Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help ---> Web Browser Redirect + No Safe Mode

Started by Senordan , Aug 30 2011 02:04 PM

  • Please log in to reply

#1
Senordan
Posted 30 August 2011 - 02:04 PM

Senordan

    New Member

  • Member
  • Pip
  • 2 posts
Hi,

I recently received an email on 8/17/2011 (~8-9am) which I stupidly clicked on the attachment (Ticket.zip) because it had said that I had received a speeding ticket from New York state. Our business's email/spam filter seems to work well for keeping most of these types of emails out of my inbox so my guard was down. Nonetheless, the malware appeared to begin to alter several attribute settings on my system before it shutdown. Our IT person ran various scans & logs through AVG, Malwarebytes, and HijackThis (outside of Safemode. Several items were intitially detected & removed and did help to improve the system response. There are currently a couple of issues remaining that I would request help resolving: web browser redirect, cannot enter safemode (it tries, but something kicks it out), and I feel like there is a slight typing delay (or maybe I'm paranoid now)...?

After reading other posts, I have ran an OTL & ComboFix scans and have attached the two log files. Please help with my next step.

Thanks,
DK

OTL logfile created on: 8/30/2011 2:33:14 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Users\DanK\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.11% Memory free
15.98 Gb Paging File | 13.92 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.63 Gb Total Space | 77.17 Gb Free Space | 32.48% Space Free | Partition Type: NTFS
Drive F: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive G: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive K: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive M: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive O: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive P: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive S: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive X: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

Computer Name: THP2010A-DANK | User Name: DanK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/30 14:32:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DanK\Desktop\OTL.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/08/02 22:33:54 | 000,449,040 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2010/04/10 14:14:59 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/08 17:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2005/10/11 15:13:38 | 000,667,648 | ---- | M] (National Instruments, Inc.) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2005/10/11 15:03:26 | 000,204,800 | ---- | M] (National Instruments, Inc.) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2005/10/11 15:00:24 | 000,053,248 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2005/10/11 15:00:22 | 000,045,056 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2005/10/10 14:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2005/10/03 22:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2005/08/25 14:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2003/05/15 20:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/02 22:33:54 | 000,449,040 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/01 09:49:39 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/22 18:42:18 | 000,673,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV:64bit: - [2010/01/14 11:58:30 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/14 11:57:24 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/12/17 10:43:50 | 000,031,136 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2009/12/17 10:43:48 | 001,039,776 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2009/12/10 13:09:16 | 000,515,872 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/12/08 09:14:26 | 006,810,728 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/11/24 16:02:28 | 002,341,224 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2009/11/20 17:43:04 | 000,373,024 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
SRV:64bit: - [2009/11/18 17:05:12 | 001,558,016 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2009/08/05 06:49:36 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/13 20:55:12 | 000,043,816 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Peachtree2011\SmartPostingService2011.exe -- (Peachtree SmartPosting 2011)
SRV - [2010/07/02 11:15:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/30 16:10:24 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/04/10 14:14:59 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/11/12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2005/10/11 15:13:38 | 000,667,648 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2005/10/11 15:03:26 | 000,204,800 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2005/10/11 15:00:24 | 000,053,248 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2005/10/11 15:00:22 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2005/10/10 14:08:32 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2005/10/03 22:52:40 | 000,005,728 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2005/09/02 14:34:40 | 000,913,408 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2005/08/25 14:43:14 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 05:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/01/14 11:58:36 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/10 22:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/20 11:41:50 | 000,479,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rpshsix64.sys -- (rpshsix64)
DRV:64bit: - [2009/10/30 17:51:16 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/10/26 15:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/22 20:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 20:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/08/05 06:49:32 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 15:57:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/19 19:44:56 | 000,319,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tifm21.sys -- (tifm21)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/31 04:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/11 11:56:10 | 000,102,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/06/04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2007/03/07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2005/06/10 10:01:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/17 11:23:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/30 13:43:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Avery Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Peachtree2011\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files (x86)\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - Startup: C:\Users\DanK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\DanK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Map Drives.lnk = C:\!Documents\!Batch\kselogon.bat ()
O4 - Startup: C:\Users\DanK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thunder-heart.com
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/16 17:12:30 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 14:32:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\DanK\Desktop\OTL.exe
[2011/08/30 14:05:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/30 13:55:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/30 12:57:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/30 12:57:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/30 12:57:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/30 12:55:57 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2011/08/30 12:53:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/30 12:52:32 | 004,190,333 | R--- | C] (Swearware) -- C:\Users\DanK\Desktop\Combo-Fix.exe
[2011/08/30 12:51:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/30 08:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/30 08:33:21 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/26 16:11:48 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\abcde.com
[2011/08/26 12:08:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/26 12:07:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/18 13:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/18 13:02:47 | 000,000,000 | ---D | C] -- C:\Users\DanK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/17 12:58:35 | 000,000,000 | ---D | C] -- C:\Users\DanK\Desktop\AntiVirus
[2011/08/17 11:24:52 | 000,000,000 | ---D | C] -- C:\Users\DanK\AppData\Roaming\AVG10
[2011/08/17 11:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/08/17 11:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/08/17 11:21:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/08/17 11:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/08/17 09:35:35 | 000,000,000 | ---D | C] -- C:\Users\DanK\AppData\Roaming\Malwarebytes
[2011/08/17 09:35:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/17 09:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/17 09:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/17 09:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/17 09:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/17 08:26:56 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/17 08:26:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/17 08:26:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/17 08:26:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/17 08:26:52 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/08/17 08:26:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/17 08:26:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/17 08:26:51 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/08/17 08:26:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/08/15 10:25:33 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/15 10:25:22 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/15 10:25:22 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/15 10:25:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/15 10:25:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/15 10:25:22 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/15 10:25:22 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/15 10:25:22 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/15 10:25:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/15 10:25:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/15 10:25:16 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/15 10:25:16 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/15 10:25:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/15 10:25:16 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/15 10:25:16 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/15 10:25:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/15 10:25:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/15 10:25:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/15 10:25:15 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/15 10:25:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/15 10:25:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/15 10:25:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/15 10:25:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/15 10:25:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/15 10:25:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/15 10:25:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/15 10:25:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/15 10:25:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/15 10:25:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/15 10:25:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/15 10:25:06 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/15 10:25:05 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/15 10:25:05 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/10/20 14:32:11 | 492,597,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXPMode_en-us.exe
[2010/10/14 13:21:42 | 000,159,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsActivationUpdate.exe
[2010/07/23 12:31:03 | 027,890,456 | ---- | C] (Avery Dennison Corporation) -- C:\Program Files\AWSetup.exe

========== Files - Modified Within 30 Days ==========

[2011/08/30 14:33:58 | 000,014,224 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 14:33:58 | 000,014,224 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/30 14:32:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\DanK\Desktop\OTL.exe
[2011/08/30 13:58:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/30 13:58:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/30 13:47:16 | 000,820,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/30 13:47:16 | 000,689,994 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/30 13:47:16 | 000,131,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/30 13:43:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/30 13:42:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/30 13:42:51 | 2138,181,631 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/30 12:52:28 | 004,190,333 | R--- | M] (Swearware) -- C:\Users\DanK\Desktop\Combo-Fix.exe
[2011/08/30 09:09:21 | 130,537,212 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/30 08:48:29 | 104,794,360 | ---- | M] () -- C:\Users\DanK\Desktop\setup_11.0.0.1245.x01_2011_08_30_11_41.exe
[2011/08/30 08:33:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/26 16:07:52 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\abcde.com
[2011/08/26 15:00:07 | 000,007,609 | ---- | M] () -- C:\Users\DanK\AppData\Local\Resmon.ResmonCfg
[2011/08/26 14:00:44 | 003,449,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/26 12:12:26 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/08/26 12:12:26 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/08/26 11:52:13 | 1419,984,401 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/18 13:02:47 | 000,002,971 | ---- | M] () -- C:\Users\DanK\Desktop\HiJackThis.lnk
[2011/08/18 12:16:23 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/18 11:59:36 | 000,001,774 | ---- | M] () -- C:\Users\DanK\Desktop\SMLIVThunderHeart.lnk
[2011/08/18 11:59:27 | 000,001,729 | ---- | M] () -- C:\Users\DanK\Desktop\TMaxI_ThunderHeart.lnk
[2011/08/18 11:58:59 | 000,001,599 | ---- | M] () -- C:\Users\DanK\Desktop\TMaxI_Tuner.lnk
[2011/08/17 13:05:04 | 000,002,102 | ---- | M] () -- C:\Users\DanK\Desktop\MDT 2009.lnk
[2011/08/17 11:23:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2011/08/17 11:23:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm

========== Files Created - No Company Name ==========

[2011/08/30 12:57:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/30 12:57:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/30 12:57:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/30 12:57:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/30 12:57:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/30 09:09:21 | 130,537,212 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/08/30 08:45:00 | 104,794,360 | ---- | C] () -- C:\Users\DanK\Desktop\setup_11.0.0.1245.x01_2011_08_30_11_41.exe
[2011/08/26 15:00:07 | 000,007,609 | ---- | C] () -- C:\Users\DanK\AppData\Local\Resmon.ResmonCfg
[2011/08/26 12:24:52 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/08/23 15:07:09 | 1419,984,401 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/18 13:02:47 | 000,002,971 | ---- | C] () -- C:\Users\DanK\Desktop\HiJackThis.lnk
[2011/08/18 12:16:23 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/18 11:59:36 | 000,001,774 | ---- | C] () -- C:\Users\DanK\Desktop\SMLIVThunderHeart.lnk
[2011/08/18 11:59:27 | 000,001,729 | ---- | C] () -- C:\Users\DanK\Desktop\TMaxI_ThunderHeart.lnk
[2011/08/18 11:58:59 | 000,001,599 | ---- | C] () -- C:\Users\DanK\Desktop\TMaxI_Tuner.lnk
[2011/08/17 13:05:04 | 000,002,102 | ---- | C] () -- C:\Users\DanK\Desktop\MDT 2009.lnk
[2011/08/17 11:23:25 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2011/02/22 11:13:06 | 000,000,000 | ---- | C] () -- C:\Windows\SOSELECT.INI
[2011/02/22 11:13:05 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\PXOFFICE.DLL
[2011/02/10 18:14:04 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2010/10/20 14:37:43 | 010,352,728 | ---- | C] () -- C:\Program Files\Windows6.1-KB958559-x64.msu
[2010/10/20 14:34:16 | 004,313,705 | ---- | C] () -- C:\Program Files\Windows6.1-KB977206-x64.msu
[2010/10/19 14:33:39 | 021,938,971 | ---- | C] () -- C:\Program Files\gcprevue.zip
[2010/10/04 16:11:11 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\mas90dlg.exe
[2010/10/04 16:11:10 | 001,402,880 | ---- | C] () -- C:\Windows\SysWow64\90wres32.dll
[2010/09/16 12:20:56 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/02 14:37:57 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/05/01 16:29:52 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/05/01 10:40:15 | 000,013,158 | ---- | C] () -- C:\Windows\SysWow64\CW16XFR.EXE
[2010/04/23 03:36:25 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010/04/23 03:36:25 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010/04/23 03:36:25 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2010/04/23 02:07:43 | 000,799,684 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/23 01:45:03 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/04/18 18:10:00 | 000,001,805 | ---- | C] () -- C:\Windows\PPAM160.INI_upg2011
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
[2007/03/21 07:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2005/09/28 16:26:34 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2005/06/10 10:00:00 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\cviUSI.dll
[2005/06/10 10:00:00 | 000,007,140 | ---- | C] () -- C:\Windows\SysWow64\drivers\cvintdrv.sys

< End of report >
ComboFix 11-08-30.02 - DanK 08/30/2011 13:04:25.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8180.5915 [GMT -5:00]
Running from: c:\users\DanK\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DanK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
c:\users\DanK\AppData\Roaming\rbap500.dll
c:\users\DanK\AppData\Roaming\RBRegEx500.dll
c:\users\DanK\videos\AutoTune Demo.exe
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\jusched.exe
c:\windows\SysWow64\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 18:34 . 2011-08-30 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-30 13:49 . 2011-08-30 13:49 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-30 13:33 . 2011-08-30 13:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-26 21:11 . 2011-08-26 21:07 1406768 ----a-w- C:\abcde.com
2011-08-26 17:08 . 2011-08-26 17:08 -------- d-----w- c:\windows\system32\SPReview
2011-08-26 17:07 . 2011-08-26 17:07 -------- d-----w- c:\windows\system32\EventProviders
2011-08-24 13:33 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 13:33 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-18 18:02 . 2011-08-18 18:02 388096 ----a-r- c:\users\DanK\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-18 18:02 . 2011-08-18 18:02 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-17 16:24 . 2011-08-17 16:24 -------- d-----w- c:\users\DanK\AppData\Roaming\AVG10
2011-08-17 16:21 . 2011-08-30 14:09 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-17 16:21 . 2011-08-17 16:24 -------- d-----w- c:\programdata\AVG10
2011-08-17 16:12 . 2011-08-17 16:24 -------- d-----w- c:\programdata\MFAData
2011-08-17 14:35 . 2011-08-17 14:35 -------- d-----w- c:\users\DanK\AppData\Roaming\Malwarebytes
2011-08-17 14:35 . 2011-07-07 00:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-17 14:35 . 2011-08-17 14:35 -------- d-----w- c:\programdata\Malwarebytes
2011-08-17 14:35 . 2011-08-18 17:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-17 14:32 . 2011-08-17 14:32 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 17:12 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-26 17:12 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-15 15:23 . 2010-09-14 14:46 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-08-15 15:23 . 2010-09-14 14:45 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-08-15 15:23 . 2010-09-14 14:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-08-15 15:23 . 2010-09-14 14:45 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-16 04:26 . 2011-08-15 15:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 03:07 . 2011-07-13 18:29 3137536 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 19:32 . 2010-10-20 19:32 492597008 ----a-w- c:\program files\WindowsXPMode_en-us.exe
2010-10-14 18:22 . 2010-10-14 18:21 159144 ----a-w- c:\program files\WindowsActivationUpdate.exe
2010-07-23 17:31 . 2010-07-23 17:31 27890456 ----a-w- c:\program files\AWSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PeachtreePrefetcher.exe"="c:\peachtree2011\PeachtreePrefetcher.exe" [2010-09-14 29480]
"ScreenPrint32"="c:\program files (x86)\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
.
c:\users\DanK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-5-2 576000]
Map Drives.lnk - c:\!documents\!Batch\kselogon.bat [2010-5-1 1254]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2010-8-13 449040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-01 1436424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R3 Peachtree SmartPosting 2011;Peachtree SmartPosting 2011;c:\peachtree2011\SmartPostingService2011.exe [2010-09-14 43816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe [2010-01-14 89600]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 buttonsvc64;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-12-17 1039776]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-12-17 31136]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 515872]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 Job Manager;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-22 673792]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 6810728]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2010-04-10 435496]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
S3 rpshsix64;Comtrol RPSHSI;c:\windows\system32\Drivers\RpshSix64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 02:13]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-05 02:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 21:02 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 21:02 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"nwiz"="nwiz.exe" [2009-12-17 1712744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-17 16414824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-12-17 95336]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-08-05 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-06 34232]
"combofix"="c:\combo-fix\CF15897.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\National Instruments\MAX\nimxs.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-08-30 14:04:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-30 19:03
.
Pre-Run: 82,346,627,072 bytes free
Post-Run: 82,784,227,328 bytes free
.
- - End Of File - - 109754ECC515CAD323B1BE12A245801F
OTL Extras logfile created on: 8/30/2011 2:33:14 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 Folder = C:\Users\DanK\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.11% Memory free
15.98 Gb Paging File | 13.92 Gb Available in Paging File | 87.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 237.63 Gb Total Space | 77.17 Gb Free Space | 32.48% Space Free | Partition Type: NTFS
Drive F: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive G: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive K: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive M: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive O: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive P: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive S: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS
Drive X: | 62.44 Gb Total Space | 25.95 Gb Free Space | 41.55% Space Free | Partition Type: NTFS

Computer Name: THP2010A-DANK | User Name: DanK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{00BCC0AD-0699-48B6-9900-3C53BBCD4DAC}" = AVG 2011
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{2001197F-7545-41F7-9078-E8D23B3BBEAF}" = 3Dconnexion Plug-In for Photoshop CS3 - CS5
"{20582CFF-0327-4F51-999A-B4AA2E587F69}" = Striker Systems DIE Professional 2009 x64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{27EB56EE-6C21-4E8E-9164-C710B7EAAF0F}" = SO64MMWrapper
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4CF60E9D-43D7-4CDA-8281-31FE244A9A54}" = Autodesk Inventor Fusion Change Manager Language Pack
"{4F1C75B7-BA64-4A0A-951B-9F284B233224}" = Striker 2010
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5783F2D7-7013-0409-0102-0060B0CE6BBA}" = Autodesk Mechanical Desktop 2009
"{5783F2D7-8028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2010
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9005-0409-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - English
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5829F1CA-A1D2-48A0-A68C-044B46658ABD}" = Dell Control Point 64
"{646101A7-4581-47A4-A924-1AC6444D8E12}" = 3Dconnexion Add-In for Inventor 11 - 2011
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A4407B6-B6AC-48B3-9FAF-4BC1D7D121D3}" = 3Dconnexion Add-In for Solid Edge V18 - ST3
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{71F2CF3C-07C9-4FB9-8B22-8BC411C2E3EE}" = AVG 2011
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 English Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{87EBE6AA-E4AA-4F3B-975C-72575C660BE7}" = Dell ControlPoint System Manager
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1C62250-6BCD-4AB8-BF27-E8B508AF5A6D}" = Striker 2010 - Sheet Metal CAD/CAM & Nesting
"{A1EA15E7-2AA0-4348-9C16-9692EE0ABBE7}" = 3Dconnexion Add-In for SolidWorks 2005 - 2011 (x64)
"{A2968346-B11C-4B08-8089-DCC909933FFE}" = Wave Infrastructure Installer
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A4B8A0C9-BA69-4405-BA61-06F9085D865E}" = 3Dconnexion Plug-In for Maya v8.5 - 2011
"{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{C4CBE331-9BFC-456B-A4D8-4E43E5EA3788}" = 3Dconnexion Add-In for AutoCAD 2007 - 2010
"{CC6BC4DD-9D4B-492B-BC7B-230314FA843A}" = 3Dconnexion 3DxWare (x64)
"{CF873529-1739-48E5-B05E-90D4C045477E}" = 3Dconnexion Plug-In for 3ds Max v9 - 2011
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DB13A32E-D83A-491F-9529-224AA7A2BD38}" = Dell ControlVault Host Components Installer 64Bit
"{DC1AF337-C863-4C51-A6E1-D5A22355624E}" = DCP64MMWrapper
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EBA285DF-EF09-4AFE-89ED-E64798BA93BB}" = Autodesk Inventor Fusion Change Manager
"{EC923EBD-A535-4D58-815B-C2DBB417E8D4}" = 3Dconnexion Plug-In for NX v3.0 - v7.5
"{ECAB5FAD-8243-4CF7-B1B5-102BA844D5C1}" = 3Dconnexion Add-On for XSI v5.0 - 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBC0A3CC-6F21-4927-B12C-745BB4BEFA49}" = 3Dconnexion Plug-In for Pro/ENGINEER WF3 - WF5
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Inventor Fusion Change Manager" = Autodesk Inventor Fusion Change Manager
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 English
"Autodesk Mechanical Desktop 2009" = Autodesk Mechanical Desktop 2009
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"DWG TrueView 2010" = DWG TrueView 2010
"DWG TrueView 2011" = DWG TrueView 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Striker 2010" = Striker 2010
"Striker 2010 Version 3" = Striker 2010 Version 3
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{067F17C1-43AD-42D4-81FB-4EE68F319391}" = NI OPC Support
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"{0B0BEF37-B327-48ED-A2E0-BF6974676294}" = NI Logos 4.6
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{123BAD3B-D119-45E2-A4B7-DECA780A9580}" = GerbTool 14.0
"{12E5279E-4828-48EC-9ED1-CD344787F50F}" = NI LabVIEW 8.0 Examples
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16850024-A6D4-41AC-905D-0D73EADCBBA0}" = NI LabVIEW 8.0 User.lib
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1910EF67-D4B8-4561-9252-4F2EFF2E17AE}" = 3Dconnexion Plug-in for Acrobat 3D
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BA611FA-A39B-4D9F-9160-B23058E79806}" = TMaxI Usb Driver
"{1CD22E87-2EAF-43E9-AB88-362B75FBEE02}" = NI LabVIEW 8.0 MeasAppChm File
"{1D51A29C-475D-43A7-A6E8-5592FF6E343D}" = NI LabVIEW 8.0 Simulation
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1E6B67FC-9686-4C71-B4CB-81768B1CB367}" = TMaxI Thunder Heart
"{1E85A47B-4150-4003-8283-8B2EB94AF5C9}" = NI-RPC 3.2.1f0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A17C05-776A-41A2-900A-ECF81DC14852}" = NI LabVIEW 8.0 iMath
"{255D87CE-1E45-4795-9731-454EF5371B02}" = NI USI 1.2.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2D7B1642-931E-47C5-9B55-A4E83A9548FD}" = NI-RPC 3.2.1f0 for Phar Lap ETS
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32117214-B9F1-4EAC-8EC3-417161EC388D}" = NI LabVIEW MAX XML
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D284BAE-C39D-4733-9E00-C2C898F9177D}" = NI License Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4960B043-C25F-4C85-B5DF-817448F4D31E}" = NI LabVIEW Deployable License 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5A4A9B77-F0D5-4DF6-9BF9-9BB96562A10D}" = NI LabVIEW 8.0 gMath
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{633A8D0D-46B4-4161-9CFD-BFBE0FF08894}" = NI LabVIEW 8.0 Menus
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66679848-5EFD-41E7-B06E-179D9ED70040}" = NI-DAQmx - LabVIEW shared documentation
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6843A9F7-92F2-4A58-A3C8-124A5FC85913}" = TMaxI Tuner
"{6895D9FB-F01B-4978-BDA4-48E23E0F7A64}" = Sage MAS 200 Workstation (C:\Program Files\MAS90\)
"{69C3FF9F-647F-4077-8BF5-750B9614C4BF}" = NI MXS 4.0
"{6AAB8068-BEB6-4CB6-958E-717EA6402467}" = 3Dconnexion Trainer
"{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
"{6E06C016-09D6-492A-8804-A6CC41224599}" = NI LabVIEW 8.0 Project
"{6EF3B8BD-7ED2-4E4E-A05F-8F5B2F285A16}" = NI LabVIEW 8.0 VI.lib
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{774892EA-B255-4ED8-9678-16578B63E6AE}" = NI LabVIEW 8.0 Help File
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A52749A-24BD-4515-A7F0-A892396B85DF}" = NI Variable Engine
"{7C11F7B1-C286-4FA0-AD3D-1FB38BAA8986}" = NI LabVIEW 8.0
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F7E92E4-A60C-4A6C-9D57-D04E577B8B20}" = NI LabVIEW 8.0 Help
"{809ABBD7-BEA4-4428-813B-FBF174C9AB06}" = Peachtree Accounting 2009
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{852252AE-F555-4BA1-B451-4E4C230D18F2}" = 3Dconnexion Extension for SketchUp
"{8601B1C8-3A99-4E70-A9AE-0F08E657D687}" = NI Logos LabVIEW 8.0 Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8769A3F3-6CD2-4C87-AEF3-F4D016EE7D56}" = NI LabVIEW 8.0 Resource
"{87C45EA9-AD01-4F41-BAED-FA34DBFDF602}" = NI LabVIEW 8.0 CINtools
"{88BBB9A9-C034-466E-BB83-8197AFD1669C}" = NI LVBrokerAux8.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BAAFEB7-7DFD-47CE-978A-2B64E66F0C32}" = NI Example Finder 8.0
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{8C271AA1-EABD-4057-84D6-302C86A95E1A}" = NI DataSocket 4.3.0
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F89A209-991C-55CA-BDF6-B615F6D4F298}" = Autodesk Inventor Fusion Technology Preview 3
"{9F89A209-991C-66CA-BDF6-B615F6D4F298}" = Autodesk Inventor Fusion Technology Preview 3 Language Pack
"{A0F8DADB-5454-477E-A2A2-5725ACE22AD2}" = NI Variable Engine LabVIEW 8.0 Support
"{A17F7304-F24C-4401-9B73-C0957C13AF14}" = NI LabVIEW 8.0 Applibs
"{A4E3E21D-E7A5-4CAC-B362-1972E0D02592}" = Sage Components
"{A5D1EA23-CEE5-4B72-A0C3-8BCEDFC6F94C}" = NI LabVIEW Run-Time Engine 8.0
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9A281C2-EF84-4EB5-8D3D-0E23DDDFC3D7}" = NI LabVIEW 8.0 WWW
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{ADF6F323-5E7A-4EE5-A86F-136A2BF5474B}" = NI Variable Manager
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8666F62-DA19-4F46-AF6E-723CF9C58EB7}" = NI LabVIEW 8.0 Manuals
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCBFC045-973F-4318-9607-B089E226AFF8}" = NI LabVIEW 8.0 Templates
"{BCD6D492-DB6C-4582-8AE3-8EE9D4EAF74A}" = NI LabVIEW Broker
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D53330AD-A8BF-44D8-A955-C28753057FA8}" = NI LabVIEW 8.0 Activity
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFC7D9F7-892A-489C-9B15-0211D63EAC44}" = NI LabVIEW 8.0 Instr.lib
"{E0597E00-34D7-4262-86E6-9778A2BBB13B}" = SmartLinkIV Thunder Heart
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3AD8913-0BF6-455C-92E3-5CDCD8C7D266}" = NI Instrument IO Assistant for LabVIEW 8.0
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7723B86-90CD-4840-A3A0-8057136C387E}" = MAS 200 Workstation
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED318768-B5F9-4102-9852-B2AAB68819B2}" = NI LabVIEW 8.0 Device Detection and Deployment Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F80E2443-811E-4864-9AC7-0C6DDBED3186}" = NI LabVIEW C Interface
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F99AFCBF-54FD-458A-98BE-A79F36A75542}" = Sage MAS 200 Workstation (C:\Sage Software\MAS 200 Client\Version4\MAS90\)
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC87D80E-5BC6-4EE8-9B09-EBA4F9C0A1C2}" = Peachtree Accounting 2011
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"Adobe AIR" = Adobe AIR
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Autodesk Inventor Fusion Technology Preview 3" = Autodesk Inventor Fusion Technology Preview 3
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CodeWright66" = CodeWright 6.6
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"Free RAR Extract Frog" = Free RAR Extract Frog
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{123BAD3B-D119-45E2-A4B7-DECA780A9580}" = GerbTool 14.0
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{1BA611FA-A39B-4D9F-9160-B23058E79806}" = TMaxI Usb Driver
"InstallShield_{1E6B67FC-9686-4C71-B4CB-81768B1CB367}" = TMaxI Thunder Heart
"InstallShield_{20582CFF-0327-4F51-999A-B4AA2E587F69}" = Striker Systems DIE Professional 2009 x64
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{6843A9F7-92F2-4A58-A3C8-124A5FC85913}" = TMaxI Tuner
"InstallShield_{A1C62250-6BCD-4AB8-BF27-E8B508AF5A6D}" = Striker 2010 - Sheet Metal CAD/CAM & Nesting
"InstallShield_{E0597E00-34D7-4262-86E6-9778A2BBB13B}" = SmartLinkIV Thunder Heart
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{FC87D80E-5BC6-4EE8-9B09-EBA4F9C0A1C2}" = Peachtree Accounting 2011
"Integration Services" = Sage Integration Services
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NI Uninstaller" = National Instruments Software
"PdaNet_is1" = PdaNet for Android 2.42
"Peachtree Premium Accounting for Manufacturing" = Peachtree Premium Accounting for Manufacturing 2009
"Pervasive PSQL v10 SP2 Workgroup (32-bit)" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"ST6UNST #1" = ScreenPrint32 v3.5
"ST6UNST #2" = Tape Pack Calculator
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/29/2011 6:00:59 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3073

Error - 8/29/2011 6:00:59 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3073

Error - 8/29/2011 7:09:37 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/29/2011 7:09:37 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4121406

Error - 8/29/2011 7:09:37 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4121406

Error - 8/29/2011 7:09:38 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/29/2011 7:09:38 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4122529

Error - 8/29/2011 7:09:38 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4122529

Error - 8/30/2011 11:24:12 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 8/30/2011 2:55:14 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x0000000000ba2fb1 Faulting process
id: 0x12c8 Faulting application start time: 0x01cc6744ac1dafbb Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: unknown Report Id: 97cdd7ec-d339-11e0-a1ed-b8ac6f59882c

[ Broadcom Wireless LAN Events ]
Error - 6/17/2011 4:37:13 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = WLAN-Tray | ID = 0
Description = 15:37:13, Fri, Jun 17, 11 Error - Unable to gain access to user store


Error - 8/15/2011 1:13:40 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = WLAN-Tray | ID = 0
Description = 12:13:40, Mon, Aug 15, 11 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 8/12/2011 5:53:55 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 4:53:55 PM - Error connecting to the internet. 4:53:55 PM - Unable
to contact server..

Error - 8/12/2011 5:54:02 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 4:54:01 PM - Error connecting to the internet. 4:54:01 PM - Unable
to contact server..

Error - 8/12/2011 6:54:07 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 5:54:07 PM - Error connecting to the internet. 5:54:07 PM - Unable
to contact server..

Error - 8/12/2011 6:54:12 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 5:54:12 PM - Error connecting to the internet. 5:54:12 PM - Unable
to contact server..

Error - 8/12/2011 7:58:05 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 6:58:05 PM - Error connecting to the internet. 6:58:05 PM - Unable
to contact server..

Error - 8/12/2011 7:58:10 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 6:58:10 PM - Error connecting to the internet. 6:58:10 PM - Unable
to contact server..

Error - 8/12/2011 8:58:15 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 7:58:15 PM - Error connecting to the internet. 7:58:15 PM - Unable
to contact server..

Error - 8/12/2011 8:58:20 PM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 7:58:20 PM - Error connecting to the internet. 7:58:20 PM - Unable
to contact server..

Error - 8/13/2011 7:27:50 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 6:27:50 AM - Error connecting to the internet. 6:27:50 AM - Unable
to contact server..

Error - 8/13/2011 7:27:55 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = MCUpdate | ID = 0
Description = 6:27:55 AM - Error connecting to the internet. 6:27:55 AM - Unable
to contact server..

[ OSession Events ]
Error - 3/31/2011 11:34:19 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 79428
seconds with 1380 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/9/2011 10:23:03 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/9/2011 10:23:03 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 6/9/2011 10:23:03 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 6/9/2011 10:23:03 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 6/9/2011 11:36:17 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Service Control Manager | ID = 7030
Description = The NI Configuration Manager service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 6/9/2011 11:38:34 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Service Control Manager | ID = 7030
Description = The NI Service Locator service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 6/9/2011 11:42:03 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain THUNDER-HEART due to the following: %%1311 This may lead to authentication
problems. Make sure that this computer is connected to the network. If the problem
persists, please contact your domain administrator. ADDITIONAL INFO If this computer
is a domain controller for the specified domain, it sets up the secure session to
the primary domain controller emulator in the specified domain. Otherwise, this
computer sets up the secure session to any domain controller in the specified domain.

Error - 6/9/2011 11:42:03 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/9/2011 11:42:03 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cvintdrv.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 6/9/2011 11:42:03 AM | Computer Name = THP2010A-DANK.thunder-heart.com | Source = Service Control Manager | ID = 7000
Description = The cvintdrv service failed to start due to the following error: %%1275


< End of report >

Attached File  OTL.Txt   105.55KB   98 downloads
Attached File  CFlog.txt   19.16KB   111 downloads

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 30 August 2011 - 02:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP
Please Copy and Paste your logs unless we tell you otherwise. They are too hard to work with as attachments. (I have fixed your initial post.)

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download aswMBR.exe ( 511KB ) to your desktop.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Double click the aswMBR.exe to run it

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
Senordan
Posted 30 August 2011 - 04:09 PM

Senordan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Ron,

Thanks for the response. Per your request, I have copied & posted the logs for Malwarebytes, TDSSKiller (notably our IT tech previously ran this), and aswMBR, respectively.

Please just let me know how you'd like me to proceed.

Thanks,
DK

--------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7615

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/30/2011 4:58:00 PM
mbam-log-2011-08-30 (16-58-00).txt

Scan type: Quick scan
Objects scanned: 186861
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------

2011/08/30 16:59:44.0847 5080 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/30 16:59:45.0120 5080 ================================================================================
2011/08/30 16:59:45.0120 5080 SystemInfo:
2011/08/30 16:59:45.0120 5080
2011/08/30 16:59:45.0120 5080 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/30 16:59:45.0120 5080 Product type: Workstation
2011/08/30 16:59:45.0120 5080 ComputerName: THP2010A-DANK
2011/08/30 16:59:45.0121 5080 UserName: DanK
2011/08/30 16:59:45.0121 5080 Windows directory: C:\Windows
2011/08/30 16:59:45.0121 5080 System windows directory: C:\Windows
2011/08/30 16:59:45.0121 5080 Running under WOW64
2011/08/30 16:59:45.0121 5080 Processor architecture: Intel x64
2011/08/30 16:59:45.0121 5080 Number of processors: 4
2011/08/30 16:59:45.0121 5080 Page size: 0x1000
2011/08/30 16:59:45.0121 5080 Boot type: Normal boot
2011/08/30 16:59:45.0121 5080 ================================================================================
2011/08/30 16:59:45.0262 5080 Initialize success
2011/08/30 17:00:19.0116 5380 ================================================================================
2011/08/30 17:00:19.0116 5380 Scan started
2011/08/30 17:00:19.0116 5380 Mode: Manual;
2011/08/30 17:00:19.0116 5380 ================================================================================
2011/08/30 17:00:19.0336 5380 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/30 17:00:19.0357 5380 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/30 17:00:19.0378 5380 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/30 17:00:19.0402 5380 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/08/30 17:00:19.0436 5380 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/30 17:00:19.0460 5380 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/30 17:00:19.0481 5380 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/30 17:00:19.0522 5380 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/30 17:00:19.0544 5380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/30 17:00:19.0567 5380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/30 17:00:19.0587 5380 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/30 17:00:19.0613 5380 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/30 17:00:19.0631 5380 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/30 17:00:19.0651 5380 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/30 17:00:19.0672 5380 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/30 17:00:19.0691 5380 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/30 17:00:19.0715 5380 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/30 17:00:19.0751 5380 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/30 17:00:19.0770 5380 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/30 17:00:19.0792 5380 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/30 17:00:19.0811 5380 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/30 17:00:19.0852 5380 AVGIDSDriver (eee718457f24f2154f23a7fad1a0cea3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/30 17:00:19.0874 5380 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/08/30 17:00:19.0895 5380 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/30 17:00:19.0921 5380 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/08/30 17:00:19.0946 5380 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/08/30 17:00:19.0969 5380 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/08/30 17:00:19.0992 5380 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/08/30 17:00:20.0024 5380 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/30 17:00:20.0050 5380 b57nd60a (93af5ccce5145aa3c2f0a41e7f65149a) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/30 17:00:20.0073 5380 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
2011/08/30 17:00:20.0124 5380 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/08/30 17:00:20.0170 5380 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/30 17:00:20.0198 5380 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/30 17:00:20.0218 5380 Blfp (e869c8c360f3705da7875327da616f11) C:\Windows\system32\DRIVERS\basp.sys
2011/08/30 17:00:20.0241 5380 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/30 17:00:20.0259 5380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/30 17:00:20.0278 5380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/30 17:00:20.0303 5380 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/30 17:00:20.0322 5380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/30 17:00:20.0340 5380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/30 17:00:20.0358 5380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/30 17:00:20.0384 5380 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/30 17:00:20.0430 5380 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/30 17:00:20.0451 5380 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/30 17:00:20.0475 5380 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/30 17:00:20.0496 5380 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/30 17:00:20.0529 5380 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/30 17:00:20.0549 5380 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/30 17:00:20.0573 5380 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/30 17:00:20.0593 5380 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/30 17:00:20.0613 5380 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/30 17:00:20.0636 5380 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/30 17:00:20.0674 5380 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/08/30 17:00:20.0702 5380 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/08/30 17:00:20.0739 5380 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
2011/08/30 17:00:20.0783 5380 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/30 17:00:20.0805 5380 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/30 17:00:20.0827 5380 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/30 17:00:20.0857 5380 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/30 17:00:20.0886 5380 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/30 17:00:20.0956 5380 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/30 17:00:21.0005 5380 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/30 17:00:21.0025 5380 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/30 17:00:21.0057 5380 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/30 17:00:21.0077 5380 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/30 17:00:21.0099 5380 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/30 17:00:21.0127 5380 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/30 17:00:21.0147 5380 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/30 17:00:21.0175 5380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/30 17:00:21.0198 5380 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/30 17:00:21.0225 5380 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/30 17:00:21.0244 5380 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/30 17:00:21.0268 5380 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/30 17:00:21.0286 5380 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/30 17:00:21.0306 5380 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/30 17:00:21.0341 5380 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/30 17:00:21.0361 5380 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/30 17:00:21.0379 5380 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/30 17:00:21.0402 5380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/30 17:00:21.0423 5380 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/30 17:00:21.0448 5380 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/08/30 17:00:21.0479 5380 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/30 17:00:21.0505 5380 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/30 17:00:21.0524 5380 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/30 17:00:21.0546 5380 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/30 17:00:21.0574 5380 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/30 17:00:21.0597 5380 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/30 17:00:21.0626 5380 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/30 17:00:21.0650 5380 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/30 17:00:21.0671 5380 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/30 17:00:21.0692 5380 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/30 17:00:21.0714 5380 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/30 17:00:21.0737 5380 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/30 17:00:21.0756 5380 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/30 17:00:21.0779 5380 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/30 17:00:21.0798 5380 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/30 17:00:21.0822 5380 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/30 17:00:21.0841 5380 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/30 17:00:21.0860 5380 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/30 17:00:21.0884 5380 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/30 17:00:21.0904 5380 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/30 17:00:21.0922 5380 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/30 17:00:21.0968 5380 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/30 17:00:21.0999 5380 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/30 17:00:22.0020 5380 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/30 17:00:22.0041 5380 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/30 17:00:22.0063 5380 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/30 17:00:22.0083 5380 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/30 17:00:22.0104 5380 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/30 17:00:22.0127 5380 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/30 17:00:22.0150 5380 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/30 17:00:22.0177 5380 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/30 17:00:22.0196 5380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/30 17:00:22.0215 5380 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/30 17:00:22.0235 5380 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/30 17:00:22.0254 5380 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/30 17:00:22.0274 5380 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/30 17:00:22.0293 5380 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/30 17:00:22.0317 5380 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/30 17:00:22.0336 5380 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/30 17:00:22.0357 5380 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/30 17:00:22.0377 5380 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/30 17:00:22.0395 5380 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/30 17:00:22.0415 5380 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/30 17:00:22.0445 5380 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/30 17:00:22.0469 5380 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/30 17:00:22.0488 5380 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/30 17:00:22.0515 5380 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/30 17:00:22.0535 5380 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/30 17:00:22.0555 5380 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/30 17:00:22.0578 5380 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/30 17:00:22.0599 5380 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/30 17:00:22.0626 5380 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/30 17:00:22.0646 5380 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/30 17:00:22.0666 5380 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/30 17:00:22.0695 5380 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/30 17:00:22.0723 5380 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/30 17:00:22.0744 5380 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/30 17:00:22.0764 5380 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/30 17:00:22.0783 5380 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/30 17:00:22.0804 5380 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/30 17:00:22.0822 5380 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/30 17:00:22.0842 5380 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/30 17:00:22.0865 5380 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/30 17:00:22.0901 5380 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/30 17:00:22.0938 5380 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/30 17:00:22.0961 5380 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/30 17:00:23.0000 5380 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/30 17:00:23.0024 5380 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/30 17:00:23.0181 5380 nvlddmkm (46ecbaef31ea17cfe1cd20d9bf75c6bd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/30 17:00:23.0250 5380 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/30 17:00:23.0270 5380 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/30 17:00:23.0294 5380 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/30 17:00:23.0317 5380 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/30 17:00:23.0353 5380 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/30 17:00:23.0372 5380 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/30 17:00:23.0394 5380 PBADRV (363b3f857abee85767e01e3044c539cd) C:\Windows\system32\DRIVERS\PBADRV.sys
2011/08/30 17:00:23.0421 5380 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/30 17:00:23.0438 5380 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/30 17:00:23.0460 5380 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/30 17:00:23.0478 5380 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/30 17:00:23.0507 5380 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/30 17:00:23.0558 5380 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\Windows\system32\DRIVERS\pnetmdm64.sys
2011/08/30 17:00:23.0598 5380 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/30 17:00:23.0618 5380 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/30 17:00:23.0646 5380 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/30 17:00:24.0312 5380 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/08/30 17:00:24.0347 5380 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/30 17:00:24.0373 5380 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/30 17:00:24.0397 5380 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/30 17:00:24.0416 5380 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/30 17:00:24.0439 5380 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/30 17:00:24.0464 5380 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/30 17:00:24.0488 5380 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/30 17:00:24.0511 5380 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/30 17:00:24.0535 5380 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/30 17:00:24.0555 5380 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/30 17:00:24.0576 5380 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/30 17:00:24.0602 5380 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/08/30 17:00:24.0625 5380 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/30 17:00:24.0649 5380 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/30 17:00:24.0676 5380 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/08/30 17:00:24.0698 5380 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/30 17:00:24.0724 5380 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/30 17:00:24.0753 5380 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/30 17:00:24.0792 5380 rpshsix64 (8bcc129863d4e250257191c49db1735b) C:\Windows\system32\Drivers\RpshSix64.sys
2011/08/30 17:00:24.0816 5380 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/30 17:00:24.0836 5380 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/08/30 17:00:24.0860 5380 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/30 17:00:24.0883 5380 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/30 17:00:24.0912 5380 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/08/30 17:00:24.0939 5380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/30 17:00:24.0973 5380 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/30 17:00:24.0993 5380 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/30 17:00:25.0012 5380 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/30 17:00:25.0046 5380 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/30 17:00:25.0065 5380 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/30 17:00:25.0085 5380 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/30 17:00:25.0105 5380 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/30 17:00:25.0133 5380 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/30 17:00:25.0154 5380 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/30 17:00:25.0175 5380 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/30 17:00:25.0211 5380 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/30 17:00:25.0253 5380 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/30 17:00:25.0278 5380 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/30 17:00:25.0300 5380 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/30 17:00:25.0331 5380 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/30 17:00:25.0356 5380 STHDA (04906a6b1dd17d38795e28af4f4392f9) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/08/30 17:00:25.0385 5380 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/30 17:00:25.0404 5380 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/08/30 17:00:25.0425 5380 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/30 17:00:25.0474 5380 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/30 17:00:25.0527 5380 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/30 17:00:25.0580 5380 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/30 17:00:25.0608 5380 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/30 17:00:25.0643 5380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/30 17:00:25.0663 5380 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/30 17:00:25.0683 5380 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/30 17:00:25.0703 5380 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/30 17:00:25.0738 5380 tifm21 (8a76949e0f461fddc147491b0c5b28c3) C:\Windows\system32\drivers\tifm21.sys
2011/08/30 17:00:25.0770 5380 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/30 17:00:25.0790 5380 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/30 17:00:25.0828 5380 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/30 17:00:25.0848 5380 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/30 17:00:25.0870 5380 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/30 17:00:25.0902 5380 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/30 17:00:25.0922 5380 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/30 17:00:25.0941 5380 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/30 17:00:25.0968 5380 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2011/08/30 17:00:25.0988 5380 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/30 17:00:26.0008 5380 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/30 17:00:26.0027 5380 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/30 17:00:26.0051 5380 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/30 17:00:26.0071 5380 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/08/30 17:00:26.0092 5380 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/30 17:00:26.0112 5380 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/30 17:00:26.0131 5380 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
2011/08/30 17:00:26.0152 5380 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/30 17:00:26.0171 5380 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/08/30 17:00:26.0193 5380 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/30 17:00:26.0219 5380 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/30 17:00:26.0243 5380 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/30 17:00:26.0262 5380 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/30 17:00:26.0301 5380 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/30 17:00:26.0321 5380 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/30 17:00:26.0345 5380 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/08/30 17:00:26.0363 5380 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/30 17:00:26.0382 5380 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/30 17:00:26.0405 5380 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/30 17:00:26.0428 5380 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/30 17:00:26.0450 5380 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/08/30 17:00:26.0472 5380 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/08/30 17:00:26.0495 5380 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/30 17:00:26.0518 5380 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/30 17:00:26.0537 5380 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/30 17:00:26.0557 5380 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/30 17:00:26.0585 5380 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/30 17:00:26.0607 5380 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/30 17:00:26.0619 5380 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/30 17:00:26.0658 5380 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/30 17:00:26.0684 5380 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/30 17:00:26.0734 5380 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/30 17:00:26.0754 5380 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/30 17:00:26.0803 5380 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.sys
2011/08/30 17:00:26.0830 5380 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/30 17:00:26.0870 5380 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/30 17:00:26.0906 5380 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/30 17:00:26.0927 5380 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\drivers\WUDFRd.sys
2011/08/30 17:00:26.0963 5380 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/30 17:00:26.0975 5380 Boot (0x1200) (3f5e684643c5b29b735677530d0f6bb0) \Device\Harddisk0\DR0\Partition0
2011/08/30 17:00:26.0986 5380 Boot (0x1200) (c567eca0dbb209c83f72f62f190f14d2) \Device\Harddisk0\DR0\Partition1
2011/08/30 17:00:26.0993 5380 ================================================================================
2011/08/30 17:00:26.0993 5380 Scan finished
2011/08/30 17:00:26.0993 5380 ================================================================================
2011/08/30 17:00:27.0001 3576 Detected object count: 0
2011/08/30 17:00:27.0001 3576 Actual detected object count: 0
2011/08/30 17:00:51.0783 6028 Deinitialize success

--------------------------------------------------------------------------------------------

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-30 17:01:54
-----------------------------
17:01:54.183 OS Version: Windows x64 6.1.7601 Service Pack 1
17:01:54.183 Number of processors: 4 586 0x2502
17:01:54.184 ComputerName: THP2010A-DANK UserName: DanK
17:01:54.842 Initialize success
17:02:30.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:02:30.714 Disk 0 Vendor: SAMSUNG_ VBM2 Size: 244198MB BusType: 8
17:02:30.718 Disk 0 MBR read successfully
17:02:30.720 Disk 0 MBR scan
17:02:30.722 Disk 0 [email protected] code has been found
17:02:30.724 Disk 0 Windows 7 default MBR code found via API
17:02:30.726 Disk 0 MBR hidden
17:02:30.729 Disk 0 MBR [TDL4] **ROOTKIT**
17:02:30.732 Scan finished successfully
17:02:43.031 Disk 0 MBR has been saved successfully to "C:\Users\DanK\Desktop\MBR.dat"
17:02:43.032 The log file has been saved successfully to "C:\Users\DanK\Desktop\aswMBR.txt"
  • 0

#4
RKinner
Posted 30 August 2011 - 05:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,483 posts
  • MVP
aswMBR found what it calls a TDL4 rootkit. Was its FIX button (not the Fix MBR button) enabled? It usually is in this case. Run the aswMBR scan as before and if the Fix button is enabled then press it. Post the new log it creates.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP