Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus. Startup Repair, System Restore, and Safe Mode aren't workin

Started by dantecantal , Aug 30 2010 11:14 AM

  • This topic is locked This topic is locked

#1
dantecantal
Posted 30 August 2010 - 11:14 AM

dantecantal

    Member

  • Member
  • PipPip
  • 58 posts
AVG was detecting some threats. They were infecting what looked like important files in the system32 folder. I scanned with Malware Bytes and it found over a hundred threats! They were all malware.packer.gen. I wasn't thinking and decided to quarantine and delete the files. Now I'm thinking I deleted important files necessary to run Windows.

When I turn on my computer it launches Startup Repair. Unfortunately it says "Startup Repair cannot repair this computer automatically." it also stated Startup Repair cannot determine the cause of the problem.

I decided to try a System Restore. I chose a checkpoint and it said it was successful and needed a restart to complete the process. However, when i restart it, it goes back to Startup Repair and the whole process starts all over again. I can't run it in safe mode as it brings me back to the same screen. I tried using the command prompt and typing in sfc/scannow. but it says i need to restart it to complete the system restore process.

I really need to keep all my files and any help will be appreciated :)

Thank you

Edited by dantecantal, 30 August 2010 - 11:18 AM.

  • 0

Advertisements

#2
Essexboy
Posted 30 August 2010 - 11:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will try to asist but no guarantees I am afraid, it all depends on what AVG deleted

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
    [attachment=44451:scan.txt]
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
dantecantal
Posted 30 August 2010 - 11:46 AM

dantecantal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
thank you. i actually have to get off the computer right now so i will post the results later.
  • 0

#4
dantecantal
Posted 30 August 2010 - 02:38 PM

dantecantal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
when i drag scan.txt, it says, "not a valid fix file!"
  • 0

#5
Essexboy
Posted 30 August 2010 - 03:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK double click on the custom scans and fixes and it will then pop up and ask you for the file location - select scan.txt and then press quick scan
  • 0

#6
dantecantal
Posted 30 August 2010 - 03:45 PM

dantecantal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
OTL logfile created on: 8/30/2010 3:24:24 PM - Run
OTLPE by OldTimer - Version 3.1.40.0 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581.12 Gb Total Space | 234.94 Gb Free Space | 40.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 15.00 Gb Total Space | 10.31 Gb Free Space | 68.75% Space Free | Partition Type: NTFS
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SessionLauncher)
SRV - [2010/07/15 13:28:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/26 03:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/16 21:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/28 03:39:02 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2008/07/22 12:59:42 | 000,794,624 | ---- | M] () [On_Demand] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2008/06/08 09:56:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/20 21:54:13 | 000,029,744 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-010708-104812)
SRV - [2008/05/20 21:40:29 | 000,072,704 | ---- | M] (Creative Labs) [Auto] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/14 14:25:22 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/12/14 14:25:20 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/12/14 14:25:12 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/10/03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/12 04:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto] -- C:\Windows\System32\drivers\ounoney.sys -- (sgyihxkkd)
DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- C:\Windows\System32\drivers\ntrigdigii.sys -- (ntrigdigii)
DRV - File not found [Kernel | Auto] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System] -- C:\Windows\System32\drivers\ctrkoirn.sys -- (ctrkoirn)
DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | System] -- C:\Windows\System32\drivers\BrFiltLoo.sys -- (BrFiltLoo)
DRV - File not found [Kernel | Disabled] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/24 03:28:18 | 000,000,000 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\qfwscoup.sys -- (qfwscoup)
DRV - [2010/07/15 13:28:40 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 13:28:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/04 11:44:45 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/26 13:14:36 | 000,051,472 | ---- | M] () [File_System | Boot] -- C:\Windows\System32\drivers\mfx.sys -- (MFX)
DRV - [2009/04/11 00:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 00:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/06/03 09:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 09:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/02 19:43:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/05/21 05:17:05 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/05/21 05:17:05 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/05/21 05:17:05 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/05/15 04:15:42 | 000,813,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2008/03/14 02:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/12/11 04:43:48 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/09/12 04:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/09/12 04:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/28 20:05:12 | 000,055,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/08/22 01:39:20 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/08/22 01:39:18 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/08/22 01:39:04 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/04/09 13:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 13:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 13:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/04/02 00:42:08 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/04/02 00:42:04 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/04/02 00:42:02 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/01/15 20:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:51:31 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2005/01/18 06:31:30 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0080521
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=0080521
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=0080521
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Dante_Anthony_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0080521
IE - HKU\Dante_Anthony_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=0080521
IE - HKU\Dante_Anthony_ON_C\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\Dante_Anthony_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Dante_Anthony_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 11:07:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 01:14:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files\Flock\components
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files\Flock\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.1b1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 1\components [2009/09/01 00:40:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.1b1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 1\plugins [2009/09/01 00:40:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 01:53:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/30 14:15:04 | 000,000,000 | ---D | M]

[2010/07/07 22:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/07/22 07:17:34 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2009/08/11 02:31:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (no name) - {C3EA26CC-40C7-4AEE-A1A1-CFF0785DB42D} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Dante_Anthony_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe (IMTiger Software Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\Admin_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Dante_Anthony_ON_C..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\Dante_Anthony_ON_C..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\Dante_Anthony_ON_C..\Run: [Orb] C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe (Orb Networks)
O4 - HKU\Dante_Anthony_ON_C..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\Dante_Anthony_ON_C..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Admin_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Dante_Anthony_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Dante_Anthony_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Dante_Anthony_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/25 16:00:40 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/25 16:00:45 | 000,000,053 | RHS- | M] () - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{11920c52-694d-11dd-ad30-001c26dd24a1}\Shell\AutoRun\command - "" = anoataly.exe
O33 - MountPoints2\{11920c52-694d-11dd-ad30-001c26dd24a1}\Shell\open\Command - "" = anoataly.exe
O33 - MountPoints2\{2c35736d-12e0-11df-97ad-001c26dd24a1}\Shell\AutoRun\command - "" = ws.exe
O33 - MountPoints2\{2c35736d-12e0-11df-97ad-001c26dd24a1}\Shell\open\Command - "" = ws.exe
O33 - MountPoints2\{2c357370-12e0-11df-97ad-001c26dd24a1}\Shell - "" = AutoRun
O33 - MountPoints2\{2c357370-12e0-11df-97ad-001c26dd24a1}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3205e2b6-482b-11df-b673-001c26dd24a1}\Shell\AutoRun\command - "" = anoataly.exe
O33 - MountPoints2\{3205e2b6-482b-11df-b673-001c26dd24a1}\Shell\open\Command - "" = anoataly.exe
O33 - MountPoints2\{776d58c4-557a-11dd-8b86-001c26dd24a1}\Shell\AutoRun\command - "" = H:\ghk.bat -- File not found
O33 - MountPoints2\{776d58c4-557a-11dd-8b86-001c26dd24a1}\Shell\explore\Command - "" = H:\ghk.bat -- File not found
O33 - MountPoints2\{776d58c4-557a-11dd-8b86-001c26dd24a1}\Shell\open\Command - "" = H:\ghk.bat -- File not found
O33 - MountPoints2\{a91604cb-7399-11df-ab9d-001c26dd24a1}\Shell\AutoRun\command - "" = N:\wd_windows_tools\setup.exe -- File not found
O33 - MountPoints2\{df7e4dbd-dba0-11de-9194-001c26dd24a1}\Shell\AutoRun\command - "" = qkm.exe
O33 - MountPoints2\{df7e4dbd-dba0-11de-9194-001c26dd24a1}\Shell\open\Command - "" = qkm.exe
O33 - MountPoints2\{e0783b37-30fd-11dd-af5b-001c26dd24a1}\Shell - "" = AutoRun
O33 - MountPoints2\{e0783b37-30fd-11dd-af5b-001c26dd24a1}\Shell\AutoRun\command - "" = M:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.MP42 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 23:59:07 | 000,000,000 | ---D | C] -- C:\Users\Dante Anthony\AppData\Local\{900B15DC-4D26-4E43-890F-8E3DD23BA2AA}
[2010/08/26 23:56:53 | 000,000,000 | ---D | C] -- C:\Users\Dante Anthony\AppData\Local\Windows Server
[2010/08/22 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/08/22 17:08:47 | 000,000,000 | ---D | C] -- C:\Users\Dante Anthony\AppData\Local\AIM Toolbar
[2010/08/22 02:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\AoA Audio Extractor
[2010/08/10 21:07:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/08/10 15:21:25 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/10 15:21:16 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/08/10 15:21:16 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/10 15:21:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/08/10 15:21:08 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/10 15:20:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/10 15:20:49 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/10 15:20:48 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/02 22:30:06 | 000,000,000 | ---D | C] -- C:\Users\Dante Anthony\Documents\StarCraft II
[2010/08/02 22:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2010/08/02 21:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/08/02 20:26:25 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/08/02 20:26:25 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/08/02 20:26:25 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/08/02 20:25:56 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/08/02 20:25:56 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/08/02 20:25:56 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/08/02 20:25:56 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/08/02 20:25:56 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/08/02 20:25:56 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/08/02 20:25:56 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/08/02 20:25:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/08/02 20:25:55 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/08/02 20:25:55 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/08/02 20:25:55 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/08/02 20:25:55 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/08/02 20:25:55 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/08/02 20:25:55 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/08/02 20:25:55 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/08/02 20:25:55 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/08/02 20:25:55 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/08/02 20:25:55 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/08/02 20:25:55 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/08/02 20:25:55 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/08/02 20:25:55 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/08/02 20:25:55 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/08/02 20:25:55 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/08/02 20:25:55 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/08/02 20:25:55 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/08/02 20:25:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/08/02 20:25:30 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/08/02 20:25:28 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/08/02 20:25:27 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/08/02 20:25:27 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/08/02 20:25:27 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/08/02 20:25:27 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/08/02 20:25:27 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/08/02 20:25:27 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/08/02 20:25:27 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/08/02 20:25:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/08/02 20:25:27 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/08/02 20:24:47 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/08/02 20:24:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/08/02 20:16:38 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/08/02 20:16:38 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/08/02 20:16:38 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/08/02 20:15:04 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/08/02 20:15:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/08/02 00:15:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/08/02 00:15:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/08/02 00:15:11 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/08/02 00:15:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/08/02 00:15:09 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/08/02 00:15:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/08/02 00:14:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/08/02 00:14:49 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/08/02 00:14:48 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/08/02 00:14:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/08/02 00:14:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/08/02 00:14:44 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/08/02 00:14:44 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/08/02 00:14:43 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/08/02 00:14:38 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/08/02 00:14:36 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/02 00:14:12 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/08/02 00:14:12 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/08/02 00:14:09 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/08/02 00:14:02 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/08/02 00:14:02 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/08/02 00:14:02 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/08/02 00:14:02 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/08/02 00:14:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/08/02 00:14:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/08/02 00:13:50 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/08/02 00:13:48 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/08/02 00:13:34 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/08/02 00:13:34 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/08/02 00:13:34 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/08/02 00:13:34 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/08/02 00:08:17 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/08/02 00:07:42 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/08/02 00:07:41 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

========== Files - Modified Within 30 Days ==========

[2010/08/30 17:21:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/27 08:38:53 | 002,934,479 | -H-- | M] () -- C:\Users\Dante Anthony\AppData\Local\IconCache.db
[2010/08/27 04:07:39 | 000,000,120 | ---- | M] () -- C:\Users\Dante Anthony\AppData\Local\Rzucilome.dat
[2010/08/27 04:07:39 | 000,000,000 | ---- | M] () -- C:\Users\Dante Anthony\AppData\Local\Qwopapogaxeyuva.bin
[2010/08/24 03:28:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\qfwscoup.sys
[2010/08/24 03:24:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/24 03:22:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 03:22:14 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 03:15:06 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0CEB73A9-51B8-4C90-8907-4B847E6DEC0C}.job
[2010/08/24 03:03:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3404729698-1243055473-1963908234-1001UA.job
[2010/08/24 02:10:54 | 000,061,440 | ---- | M] () -- C:\Users\Dante Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 00:24:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/23 16:03:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3404729698-1243055473-1963908234-1001Core.job
[2010/08/21 15:52:18 | 000,000,260 | -H-- | M] () -- C:\Windows\tasks\5c747769.job
[2010/08/21 15:27:24 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/21 15:27:24 | 000,598,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/21 15:27:24 | 000,101,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/21 15:22:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/21 15:22:02 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 15:22:01 | 344,481,252 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/21 14:38:35 | 063,682,677 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/21 04:03:51 | 000,002,084 | ---- | M] () -- C:\Users\Dante Anthony\Desktop\Google Chrome.lnk
[2010/08/21 04:03:51 | 000,002,046 | ---- | M] () -- C:\Users\Dante Anthony\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/20 21:07:37 | 000,000,000 | ---- | M] () -- C:\Users\Dante Anthony\AppData\Local\prvlcl.dat
[2010/08/20 20:12:54 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
[2010/08/11 16:21:11 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/10 21:28:23 | 001,767,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/10 21:07:28 | 000,000,186 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/08/07 20:31:39 | 000,026,624 | ---- | M] () -- C:\Users\Dante Anthony\Documents\govassignment8.doc
[2010/08/02 21:27:41 | 000,123,296 | ---- | M] () -- C:\Users\Dante Anthony\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/02 20:44:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/08/02 20:44:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf


========== Files Created - No Company Name ==========

[2010/08/26 23:59:08 | 000,000,120 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Local\Rzucilome.dat
[2010/08/26 23:59:08 | 000,000,000 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Local\Qwopapogaxeyuva.bin
[2010/08/10 21:07:28 | 000,000,186 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/08/07 20:31:39 | 000,026,624 | ---- | C] () -- C:\Users\Dante Anthony\Documents\govassignment8.doc
[2010/08/02 20:44:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/08/02 20:44:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/08/01 21:40:46 | 344,481,252 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/23 02:55:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\qfwscoup.sys
[2010/06/21 01:55:59 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2010/06/03 18:18:41 | 000,499,200 | ---- | C] () -- C:\Windows\System32\WZDPlay.dll
[2010/04/02 20:34:06 | 000,010,604 | -HS- | C] () -- C:\Users\Dante Anthony\AppData\Local\Wv7V1mEL4UH
[2010/01/02 01:29:27 | 000,000,197 | ---- | C] () -- C:\Windows\z56k2.ini
[2009/12/12 02:48:09 | 000,000,000 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Local\prvlcl.dat
[2009/06/26 13:14:36 | 000,051,472 | ---- | C] () -- C:\Windows\System32\drivers\mfx.sys
[2009/06/07 20:58:16 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/06/07 20:58:16 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/05/31 18:09:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/28 09:33:10 | 000,000,143 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2009/05/28 02:55:45 | 000,001,356 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Local\d3d9caps.dat
[2009/03/08 01:28:25 | 000,022,328 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Roaming\PnkBstrK.sys
[2009/02/25 23:54:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/01/01 23:54:47 | 000,870,128 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Roaming\mcs.rma
[2009/01/01 23:54:47 | 000,000,004 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Roaming\323F99
[2008/10/07 13:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 13:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 13:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 13:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 13:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 13:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 13:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 13:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 13:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 13:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/01 17:25:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/25 18:12:48 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/06/11 17:57:23 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/06/11 17:57:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/11 17:57:18 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/06/11 17:57:18 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/06/11 17:57:17 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/11 17:57:17 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/05/29 01:45:44 | 000,001,744 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Roaming\wklnhst.dat
[2008/05/29 00:45:20 | 000,061,440 | ---- | C] () -- C:\Users\Dante Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 05:22:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/21 05:22:14 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/05/20 21:47:08 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2008/05/20 21:41:03 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/05/20 21:41:02 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/05/20 21:41:02 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2007/11/27 00:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007/02/13 11:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/05/13 16:41:58 | 000,049,152 | ---- | C] () -- C:\Windows\System32\cdlock.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/07/25 18:38:43 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\acccore
[2010/03/30 01:24:37 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Acoustica
[2010/03/30 01:33:48 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Antares
[2009/12/28 21:27:53 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\AudioTuner
[2008/08/06 04:32:29 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Azureus
[2009/04/08 21:41:10 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Bump Technologies, Inc
[2009/04/14 02:53:13 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Camfrog
[2008/11/01 11:46:03 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\cmw
[2010/08/26 23:56:43 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\D21DEA5E87B234AD11F4C3370E029158
[2008/06/02 19:43:33 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\DAEMON Tools
[2010/03/27 03:08:05 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Facebook
[2008/10/30 02:05:38 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\FlashGet
[2009/09/18 01:37:30 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Flock
[2009/09/04 17:33:31 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\FreeCall
[2009/06/07 20:58:02 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\GetRightToGo
[2008/06/17 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\GlobalSCAPE
[2009/10/21 00:39:46 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\ImgBurn
[2010/06/21 09:18:54 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\ImTOO Software Studio
[2009/11/27 23:13:15 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Leadertech
[2010/08/19 03:59:35 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\LimeWire
[2009/08/07 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Logs
[2010/07/10 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\ManyCam
[2010/01/14 00:16:25 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\ooVoo Details
[2010/06/12 12:42:33 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\oovooinstaller
[2010/01/30 15:18:36 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\QQ Games Plugin
[2008/08/13 16:20:57 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\SPORE Creature Creator
[2008/07/02 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\SporeCreatureCreator
[2009/11/08 23:40:38 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Synthesia
[2009/02/03 02:22:34 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\TeamViewer
[2008/05/29 01:45:45 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Template
[2008/09/16 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\tmp
[2008/06/02 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Ubisoft
[2010/01/07 00:37:28 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\Unity
[2010/08/30 14:15:04 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\uTorrent
[2010/06/03 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\Dante Anthony\AppData\Roaming\WarZone
[2010/08/21 15:52:18 | 000,000,260 | -H-- | M] () -- C:\Windows\Tasks\5c747769.job
[2010/08/11 16:21:11 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/24 03:15:06 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0CEB73A9-51B8-4C90-8907-4B847E6DEC0C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/01/25 16:00:40 | 000,000,053 | RHS- | M] () -- C:\autorun.inf
[2009/04/11 02:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/08/11 02:34:54 | 000,033,217 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/05/21 05:22:25 | 000,005,740 | RH-- | M] () -- C:\dell.sdr
[2010/08/21 15:22:02 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/01 21:43:33 | 000,001,876 | ---- | M] () -- C:\HijackThis.lnk
[2009/05/11 18:29:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/02 20:50:44 | 000,001,957 | -H-- | M] () -- C:\IPH.PH
[2009/09/19 18:38:02 | 003,256,793 | ---- | M] () -- C:\ituneslib.itl
[2009/06/02 22:38:16 | 000,286,208 | ---- | M] () -- C:\m5nvo0by.exe
[2009/05/11 18:29:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/21 15:22:02 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys
[2009/06/03 02:12:46 | 264,759,878 | ---- | M] () -- C:\VirgieBday.avi
[2009/06/03 02:14:33 | 264,822,784 | ---- | M] () -- C:\VirgieBday.iso
[2010/07/23 03:01:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/06/19 11:59:38 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2003/06/18 20:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*

Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*

Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %PROGRAMFILES%\*.* >a
[2008/09/28 00:39:47 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

Invalid Environment Variable: %APPDATA%\Update\*.*

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

Invalid Environment Variable: %ALLUSERSPROFILE%\Start Menu\*.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

Invalid Environment Variable: %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk

Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

Invalid Environment Variable: %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

Invalid Environment Variable: %USERPROFILE%\My Documents\*.exe

Invalid Environment Variable: %USERPROFILE%\*.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

Invalid Environment Variable: %USERPROFILE%\Favorites\*.url

< %systemroot%\System32\Wbem\*.exe >
[2008/01/19 03:33:15 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\mofcomp.exe
[2008/01/19 03:33:27 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\scrcons.exe
[2009/04/11 02:28:10 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2008/01/19 03:33:35 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemtest.exe
[2008/01/19 03:33:37 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WinMgmt.exe
[2009/04/11 02:28:16 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WMIADAP.exe
[2009/04/11 02:28:16 | 000,137,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiApSrv.exe
[2008/01/19 03:33:39 | 000,625,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WMIC.exe
[2009/04/11 02:28:16 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/21 05:10:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/21 05:10:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-23 01:00:36

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Dante Anthony\Desktop\Hulk.mov:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Dante Anthony\Desktop\CribSong.wav:TOC.WMV
< End of report >
  • 0

#7
Essexboy
Posted 31 August 2010 - 11:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
AVG took out the drivers but failed to clean the registry control sets

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=44469:fix.txt]
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

ONCE REBOOTED TO NORMAL MODE

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#8
dantecantal
Posted 31 August 2010 - 12:10 PM

dantecantal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
after otlpe, when it asks for a reboot, i click reboot now but my system doesn't restart. also, when you say normal mode, does that mean my normal vista?
  • 0

#9
Essexboy
Posted 31 August 2010 - 12:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes please back to Vista if it will work
  • 0

#10
dantecantal
Posted 01 September 2010 - 11:03 PM

dantecantal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I don't think the otl log saved :/ but heres the combofix

ComboFix 10-08-31.01 - Dante Anthony 08/31/2010 12:43:45.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2195 [GMT -7:00]
Running from: c:\users\Dante Anthony\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\users\Dante Anthony\AppData\Roaming\Logs\scns.log
c:\users\Dante Anthony\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
c:\users\Dante Anthony\vty-0192.bin
c:\windows\ali.exe
c:\windows\system32\schtml
D:\autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UacFlt
-------\Service_UacFlt


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 19:54 . 2010-08-31 19:57 -------- d-----w- c:\users\Dante Anthony\AppData\Local\temp
2010-08-31 19:54 . 2010-08-31 19:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-31 19:54 . 2010-08-31 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-31 19:54 . 2010-08-31 19:54 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-08-31 17:46 . 2010-07-18 04:07 552960 ----a-r- C:\OTLPE.exe
2010-08-22 21:08 . 2010-08-22 21:08 -------- d-----w- c:\users\Dante Anthony\AppData\Local\AIM Toolbar
2010-08-22 06:03 . 2010-08-22 06:03 -------- d-----w- c:\program files\AoA Audio Extractor
2010-08-11 01:07 . 2010-08-14 00:18 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-10 19:21 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-10 19:21 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-10 19:21 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-10 19:21 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-10 19:21 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-10 19:20 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-10 19:20 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-10 19:20 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-10 19:20 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-10 19:20 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-10 19:20 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-10 19:20 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 02:30 . 2010-08-18 06:01 -------- d-----w- c:\program files\StarCraft II
2010-08-03 01:23 . 2010-08-03 01:23 -------- d-----w- c:\program files\Windows Portable Devices
2010-08-03 00:26 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-08-03 00:26 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-08-03 00:26 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-08-03 00:24 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-08-03 00:24 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-08-03 00:24 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-03 00:16 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-03 00:16 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-03 00:16 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-03 00:16 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-03 00:16 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-03 00:15 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-03 00:15 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-03 00:15 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-02 04:14 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-02 04:13 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-08-02 04:08 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-08-02 04:07 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-02 04:07 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 19:59 . 2009-11-28 20:34 -------- d-----w- c:\program files\Steam
2010-08-31 19:54 . 2008-05-21 01:29 2140 ----a-w- c:\windows\bthservsdp.dat
2010-08-31 19:53 . 2009-08-07 14:19 -------- d-----w- c:\users\Dante Anthony\AppData\Roaming\Logs
2010-08-31 19:35 . 2008-05-31 14:55 -------- d-----w- c:\users\Dante Anthony\AppData\Roaming\uTorrent
2010-08-30 18:15 . 2010-02-15 04:12 -------- d-----w- c:\program files\AIM Toolbar
2010-08-30 18:15 . 2009-06-22 05:12 -------- d-----w- c:\users\Dante Anthony\AppData\Roaming\vlc
2010-08-27 03:56 . 2010-07-23 06:46 -------- d-----w- c:\users\Dante Anthony\AppData\Roaming\D21DEA5E87B234AD11F4C3370E029158
2010-08-21 01:07 . 2009-12-12 06:48 0 ----a-w- c:\users\Dante Anthony\AppData\Local\prvlcl.dat
2010-08-19 07:59 . 2008-06-01 14:24 -------- d-----w- c:\users\Dante Anthony\AppData\Roaming\LimeWire
2010-08-11 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-08 00:32 . 2009-01-31 05:22 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-03 03:43 . 2009-12-12 19:11 -------- d-----w- c:\progra~2\Blizzard Entertainment
2010-08-03 01:27 . 2008-05-29 04:30 123296 ----a-w- c:\users\Dante Anthony\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-03 00:44 . 2010-08-03 00:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-03 00:44 . 2010-08-03 00:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-02 04:00 . 2009-11-24 00:31 -------- d-----w- c:\progra~2\avg9
2010-08-02 03:26 . 2009-10-12 23:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 02:38 . 2008-06-08 14:34 -------- d-----w- c:\progra~2\FLEXnet
2010-07-28 07:30 . 2008-12-02 01:52 -------- d-----w- c:\users\Dante Anthony\AppData\Roaming\Skype
2010-07-28 07:05 . 2008-12-02 01:54 -------- d-----w- c:\users\Dante Anthony\AppData\Roaming\skypePM
2010-07-27 23:41 . 2010-01-14 04:12 -------- d-----w- c:\program files\ooVoo
2010-07-27 17:30 . 2009-05-28 06:55 1356 ----a-w- c:\users\Dante Anthony\AppData\Local\d3d9caps.dat
2010-07-23 06:51 . 2008-05-31 14:55 -------- d-----w- c:\program files\uTorrent
2010-07-21 05:10 . 2010-07-21 05:10 -------- d-----w- c:\progra~2\Xerox
2010-07-15 17:28 . 2009-05-29 23:34 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 17:28 . 2010-07-15 17:28 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 17:28 . 2009-05-29 23:34 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 01:39 . 2010-07-11 01:39 -------- d-----w- c:\users\Dante Anthony\AppData\Roaming\ManyCam
2010-07-11 01:39 . 2010-07-11 01:38 -------- d-----w- c:\program files\ManyCam
2010-06-14 00:52 . 2010-06-14 00:52 33339 ----a-w- c:\windows\uacbuninst.exe
2010-06-12 20:23 . 2010-06-12 20:23 8854 ----a-r- c:\users\Dante Anthony\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
2010-06-12 20:23 . 2010-06-12 20:23 40960 ----a-r- c:\users\Dante Anthony\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2010-06-12 20:23 . 2010-06-12 20:23 10134 ----a-r- c:\users\Dante Anthony\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
2010-06-04 15:44 . 2009-05-29 23:34 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-03 23:06 . 2010-06-03 23:06 1403389 ----a-w- c:\users\Dante Anthony\AppData\Roaming\WarZone\WarZoneInstall.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-18 02:37 . 2008-05-21 01:48 74 --sh--r- c:\windows\CT4CET.bin
2008-12-03 14:01 . 2008-12-03 14:01 74 --sh--r- c:\windows\CT4SET.BIN
2009-08-13 10:09 . 2009-08-12 13:51 22468640 --sha-w- c:\windows\System32\drivers\fidbox.dat
2008-05-21 09:17 . 2008-05-21 09:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2009-07-16 510416]
"Google Update"="c:\users\Dante Anthony\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-24 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-26 2356088]
"Steam"="c:\program files\steam\steam.exe" [2010-08-31 1242448]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-02 289584]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2010-07-11 18707640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-28 118784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2009-05-09 1186304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f3,75,7d,98,40,e2,c9,01

R1 BrFiltLoo;BrFiltLoo;c:\windows\system32\drivers\BrFiltLoo.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-12-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-12-14 166384]
R2 SessionLauncher;SessionLauncher; [x]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-08-22 141376]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-12-14 1112560]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-06-02 717296]
S0 MFX;MFX; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-08-22 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-08-22 235616]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-16 31616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 08:04]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 08:04]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404729698-1243055473-1963908234-1001Core.job
- c:\users\Dante Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-24 21:27]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3404729698-1243055473-1963908234-1001UA.job
- c:\users\Dante Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-24 21:27]

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{0CEB73A9-51B8-4C90-8907-4B847E6DEC0C}.job
- c:\windows\system32\msfeedssync.exe [2008-09-19 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080521
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080521
uInternet Settings,ProxyOverride = *.local
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Dante Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\fb1tith0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Dante Anthony\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Dante Anthony\AppData\Local\HuluDesktop\instances\0.9.8.1\nphdplg.dll
FF - plugin: c:\users\Dante Anthony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Dante Anthony\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-sta - ivzqp.dll
AddRemove-SoftwareUpdUtility - c:\program files\Common Files\Software Update Utility\uninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3404729698-1243055473-1963908234-1001\Software\SecuROM\License information*]
"datasecu"=hex:8a,13,0b,d1,73,79,a8,c7,a8,a0,ee,8c,f2,aa,df,24,b1,8d,6e,ba,36,
15,8d,fa,f6,77,69,a9,cb,0f,5a,f4,61,b8,cd,08,e8,7c,32,1c,bc,a4,1f,0d,09,ea,\
"rkeysecu"=hex:9a,f2,a7,c0,7b,28,b8,b6,60,62,87,09,63,a7,17,84

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5340)
c:\program files\Supertintin for Skype\mcr_skype_hook0.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\STacSV.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\rundll32.exe
c:\program files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
.
Completion time: 2010-08-31 13:06:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-31 20:06
ComboFix2.txt 2009-08-11 06:34

Pre-Run: 252,451,569,664 bytes free
Post-Run: 252,246,102,016 bytes free

- - End Of File - - 41A2125C1981BF44821B0BD46C118A44
  • 0

#11
Essexboy
Posted 02 September 2010 - 11:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good - A sweep for orphans now I feel, on completion can you let me know what problems remain

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#12
Essexboy
Posted 06 September 2010 - 01:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP