:57 AM OK C:\Program Files (x86)\HP Games\onplay\onplay.exe
10/30/2012 12:04:58 AM OK C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe
10/30/2012 12:04:58 AM OK C:\Users\Public\Desktop\Play HP Games.lnk
10/30/2012 12:04:59 AM Packed: UPX C:\Program Files (x86)\uTorrent\uTorrent.exe
10/30/2012 12:05:00 AM OK C:\Program Files (x86)\uTorrent\uTorrent.exe/UPX/#
10/30/2012 12:05:00 AM OK C:\Program Files (x86)\uTorrent\uTorrent.exe/UPX/#
10/30/2012 12:05:00 AM OK C:\Program Files (x86)\uTorrent\uTorrent.exe/UPX/#
10/30/2012 12:05:00 AM OK C:\Program Files (x86)\uTorrent\uTorrent.exe/UPX
10/30/2012 12:05:01 AM OK C:\Program Files (x86)\uTorrent\uTorrent.exe
10/30/2012 12:05:01 AM OK C:\Users\Public\Desktop\µTorrent.lnk
10/30/2012 12:05:01 AM OK C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
10/30/2012 12:05:01 AM OK C:\Users\Public\Desktop\VLC media player.lnk
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\Award Letter 2012-2013.html
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\ComboFix - Shortcut.lnk
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\desktop.ini
10/30/2012 12:05:02 AM OK C:\Windows\syswow64\javaws.exe
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\HP webOS® Doctor™ Build 80.77, webOS 3.0.4.lnk
10/30/2012 12:05:02 AM Packed: UPX C:\Users\Glory\Desktop\iExplore.exe
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\iExplore.exe/UPX
10/30/2012 12:05:02 AM Archive: RAR C:\Users\Glory\Desktop\iExplore.exe
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\iExplore.exe/archive comment
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\iExplore.exe/wl.txt
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\iExplore.exe/prep.bat
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\iExplore.exe/rkill.bat
10/30/2012 12:05:02 AM OK C:\Users\Glory\Desktop\iExplore.exe/s.inf
10/30/2012 12:05:02 AM Packed: PE_Patch.PECompact C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.com
10/30/2012 12:05:02 AM Packed: PecBundle C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.com/PE_Patch.PECompact
10/30/2012 12:05:03 AM Packed: PECompact C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.com/PE_Patch.PECompact/PecBundle
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.com/PE_Patch.PECompact/PecBundle/PECompact
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.com/PE_Patch.PECompact/PecBundle
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.com/PE_Patch.PECompact
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.com
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/h/explorer.exe
10/30/2012 12:05:03 AM Packed: PE_Patch.PECompact C:\Users\Glory\Desktop\iExplore.exe/procs/explorer.exe
10/30/2012 12:05:03 AM Packed: PecBundle C:\Users\Glory\Desktop\iExplore.exe/procs/explorer.exe/PE_Patch.PECompact
10/30/2012 12:05:03 AM Packed: PECompact C:\Users\Glory\Desktop\iExplore.exe/procs/explorer.exe/PE_Patch.PECompact/PecBundle
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/explorer.exe/PE_Patch.PECompact/PecBundle/PECompact
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/explorer.exe/PE_Patch.PECompact/PecBundle
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/explorer.exe/PE_Patch.PECompact
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/explorer.exe
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/h/iexplore.exe
10/30/2012 12:05:03 AM Packed: UPX C:\Users\Glory\Desktop\iExplore.exe/nird/iexplore.exe
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/nird/iexplore.exe/UPX
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/nird/iexplore.exe
10/30/2012 12:05:03 AM Packed: PE_Patch.PECompact C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.exe
10/30/2012 12:05:03 AM Packed: PecBundle C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.exe/PE_Patch.PECompact
10/30/2012 12:05:03 AM Packed: PECompact C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.exe/PE_Patch.PECompact/PecBundle
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.exe/PE_Patch.PECompact/PecBundle/PECompact
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.exe/PE_Patch.PECompact/PecBundle
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.exe/PE_Patch.PECompact
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/iexplore.exe
10/30/2012 12:05:03 AM Packed: UPX C:\Users\Glory\Desktop\iExplore.exe/nircmd.exe
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/nircmd.exe/UPX
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/nircmd.exe
10/30/2012 12:05:03 AM Packed: UPX C:\Users\Glory\Desktop\iExplore.exe/nircmdc.exe
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/nircmdc.exe/UPX
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/nircmdc.exe
10/30/2012 12:05:03 AM Packed: PE_Patch.PECompact C:\Users\Glory\Desktop\iExplore.exe/pev.exe
10/30/2012 12:05:03 AM Packed: PecBundle C:\Users\Glory\Desktop\iExplore.exe/pev.exe/PE_Patch.PECompact
10/30/2012 12:05:03 AM Packed: PECompact C:\Users\Glory\Desktop\iExplore.exe/pev.exe/PE_Patch.PECompact/PecBundle
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/pev.exe/PE_Patch.PECompact/PecBundle/PECompact
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/pev.exe/PE_Patch.PECompact/PecBundle
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/pev.exe/PE_Patch.PECompact
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/pev.exe
10/30/2012 12:05:03 AM Packed: UPX C:\Users\Glory\Desktop\iExplore.exe/proxycheck.exe
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/proxycheck.exe/UPX/script.au3
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/proxycheck.exe/UPX
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/proxycheck.exe/script.au3
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/proxycheck.exe
10/30/2012 12:05:03 AM OK C:\Users\Glory\Desktop\iExplore.exe/sed.exe
10/30/2012 12:05:04 AM Packed: UPX C:\Users\Glory\Desktop\iExplore.exe/swreg.exe
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/swreg.exe/UPX
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/swreg.exe
10/30/2012 12:05:04 AM Packed: UPX C:\Users\Glory\Desktop\iExplore.exe/userinit.exe
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/userinit.exe/UPX
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/userinit.exe
10/30/2012 12:05:04 AM Packed: UPX C:\Users\Glory\Desktop\iExplore.exe/winlogon.exe
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/winlogon.exe/UPX
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/winlogon.exe
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/extra.dat
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/procs/proc.dat
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/serv.dat
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/rkill.reg
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/sh.vbs
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe/nircmd.chm
10/30/2012 12:05:04 AM OK C:\Users\Glory\Desktop\iExplore.exe
10/30/2012 12:05:04 AM Archive: NSIS C:\Users\Glory\AppData\Roaming\mjusbsp\magicJackLoader.exe
10/30/2012 12:05:04 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\magicJackLoader.exe/data0001
10/30/2012 12:05:04 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\magicJackLoader.exe/$PLUGINSDIR\nsStorageRWD.dll
10/30/2012 12:05:04 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\magicJackLoader.exe/$PLUGINSDIR\System.dll
10/30/2012 12:05:04 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\magicJackLoader.exe/magicJack.dll
10/30/2012 12:05:04 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\magicJackLoader.exe/$PLUGINSDIR\nsPatch.dll
10/30/2012 12:05:04 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\magicJackLoader.exe/$PLUGINSDIR\nsSJphone.dll
10/30/2012 12:05:04 AM OK C:\Users\Glory\AppData\Roaming\mjusbsp\magicJackLoader.exe/$PLUGINSDIR\nsMagicJack2.dll
  • 0

#12
maliprog
Posted 31 October 2012 - 12:04 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gg101,

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply

Step 2

Please update your Malwarebytes and do Quick Scan. Remove all findings and post log here for me.

Step 3

Please don't forget to include these items in your reply:

  • aswMBR log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#13
gg101
Posted 31 October 2012 - 07:08 AM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-31 07:17:52
-----------------------------
07:17:52.597 OS Version: Windows x64 6.1.7600
07:17:52.597 Number of processors: 2 586 0x170A
07:17:52.597 ComputerName: GLORY-PC UserName: Glory
07:17:55.937 Initialize success
07:32:01.198 AVAST engine defs: 12103100
07:57:43.768 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:57:43.778 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 3
07:57:43.778 Device \Driver\iaStor -> MajorFunction fffffa80041255e8
07:57:43.778 Disk 0 MBR read successfully
07:57:43.788 Disk 0 MBR scan
07:57:43.788 Disk 0 unknown MBR code
07:57:43.808 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
07:57:43.868 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290292 MB offset 409600
07:57:43.908 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14649 MB offset 594927616
07:57:43.928 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
07:57:44.018 Disk 0 scanning C:\Windows\system32\drivers
07:57:57.488 Service scanning
07:58:30.868 Modules scanning
07:58:31.208 Disk 0 trace - called modules:
07:58:31.218 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80041255e8]<<
07:58:31.228 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e0d740]
07:58:31.238 3 CLASSPNP.SYS[fffff88000fd143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80023ff050]
07:58:31.258 \Driver\iaStor[0xfffffa800409fbb0] -> IRP_MJ_CREATE -> 0xfffffa80041255e8
07:58:35.138 AVAST engine scan C:\Windows
07:58:38.983 AVAST engine scan C:\Windows\system32
08:02:00.866 AVAST engine scan C:\Windows\system32\drivers
08:02:14.586 AVAST engine scan C:\Users\Glory
08:07:10.944 Disk 0 MBR has been saved successfully to "C:\Users\Glory\Desktop\MBR.dat"
08:07:10.958 The log file has been saved successfully to "C:\Users\Glory\Desktop\aswMBR.txt"
08:14:49.370 AVAST engine scan C:\ProgramData
10:46:13.203 Scan finished successfully
11:47:19.095 Disk 0 MBR has been saved successfully to "C:\Users\Glory\Desktop\MBR.dat"
11:47:19.105 The log file has been saved successfully to "C:\Users\Glory\Desktop\aswMBR.txt"

Edited by gg101, 31 October 2012 - 10:48 AM.

  • 0

#14
gg101
Posted 31 October 2012 - 10:53 AM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
this is how mbr.dat showed up on notepad.....




3ÀŽÐ¼ |ûŽÀŽØ‹ô¿ ¹ üó¤ê` RecoveryMgr àu#
W ÿÿÿÿÿÿÿÿ†L½¾0¬´3ÛÍ
Àuõã þSSèm ë6¸_fºQPH_Í€ãt ë$‹lúf¡¿T±òf¯ût
¡= ƒø$væ°„Àu»Æ}f‹7f‹>,f;÷t€Ãsîë»(ë»Â}€ü x€Ãsõëþfÿwè ÿäÈ ´²€ÍŠÁ$?þÆŠØöæÀé†ÍA‘÷á9V‹V‹Fs÷ñ‘’öó†ÍÀáÌAŠð¸» |†&ëƒÄRPh |jj‹ô¸ B²€ÍÉ PS» $ˆGä`<àt<t<*t <6t<8t„Àyfƒ' ëþˆ[Xê è}I} € ! ~%  8 ~&þÿÿ @  o# þÿÿþÿÿ àu# ÈÉ þÿÿ þÿÿ ¨?%°: Uª
  • 0

#15
gg101
Posted 31 October 2012 - 11:05 AM

gg101

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.31.04

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Glory :: GLORY-PC [administrator]

10/31/2012 11:54:08 AM
mbam-log-2012-10-31 (12-03-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226801
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4580 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP