Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

All downloads reportedly contain a vrius [Solved]

Started by edsmith323 , May 06 2013 06:22 AM

Page 3 of 5
1
2
3
4
5

This topic is locked

#31
edsmith323

Posted 19 May 2013 - 02:12 AM

Member

Topic Starter
Member
57 posts

Tom

CBS Log

http://www.sendspace.com/file/19840u

#32
tom982

Posted 19 May 2013 - 03:44 AM

Member 1K

Member
1,183 posts

Hi Ed,

Thanks for the log. Whilst we await confirmation from my instructor on my fix, we might as well continue with this SFC issue. SFC failed due to what seems to be a missing directory:

2013-05-18 16:51:23, Info                  CSI    000001ee [SR] Verifying 100 (0x00000064) components
2013-05-18 16:51:23, Info                  CSI    000001ef [SR] Beginning Verify and Repair transaction
2013-05-18 16:51:39, Error                 CSI    000001f0 (F) STATUS_FILE_IS_A_DIRECTORY #4676410# from Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile(flags = (AllowFileNotFound|AllowSharingViolation|AllowAccessDenied), handle = {provider=NULL, handle=0}, da = (SYNCHRONIZE|FILE_READ_ATTRIBUTES|FILE_READ_DATA), oa = @0xe6ea1c->OBJECT_ATTRIBUTES {s:24; rd:NULL; on:[129]"\SystemRoot\WinSxS\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\MpEvMsg.dll"; a:(OBJ_CASE_INSENSITIVE)}, iosb = @0xe6e9d4, as = (null), fa = 0, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), cd = FILE_OPEN, co = (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT), eab = NULL, eal = 0, disp = Invalid)
[gle=0xd00000ba]
2013-05-18 16:51:39, Error                 CSI    000001f1@2013/5/18:15:51:39.437 (F) d:\longhorn\base\wcp\sil\merged\ntu\ntsystem.cpp(1849): Error STATUS_FILE_IS_A_DIRECTORY originated in function Windows::Rtl::SystemImplementation::DirectFileSystemProvider::SysCreateFile expression: (null)
[gle=0x80004005]
2013-05-18 16:51:48, Error                 CSI    000001f2 (F) STATUS_FILE_IS_A_DIRECTORY #4676409# from Windows::Rtl::SystemImplementation::CDirectory::OpenExistingFile(...)[gle=0xd00000ba]
2013-05-18 16:51:48, Error                 CSI    000001f3 (F) STATUS_FILE_IS_A_DIRECTORY #4676408# from Windows::Rtl::SystemImplementation::CDirectory_IRtlDirectoryTearoff::OpenExistingFile(flags = (MissingFileIsOk|SharingViolationIsOk|AccessDeniedIsOk), da = (SYNCHRONIZE|FILE_READ_DATA), oa = @0xe6ebc4->SIL_OBJECT_ATTRIBUTES {s:20; on:"MpEvMsg.dll"; a:(OBJ_CASE_INSENSITIVE)}, sa = (FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE), oo = (FILE_SYNCHRONOUS_IO_NONALERT|FILE_NON_DIRECTORY_FILE), file = NULL, disp = Invalid)
[gle=0xd00000ba]

Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Click on the Start button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
When command prompt opens, copy and paste the following commands into it, press enter after each

dir C:\Windows\WinSxS\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\
Right-click on the Command Prompt window and click Select All, this will invert all of the colours by selecting the text, now press enter. All of this text is now copied.
Paste (Ctrl+V) it into your next post please.

Tom

#33
tom982

Posted 19 May 2013 - 05:50 AM

Member 1K

Member
1,183 posts

Hi Ed,

In addition to the above, could you run the following script:

Re-run AVPTool
Select the Manual Disinfection tab and press Script execution

Where it states Insert text script in the following box copy the below script and press Run script
Copy from Begin until End
Posted Image

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteFile('ИЭ€ѓ u\bin\npjpi170_17.dll');
 BC_DeleteFile('ИЭ€ѓ u\bin\npjpi170_17.dll');
 DeleteFile('g:\setup_11.0.0.1245.x01_2013_05_17_00_57.exe');
 BC_DeleteFile('g:\setup_11.0.0.1245.x01_2013_05_17_00_57.exe');
 DeleteFile('C:\Windows\system32\DRIVERS\2768321drv.sys');
 BC_DeleteFile('C:\Windows\system32\DRIVERS\2768321drv.sys');
 DeleteFile('C:\Windows\system32\system');
 BC_DeleteFile('C:\Windows\system32\system');
BC_Activate;
BC_ImportDeletedList;
BC_ImportAll;
ExecuteSysClean;
RebootWindows(true);
end.

Your system will reboot on completion, if it does not please do so yourself
On completion please run another analysis scan and attach the zip file

Tom

#34
edsmith323

Posted 19 May 2013 - 06:49 AM

Member

Topic Starter
Member
57 posts

Tom

Command Prompt Copy and Paste

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>dir C:\Windows\WinSxS\x86_security-malware-windows-defender-
events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f\
Volume in drive C has no label.
Volume Serial Number is 7378-680D

Directory of C:\Windows\WinSxS\x86_security-malware-windows-defender-events_31b
f3856ad364e35_6.0.6000.16386_none_b3613e39beae266f

02/11/2006 13:35 <DIR> .
02/11/2006 13:35 <DIR> ..
02/11/2006 13:35 <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
1 File(s) 65,640 bytes
2 Dir(s) 20,953,784,320 bytes free

C:\Windows\system32>

#35
tom982

Posted 19 May 2013 - 08:23 AM

Member 1K

Member
1,183 posts

Batch File

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Click on the Start button and in the search box, type Notepad and click on it

Copy (Ctrl+C) all of the text in the following box and paste (Ctrl+V) it into Notepad


CD \
DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
START JunctionPoints.txt
EXIT

Go to File > Save As... and save it to your Desktop named fix.bat. Make sure you change the Save as type to All Files (*.*)
Locate fix.bat on your Desktop and right click then select Run as administrator

When this finishes scanning, it should open a file, JunctionPoints.txt, copy and paste this into your next post please. If it doesn't open, it can be found on your Desktop.

Tom

#36
edsmith323

Posted 19 May 2013 - 08:51 AM

Member

Topic Starter
Member
57 posts

Tom

I get an error when try to run the script.

Manual Disinfection: malfunction (events: 4, time: 00:00:01)
19/05/2013 15:46:45 Task started Manual Disinfection
19/05/2013 15:46:46 Script error: ')' expected, position [4:13]
19/05/2013 15:46:46 Processing error Error: ')' expected at position 4:13 Error code: 00000000
19/05/2013 15:46:46 Unable to start tasks Manual Disinfection Error code: 99C63001

Attached Files

run script error.txt 372bytes 89 downloads

#37
edsmith323

Posted 19 May 2013 - 08:52 AM

Member

Topic Starter
Member
57 posts

currently running fix.bat and will post results in a due course

#38
edsmith323

Posted 19 May 2013 - 08:54 AM

Member

Topic Starter
Member
57 posts

Junction Points.txt

Volume in drive C has no label.
Volume Serial Number is 7378-680D

Directory of C:\

02/11/2006 14:02 <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes

Directory of C:\Program Files\Windows Defender

02/11/2006 13:42 <SYMLINKD> en-US [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpClient.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
02/11/2006 13:35 <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
11/04/2009 07:27 <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
14 File(s) 4,344,192 bytes

Directory of C:\Program Files\Windows Defender\en-US\systemprofile

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15/05/2009 17:10 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
31/07/2012 14:39 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
31/07/2012 14:39 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/07/2012 14:39 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/07/2012 14:39 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
31/07/2012 14:39 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
31/07/2012 14:39 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
31/07/2012 14:39 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15/05/2009 17:10 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15/05/2009 17:10 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Program Files\Windows Defender\en-US\systemprofile\Documents

31/07/2012 14:39 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
31/07/2012 14:39 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
31/07/2012 14:39 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes

Directory of C:\ProgramData

02/11/2006 14:02 <JUNCTION> Application Data [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [c:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [c:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [c:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users

02/11/2006 14:02 <SYMLINKD> All Users [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes

Directory of C:\Users\All Users

02/11/2006 14:02 <JUNCTION> Application Data [c:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [c:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [c:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [c:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default

02/11/2006 14:02 <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
02/11/2006 14:02 <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> My Documents [c:\Users\Default\Documents]
02/11/2006 14:02 <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 14:02 <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 14:02 <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 14:02 <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 14:02 <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

02/11/2006 14:02 <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 14:02 <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

02/11/2006 14:02 <JUNCTION> My Music [c:\Users\Default\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [c:\Users\Default\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Ed

12/02/2008 21:17 <JUNCTION> Application Data [C:\Users\Ed\AppData\Roaming]
12/02/2008 21:17 <JUNCTION> Cookies [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Cookies]
12/02/2008 21:17 <JUNCTION> Local Settings [C:\Users\Ed\AppData\Local]
12/02/2008 21:17 <JUNCTION> My Documents [C:\Users\Ed\Documents]
12/02/2008 21:17 <JUNCTION> NetHood [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/02/2008 21:17 <JUNCTION> PrintHood [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/02/2008 21:17 <JUNCTION> Recent [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Recent]
12/02/2008 21:17 <JUNCTION> SendTo [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\SendTo]
12/02/2008 21:17 <JUNCTION> Start Menu [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu]
12/02/2008 21:17 <JUNCTION> Templates [C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\Ed\AppData\Local

12/02/2008 21:17 <JUNCTION> Application Data [C:\Users\Ed\AppData\Local]
12/02/2008 21:17 <JUNCTION> History [C:\Users\Ed\AppData\Local\Microsoft\Windows\History]
12/02/2008 21:17 <JUNCTION> Temporary Internet Files [C:\Users\Ed\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\Ed\Documents

12/02/2008 21:17 <JUNCTION> My Music [C:\Users\Ed\Music]
12/02/2008 21:17 <JUNCTION> My Pictures [C:\Users\Ed\Pictures]
12/02/2008 21:17 <JUNCTION> My Videos [C:\Users\Ed\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

02/11/2006 14:02 <JUNCTION> My Music [c:\Users\Public\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [c:\Users\Public\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
15/05/2009 17:10 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
31/07/2012 14:39 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
31/07/2012 14:39 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/07/2012 14:39 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/07/2012 14:39 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
31/07/2012 14:39 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
31/07/2012 14:39 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
31/07/2012 14:39 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\AppData\Local

15/05/2009 17:10 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
15/05/2009 17:10 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
15/05/2009 17:10 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\Documents

31/07/2012 14:39 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
31/07/2012 14:39 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
31/07/2012 14:39 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes

Directory of C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f

02/11/2006 13:35 <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
1 File(s) 65,640 bytes

Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1

02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
3 File(s) 681,784 bytes

Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5

02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpClient.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 File(s) 3,765,552 bytes

Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411

02/11/2006 13:34 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpClient.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtMon.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpRtPlug.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSigDwn.dll [c:\windows\system32\config]
11/04/2009 07:27 <SYMLINK> MpSoftEx.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
19/01/2008 08:38 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
02/11/2006 13:34 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
13 File(s) 4,278,552 bytes

Total Files Listed:
43 File(s) 13,135,720 bytes
80 Dir(s) 29,439,541,248 bytes free

#39
Essexboy

Posted 19 May 2013 - 10:03 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there I am just jumping in before Tom replies.. Could you run an OTL scan for me please with the following custom scan, this is a new infection and we are trying to figure out how to find it then kill it. Once you have run this could you then follow Tom's fix

Run OTL.
Select All Users
Under the Custom Scan box paste this in

c:\windows\*. /JN
C:\Windows\winsxs\*. /JN
C:\Program Files\Windows Defender\*. /JN
C:\Program Files\Microsoft Security Client\*. /JN
C:\Program Files\Microsoft Security Client\Drivers\*. /JN
C:\Program Files\Microsoft Security Client\Backup\*. /JN
C:\Program Files\Microsoft Security Client\en-us\*. /JN
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window.
Post that log please

#40
tom982

Posted 19 May 2013 - 10:11 AM

Member 1K

Member
1,183 posts

Hi there I am just jumping in before Tom replies.. Could you run an OTL scan for me please with the following custom scan, this is a new infection and we are trying to figure out how to find it then kill it. Once you have run this could you then follow Tom's fix

That he hasn't posted yet :lol:

Shall I post it after you have gathered the information you require?

#41
Essexboy

Posted 19 May 2013 - 10:24 AM

GeekU Moderator

Retired Staff
69,964 posts

Thanks Tom, If possible yes

#42
edsmith323

Posted 19 May 2013 - 11:38 AM

Member

Topic Starter
Member
57 posts

OTL Log

OTL logfile created on: 19/05/2013 17:34:30 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ed\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 39.22% Memory free
5.62 Gb Paging File | 3.57 Gb Available in Paging File | 63.54% Paging File free
Paging file location(s): c:\pagefile.sys 2877 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.99 Gb Total Space | 27.42 Gb Free Space | 19.59% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 1.31 Gb Free Space | 84.21% Space Free | Partition Type: NTFS
Drive F: | 7.51 Gb Total Space | 0.75 Gb Free Space | 10.01% Space Free | Partition Type: NTFS
Drive G: | 111.79 Gb Total Space | 81.52 Gb Free Space | 72.93% Space Free | Partition Type: NTFS

Computer Name: ED-PC | User Name: Ed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/17 01:01:36 | 165,538,512 | ---- | M] () -- C:\Users\Ed\Desktop\setup_11.0.0.1245.x01_2013_05_17_00_57.exe
PRC - [2013/05/17 00:57:50 | 000,717,080 | ---- | M] () -- C:\Users\Ed\AppData\Local\temp\RarSFX5\2768321.exe
PRC - [2013/05/17 00:57:48 | 000,457,520 | ---- | M] (Kaspersky Lab) -- C:\Users\Ed\AppData\Local\temp\6362745\2768321.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/04/13 10:41:04 | 000,358,456 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/01/18 06:06:06 | 000,078,592 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2009/07/19 22:21:42 | 000,296,224 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2009/07/06 15:34:58 | 011,227,136 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/12/20 14:36:50 | 000,135,168 | ---- | M] (Vimicro Corporation) -- C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/05/23 12:24:44 | 000,085,672 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2007/05/23 12:19:18 | 000,192,168 | ---- | M] (Maxtor Corp) -- C:\Program Files\Maxtor\MSS Backup\MaxBackService.exe
PRC - [2007/05/09 04:22:44 | 001,400,488 | ---- | M] (Maxtor) -- C:\Program Files\Maxtor\ManagerApp\msssort.exe
PRC - [2007/03/29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/03/29 14:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/08 10:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/04/23 11:00:36 | 000,192,512 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/17 10:04:16 | 000,686,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\2bc38488f9988db801a844e2590294a3\System.Security.ni.dll
MOD - [2013/05/17 10:04:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013/05/17 09:59:09 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013/05/17 01:01:36 | 165,538,512 | ---- | M] () -- C:\Users\Ed\Desktop\setup_11.0.0.1245.x01_2013_05_17_00_57.exe
MOD - [2013/05/17 00:57:50 | 000,717,080 | ---- | M] () -- C:\Users\Ed\AppData\Local\temp\RarSFX5\2768321.exe
MOD - [2013/04/10 02:38:48 | 002,010,624 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_core220.dll
MOD - [2013/04/10 02:38:48 | 001,241,088 | ---- | M] () -- C:\Program Files\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2013/02/13 22:34:31 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/10 15:59:04 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013/01/10 15:41:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 15:39:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/10 15:38:33 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/10 15:35:10 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/10 15:34:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/07/13 22:33:54 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/02/16 00:34:36 | 000,715,912 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
MOD - [2008/02/16 00:34:15 | 000,446,464 | ---- | M] () -- C:\Windows\SMINST\naspp.dll
MOD - [2007/06/28 17:48:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34876__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34886__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,688,128 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2589.35106__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34900__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.35144__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.35129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.35080__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34898__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34860__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:41 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.35011__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:40 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.35177__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:09 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.35093__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:09 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.35183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:09 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.35098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34854__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.35024__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34915__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34863__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.35114__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:08 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34907__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.35169__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.35045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.35090__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.35020__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.35168__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.35044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:08 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34921__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.35137__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2589.35085__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.35014__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.35069__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007/06/28 17:48:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34923__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007/06/28 17:48:07 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.35012__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.35019__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.35066__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007/06/28 17:48:07 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/06/28 17:48:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/06/28 17:48:06 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/06/28 17:48:06 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/06/28 17:48:06 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007/06/28 17:48:05 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007/06/28 17:48:05 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/06/28 17:48:04 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/06/28 17:48:04 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/06/28 17:47:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.35208__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/06/28 17:47:55 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34870__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/06/28 17:47:55 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.35160__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/06/28 17:47:55 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34837__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/06/28 17:47:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.35158__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/06/28 17:47:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/06/28 17:47:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/06/28 17:47:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34848__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/06/28 17:47:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34838__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/06/28 17:47:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34836__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/06/28 17:47:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/06/28 17:47:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007/06/28 17:47:54 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.35160__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/03/29 14:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/03/29 13:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/02/02 17:01:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/10/26 17:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/05/15 19:38:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/01 13:25:25 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/13 10:36:32 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/03/05 11:08:42 | 000,256,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2010/01/18 05:59:28 | 000,192,768 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2010/01/18 05:59:20 | 000,150,272 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/12/20 19:29:15 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2009/12/17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/07/06 15:35:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/04/11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/05 21:45:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 08:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008/01/19 08:33:40 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2008/01/19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/02 13:36:35 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
DRV - [2013/05/17 00:56:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\50375998.sys -- (50375998)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/01/31 10:50:58 | 000,022,656 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/10/11 04:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/11/06 13:11:12 | 000,035,008 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/05 11:09:08 | 000,051,480 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/03/05 11:09:00 | 000,013,032 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/03/05 11:08:58 | 000,012,600 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/03/05 11:08:56 | 000,109,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2010/01/12 17:42:54 | 000,252,928 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2009/12/17 23:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/11/23 17:42:58 | 000,024,576 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/07/29 13:00:52 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/19 22:17:36 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/02/17 13:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 13:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/04/10 22:33:39 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/01/19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/07/31 19:45:50 | 000,076,800 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/04/10 23:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/02/09 00:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/02 17:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/12/13 12:10:18 | 000,030,656 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\Windows\System32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2006/11/02 09:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/30 12:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2006/10/26 17:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/11/03 18:14:36 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2004/11/03 18:14:36 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus)
DRV - [2004/07/16 16:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2001/11/05 09:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonyhcs.sys -- (sonyhcs)
DRV - [2001/11/05 09:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sonyhcb.sys -- (sonyhcb)
DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\..\SearchScopes,DefaultScope = {8E02D41C-5924-4816-9490-33CCD28BEB72}
IE - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\..\SearchScopes\{9F536F17-19AC-43C6-AAE3-0D44B531B5BC}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/10 13:49:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/05 08:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/05/15 15:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/13 14:36:24 | 000,000,000 | ---D | M]

[2010/03/18 19:13:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions
[2009/01/15 21:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ed\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/03/18 19:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Ed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/06 12:59:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ed\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_50375998.lnk = C:\Users\Ed\AppData\Local\temp\_uninst_50375998.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3383664648-3697021102-3418656205-1006\..Trusted Domains: cslconnect.com ([cslvpn] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553547600} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70308F02-798D-4916-8232-B3B115A8F3D4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/19 15:25:10 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\50375998.sys
[2013/05/17 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/05/16 16:29:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/16 16:13:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/16 16:13:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/16 16:13:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/16 16:13:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/16 16:13:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/16 16:13:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/16 16:13:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/16 16:13:06 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/16 16:11:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/15 14:26:44 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{0C4DD361-8968-4722-9CE3-3D2DD4D91A25}
[2013/05/14 18:50:55 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\HPAppData
[2013/05/13 22:50:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/13 22:29:12 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ed\Desktop\aswMBR.exe
[2013/05/13 22:29:12 | 000,404,896 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ed\Desktop\sc-cleaner.exe
[2013/05/12 11:59:21 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\OTL fix
[2013/05/09 21:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/09 21:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/09 20:54:54 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{75B79B04-1CC2-48E2-BDFE-607F99AFC55B}
[2013/05/09 07:23:05 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{B3B5D0EF-6FBE-40CA-A4A7-65467DA14B0B}
[2013/05/08 14:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{5DBDC8C7-F1C4-4376-9275-4064F5BF7E34}
[2013/05/07 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\MicroVision Applications
[2013/05/07 19:45:41 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{B1E17FE6-3F16-4E44-9C7D-0ACC8C4EFB00}
[2013/05/07 19:21:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Sony
[2013/05/07 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/05/07 18:37:17 | 000,000,000 | ---D | C] -- C:\Users\Ed\Documents\Jess Wedding Music
[2013/05/07 16:46:07 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/05/07 16:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/05/07 16:03:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/07 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Roaming\vlc
[2013/05/07 15:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/07 15:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/05/07 07:45:30 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{12FC7E38-10B8-469F-BB79-62C948A82FC5}
[2013/05/06 21:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 13:14:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/06 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\temp
[2013/05/06 10:07:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/06 10:07:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/06 10:07:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/06 10:04:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/05/06 10:03:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/06 09:15:27 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{CB6AB4E8-DF70-4263-A83B-D1BBD563B3AF}
[2013/05/02 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{886EB09B-28FB-4D5A-80EA-52833FD269D5}
[2013/04/29 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Morley-IAS by Honeywell
[2013/04/29 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\{D6BB5D0F-9149-4BE7-BFF9-1528D83F040E}
[2013/04/25 13:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vimicro USB2.0 UVC PC Camera
[2013/04/25 13:36:32 | 000,000,000 | ---D | C] -- C:\Users\Ed\Desktop\UVC
[2013/04/25 13:35:37 | 000,000,000 | ---D | C] -- C:\Windows\VMUVC
[2013/04/25 13:32:18 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\vvftUVC.sys
[2013/04/25 13:32:11 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\vvftUVC.ax
[2013/04/25 13:32:11 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\Windows\System32\VvFtCtrl.dll
[2013/04/25 13:31:22 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMUVC.dll
[2013/04/25 13:31:18 | 000,516,096 | ---- | C] (vimicro) -- C:\Windows\System32\VMUVC.ax
[2013/04/25 13:31:17 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\exvmuvc.ax
[2013/04/25 13:31:16 | 000,252,928 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMUVC.sys
[2013/04/25 13:31:16 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMCtrl.ax
[2013/04/25 13:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro Corporation
[2013/04/25 12:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texecom
[2013/04/24 14:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Texecom
[2013/04/22 18:31:22 | 000,000,000 | ---D | C] -- C:\Users\Ed\AppData\Local\Cisco
[2013/04/22 18:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/04/22 18:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2013/04/22 18:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/19 17:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/19 16:52:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/19 15:54:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 15:54:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 15:39:08 | 000,000,098 | ---- | M] () -- C:\Users\Ed\Desktop\fix.bat
[2013/05/19 15:28:27 | 000,000,835 | ---- | M] () -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_50375998.lnk
[2013/05/19 15:04:13 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/19 13:54:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/19 13:53:56 | 3086,278,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/19 13:52:05 | 000,012,780 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/19 13:51:36 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Embedded Security Backup Schedule.job
[2013/05/19 12:00:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\Security Platform Backup Schedule.job
[2013/05/18 21:49:37 | 000,716,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/18 21:49:36 | 000,148,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/17 09:54:20 | 001,785,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/17 01:01:36 | 165,538,512 | ---- | M] () -- C:\Users\Ed\Desktop\setup_11.0.0.1245.x01_2013_05_17_00_57.exe
[2013/05/17 00:56:29 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\50375998.sys
[2013/05/15 19:38:32 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 19:38:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/15 15:42:51 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/05/15 14:12:46 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/05/13 22:48:00 | 000,000,512 | ---- | M] () -- C:\Users\Ed\Desktop\MBR.dat
[2013/05/13 21:47:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ed\Desktop\aswMBR.exe
[2013/05/13 21:41:54 | 000,404,896 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ed\Desktop\sc-cleaner.exe
[2013/05/10 13:49:37 | 000,001,426 | ---- | M] () -- C:\Users\Ed\Desktop\DivX Movies.lnk
[2013/05/10 13:49:02 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/10 13:48:02 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/10 13:42:03 | 000,000,000 | ---- | M] () -- C:\END
[2013/05/09 21:06:51 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/07 19:49:52 | 000,071,432 | ---- | M] () -- C:\Users\Ed\Documents\Life House - Everything 1st Dance.mp3.sfk
[2013/05/07 19:35:38 | 000,002,396 | ---- | M] () -- C:\Users\Ed\Documents\Register Sound Forge Pro.htm
[2013/05/07 19:22:02 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2013/05/07 18:32:10 | 000,013,734 | ---- | M] () -- C:\Users\Ed\Documents\SONY.Sound.Forge.Pro.10.Build.507.(patch-keygen.DI).torrent
[2013/05/07 18:09:08 | 000,002,384 | ---- | M] () -- C:\Users\Ed\Documents\Activate MP3 Plug-In.htm
[2013/05/07 17:54:23 | 000,072,272 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfk
[2013/05/07 17:54:12 | 005,867,520 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg
[2013/05/07 17:54:12 | 000,000,032 | ---- | M] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfl
[2013/05/07 15:41:30 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/06 21:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ed\Desktop\OTL.exe
[2013/05/06 12:59:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/06 10:20:36 | 000,000,566 | ---- | M] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/05 20:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/03 14:15:50 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/05/01 16:53:56 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/01 14:56:07 | 000,002,579 | ---- | M] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/24 16:46:13 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | M] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/23 07:36:55 | 000,001,995 | ---- | M] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | M] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/19 15:39:08 | 000,000,098 | ---- | C] () -- C:\Users\Ed\Desktop\fix.bat
[2013/05/19 15:28:27 | 000,000,835 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_50375998.lnk
[2013/05/18 19:36:07 | 165,538,512 | ---- | C] () -- C:\Users\Ed\Desktop\setup_11.0.0.1245.x01_2013_05_17_00_57.exe
[2013/05/15 15:42:51 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/05/15 15:42:49 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/05/13 22:48:00 | 000,000,512 | ---- | C] () -- C:\Users\Ed\Desktop\MBR.dat
[2013/05/10 13:49:02 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013/05/10 13:48:02 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/05/10 13:42:03 | 000,000,000 | ---- | C] () -- C:\END
[2013/05/07 19:48:46 | 000,071,432 | ---- | C] () -- C:\Users\Ed\Documents\Life House - Everything 1st Dance.mp3.sfk
[2013/05/07 19:27:52 | 000,002,396 | ---- | C] () -- C:\Users\Ed\Documents\Register Sound Forge Pro.htm
[2013/05/07 19:22:02 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2013/05/07 18:32:10 | 000,013,734 | ---- | C] () -- C:\Users\Ed\Documents\SONY.Sound.Forge.Pro.10.Build.507.(patch-keygen.DI).torrent
[2013/05/07 17:54:12 | 000,072,272 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfk
[2013/05/07 17:54:12 | 000,000,032 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg.sfl
[2013/05/07 17:54:06 | 005,867,520 | ---- | C] () -- C:\Users\Ed\Documents\Sound 1.mpg
[2013/05/07 17:29:26 | 000,002,384 | ---- | C] () -- C:\Users\Ed\Documents\Activate MP3 Plug-In.htm
[2013/05/07 16:48:36 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/05/07 15:41:30 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/06 10:20:36 | 000,000,566 | ---- | C] () -- C:\Users\Ed\Desktop\ComboFix.exe - Shortcut.lnk
[2013/05/06 10:07:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/06 10:07:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/06 10:07:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/06 10:07:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/06 10:07:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/01 17:01:26 | 3086,278,656 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/29 17:43:18 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.23A.lnk
[2013/04/29 17:40:28 | 000,002,579 | ---- | C] () -- C:\Users\Public\Desktop\Fire 6.21B.lnk
[2013/04/25 12:37:34 | 000,000,906 | ---- | C] () -- C:\Users\Ed\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2013/04/25 12:37:34 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\ManyCam.lnk
[2013/04/24 16:46:13 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Wintex.lnk
[2013/04/24 14:45:13 | 000,000,011 | ---- | C] () -- C:\Users\Ed\Premier Flasher.conf
[2013/04/24 14:44:23 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Premier Elite Flasher.lnk
[2013/04/22 18:28:15 | 000,001,102 | ---- | C] () -- C:\Users\Ed\Desktop\Cisco AnyConnect VPN Client.lnk
[2013/02/12 13:52:10 | 000,000,680 | ---- | C] () -- C:\Users\Ed\AppData\Local\d3d9caps.dat
[2012/08/30 23:16:16 | 000,027,520 | ---- | C] () -- C:\Users\Ed\AppData\Local\dt.dat
[2011/10/11 13:23:25 | 000,406,016 | ---- | C] () -- C:\Windows\System32\PSDrvCheck.exe
[2011/10/07 17:23:24 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2010/09/10 00:11:57 | 000,000,000 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\chrtmp
[2010/07/23 00:11:17 | 000,000,459 | ---- | C] () -- C:\Users\Ed\AppData\Roaming\plugins.xml
[2009/05/19 00:30:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG1
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.XG0
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.X02
[2008/09/23 09:21:34 | 000,006,144 | ---- | C] () -- C:\Users\Ed\Comms.DB
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG1
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.YG0
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.Y02
[2008/09/23 09:21:34 | 000,004,096 | ---- | C] () -- C:\Users\Ed\Comms.PX
[2008/09/23 09:21:34 | 000,000,777 | ---- | C] () -- C:\Users\Ed\Comms.VAL
[2008/02/16 00:08:33 | 000,105,984 | ---- | C] () -- C:\Users\Ed\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/04 00:03:14 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/02/04 00:03:14 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2009/11/23 21:31:23 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ALK Technologies
[2012/10/15 17:48:25 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\AVG2013
[2009/12/28 12:00:08 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\AVG9
[2008/09/26 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/18 01:12:35 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Credential Manager
[2013/05/19 15:06:12 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Dropbox
[2008/02/12 22:53:42 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Hewlett Packard
[2011/12/25 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\HTC
[2008/02/12 22:52:13 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Infineon
[2008/04/29 18:40:02 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\InterVideo
[2010/09/10 00:11:17 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\JAVAUpdate9
[2008/04/24 01:36:34 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Jeyo
[2012/11/23 02:39:24 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\ManyCam
[2011/06/13 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Maxtor Quick Start
[2011/03/25 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Opera
[2010/09/21 19:46:00 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\PandoraRecovery
[2013/05/07 19:49:50 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Publish Providers
[2008/02/16 00:55:43 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\SampleView
[2013/05/07 19:36:20 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Sony
[2009/11/28 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Teleca
[2011/10/25 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Thunderbird
[2009/01/15 21:18:48 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\TomTom
[2009/09/03 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Trusteer
[2013/05/19 15:19:49 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\uTorrent
[2010/11/25 19:01:12 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\Windows Live Writer
[2008/02/12 23:02:49 | 000,000,000 | ---D | M] -- C:\Users\Ed\AppData\Roaming\{A004037C-8B9A-4390-9074-1D3EEE0A3BDF}

========== Purity Check ==========

========== Custom Scans ==========

< c:\windows\*. /JN >
[2006/11/02 14:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 14:01:23 | 000,032,558 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008/02/13 01:21:29 | 000,000,322 | ---- | C] () -- C:\Windows\Tasks\Security Platform Backup Schedule.job
[2010/12/03 15:21:58 | 000,000,322 | ---- | C] () -- C:\Windows\Tasks\Embedded Security Backup Schedule.job
[2012/04/18 18:06:27 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/09/03 19:20:41 | 000,000,874 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/09/03 19:20:44 | 000,000,878 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< C:\Windows\winsxs\*. /JN >

< C:\Program Files\Windows Defender\*. /JN >

< C:\Program Files\Microsoft Security Client\*. /JN >

< C:\Program Files\Microsoft Security Client\Drivers\*. /JN >

< C:\Program Files\Microsoft Security Client\Backup\*. /JN >

< C:\Program Files\Microsoft Security Client\en-us\*. /JN >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Program Files\Windows Defender\en-US] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:C895616B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >