Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Zeroaccess help plz >(((

Started by paragon81 , Mar 25 2012 12:28 PM

This topic is locked

102 replies to this topic

#1 paragon81

Member

Members
70 posts

Posted 25 March 2012 - 12:28 PM

I recently seemed to acquire the zeroaccess trojan among a few others I think and started doing research on how to fix the problem. I started with mwb, which found nothing and avg, which caused a system crash everytime I installed, had to do a sys restore to gain access to windows again. I thought I had some luck when I found avira which found a few problems but was unable to remove them.

C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\U\80000004.@

I found a topic that seemed to be my exact problem and proceeded to follow the removal instructions which led me to enter the "repair my computer" option on boot up and run the bootrec.exe /fixmbr and /fixboot. That is as far as I got. I was supposed to go back into windows and run a script through combofix but all I get now when I restart all get is a blue screen with "this application has failed to start because consrv was not found." I have tryed FRST64 and am including the log of that but when I attempt to fix in frst64 it says that the fix.txt is not available.

Any assistance with this would be greatly appreciated

J

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 25-03-2012 11:48:43
Running from I:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [443904 2008-09-17] (IDT, Inc.)
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] [x]
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent [x]
HKLM\...\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [136600 2010-06-20] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [258512 2012-01-31] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Eros\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2006-11-02] (Microsoft Corporation)
HKU\Eros\...\Run: [Facebook Update] "C:\Users\Eros\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2011-09-29] (Facebook Inc.)
HKU\Eros\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation)
HKU\RA Media Server\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-01-31] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-01-31] (Avira Operations GmbH & Co. KG)
2 Ati External Event Utility; C:\Windows\System32\Ati2evxx.exe [881664 2008-07-24] (ATI Technologies Inc.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2010-09-21] (Macrovision Europe Ltd.)
2 gupdate1c9d70e4f573805; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-05-17] (Google Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 p2psvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-04-06] ()
3 PNRPAutoReg; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
4 RoxLiveShare10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [309744 2008-05-14] (Sonic Solutions)
4 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1120752 2008-05-14] (Sonic Solutions)
4 RoxWatch10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [166384 2008-05-14] (Sonic Solutions)
2 SCardSvr; C:\Windows\SysWow64\SCardSvr.dll [95232 2009-04-10] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe [246272 2008-09-17] (IDT, Inc.)
2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
2 transactional; C:\Windows\System32\svchost.exe -k netsvcs [27648 2008-01-20] (Microsoft Corporation)
2 transactional; C:\Windows\SysWow64\svchost.exe -k netsvcs [21504 2008-01-20] (Microsoft Corporation)
3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [27648 2008-01-20] (Microsoft Corporation)
3 usprserv; C:\Windows\SysWow64\svchost.exe -k netsvcs [21504 2008-01-20] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 IFPUSB; C:\Windows\System32\FETNDIS.dll [x]
2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]
2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
3 RTPatch File Service; C:\Program Files (x86)\Synthetic Realms\LOKI2\rtpio.exe [x]
2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [97312 2012-01-31] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132320 2012-01-31] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33344 2009-05-26] (LogMeIn, Inc.)
3 LHidFilt; C:\Windows\System32\Drivers\LHidFilt.sys [66840 2011-09-01] (Logitech, Inc.)
3 LMouFilt; C:\Windows\System32\Drivers\LMouFilt.sys [60696 2011-09-01] (Logitech, Inc.)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [9527680 2008-01-08] (NVIDIA Corporation)
3 OA002Afx; C:\Windows\System32\Drivers\OA002Afx.sys [219544 2007-06-08] (Creative Technology Ltd.)
3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [4310528 2008-07-24] (ATI Technologies Inc.)
3 RLDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\livecamv.sys [49664 2007-02-05] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-06-13] (Duplex Secure Ltd.)
3 USBCCID; C:\Windows\System32\Drivers\USBCCID.sys [38400 2009-04-10] (Microsoft Corporation)
3 dump_wmimmc; \??\C:\AeriaGames\Shaiya\GameGuard\dump_wmimmc.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: transactional
NETSVC: IFPUSB
NETSVCx32: Themes

============ One Month Created Files and Folders ==============

2012-03-25 11:41 - 2012-03-25 11:42 - 0000000 ____D C:\FRST
2012-03-25 07:09 - 2012-03-25 07:09 - 0000000 ____D C:\avrescue
2012-03-25 07:04 - 2012-03-25 07:04 - 4443082 ____A (Swearware) C:\Users\Eros\Desktop\ComboFix.exe
2012-03-24 20:24 - 2012-03-24 20:24 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Avira
2012-03-24 19:56 - 2012-03-24 19:56 - 0001903 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-03-24 19:56 - 2012-03-24 19:56 - 0000000 ____D C:\ProgramData\Avira
2012-03-24 19:56 - 2012-03-24 19:56 - 0000000 ____D C:\Program Files (x86)\Avira
2012-03-24 19:56 - 2012-01-31 05:57 - 0132320 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-03-24 19:56 - 2012-01-31 05:57 - 0097312 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-03-24 19:56 - 2011-09-16 13:09 - 0027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-03-24 19:40 - 2012-03-24 19:40 - 0002180 ____A C:\Users\Public\Desktop\Mass Effect 3.lnk
2012-03-24 18:50 - 2012-03-24 18:55 - 87031672 ____A C:\Users\Eros\Downloads\avira_free_antivirus_en.exe
2012-03-24 16:14 - 2012-03-24 16:14 - 0000000 ____D C:\Program Files (x86)\EA Games
2012-03-24 15:28 - 2012-03-25 08:33 - 4225609728 __ASH C:\hiberfil.sys
2012-03-24 12:20 - 2012-03-24 12:20 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-24 12:13 - 2012-03-24 13:26 - 0121290 ____A C:\TDSSKiller.2.7.22.0_24.03.2012_15.13.56_log.txt
2012-03-24 06:57 - 2012-03-24 21:16 - 0000000 ____D C:\Users\Eros\{d13d7e28-36fa-4bc4-b7e6-7fdc76617f55}
2012-03-24 06:52 - 2012-03-24 06:52 - 0000000 ____D C:\Program Files\Motorola Inc
2012-03-24 06:52 - 2012-03-24 06:52 - 0000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-03-24 06:52 - 2012-03-24 06:52 - 0000000 ____D C:\Program Files (x86)\Motorola
2012-03-24 06:50 - 2012-03-24 06:50 - 0012017 ____A C:\Users\Eros\Desktop\MAIL.mp3
2012-03-23 20:11 - 2012-03-23 20:26 - 0000000 ____D C:\Users\Public\photography
2012-03-22 18:01 - 2012-03-05 17:04 - 209687566 ____A C:\Users\Public\Breaking Bad (S04E13) - Face Off [BoB].mkv
2012-03-22 17:54 - 2012-03-22 17:54 - 0000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-22 17:54 - 2012-03-22 17:54 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Malwarebytes
2012-03-22 17:54 - 2012-03-22 17:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-22 17:54 - 2012-03-22 17:54 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-22 17:54 - 2011-12-10 12:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-22 17:50 - 2012-03-22 17:50 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Eros\Downloads\mbam-setup-1.60.1.1000.exe
2012-03-22 17:19 - 2012-03-22 17:19 - 0066896 ____A (Malwarebytes Corporation) C:\Users\Eros\Downloads\mbam-clean.exe
2012-03-22 17:16 - 2012-03-22 17:18 - 7125992 ____A (Malwarebytes Corporation ) C:\Users\Eros\Downloads\mbam-rules.exe
2012-03-21 17:00 - 2012-03-21 17:00 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware(40)
2012-03-21 16:57 - 2012-03-21 17:02 - 0000000 ____D C:\Program Files (x86)\PowerArchiver(78)
2012-03-21 16:57 - 2012-03-21 16:57 - 0000000 ____D C:\Program Files (x86)\PatchBeam
2012-03-21 16:18 - 2012-03-21 16:18 - 0029475 ____A C:\Users\Eros\Downloads\_-Demonoid.me-_The_Devil_Inside_2012_RMVB_www_everything_center_com.torrent
2012-03-20 20:20 - 2012-03-20 22:09 - 0000000 ____D C:\Users\Eros\Downloads\Mass_Effect_3_Repack_LeChuck
2012-03-20 17:03 - 2012-03-20 17:03 - 0000000 ___HD C:\$AVG
2012-03-20 16:46 - 2012-03-20 16:46 - 1747541 ____A C:\Users\Eros\Downloads\PetesMotorolaRootTools_v1.07.zip
2012-03-20 16:39 - 2012-03-20 17:16 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-20 16:39 - 2012-03-20 16:49 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-20 16:14 - 2012-03-24 17:46 - 0000000 ____D C:\ProgramData\AVG2012
2012-03-20 16:12 - 2012-03-20 16:12 - 0000000 ____D C:\Program Files (x86)\AVG
2012-03-20 16:08 - 2012-03-24 17:59 - 0000000 ____D C:\ProgramData\MFAData
2012-03-13 18:32 - 2012-03-13 19:03 - 0000000 ____D C:\Users\Eros\Downloads\PC_Mass.Effect.3.Rip.-TPTB
2012-03-13 18:29 - 2012-03-13 18:44 - 0000000 ____D C:\Users\Eros\Downloads\In Time (2011) DVDRip XviD-MAXSPEED
2012-03-13 15:55 - 2012-02-02 07:34 - 2765824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 15:55 - 2012-01-09 08:16 - 0708096 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2012-03-13 15:55 - 2012-01-09 07:54 - 0613376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2012-03-13 15:55 - 2012-01-09 06:27 - 0209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-11 11:14 - 2012-03-24 20:19 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-11 11:13 - 2012-03-11 11:13 - 0000000 ____D C:\Windows\system64
2012-03-11 11:13 - 2012-03-11 11:13 - 0000000 ____A C:\Users\Eros\AppData\Roaming\tkcsi.txt
2012-03-06 04:26 - 2012-03-06 05:30 - 0000000 ____D C:\Users\Eros\Downloads\Pink Floyd
2012-03-05 16:23 - 2012-03-05 17:31 - 0000000 ____D C:\Users\Eros\Downloads\Dexter_Season_6_Complete
2012-03-05 16:19 - 2012-03-05 16:46 - 0000000 ____D C:\Users\Eros\Downloads\Breaking Bad - Season 4 (Complete) [BoB]
2012-03-02 15:49 - 2012-03-22 06:32 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-29 14:30 - 2012-02-29 14:31 - 0000000 ____D C:\Users\Eros\Desktop\1099 and w2 for mandy
2012-02-27 19:47 - 2012-02-27 19:47 - 1159581 ____A C:\Users\Eros\Downloads\02-22-2012.pdf
2012-02-27 19:46 - 2012-02-27 19:46 - 0840849 ____A C:\Users\Eros\Downloads\01-24-2012.pdf
2012-02-25 20:10 - 2012-02-25 20:10 - 0000176 ____A C:\Users\Eros\Desktop\shipping quote.rtf
2012-02-25 19:48 - 2012-02-25 19:48 - 0000976 ____A C:\Users\Public\Desktop\Call of Duty Modern Warfare 3.lnk
2012-02-25 17:42 - 2012-03-22 06:32 - 0000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare 3

============ 3 Months Modified Files and Folders =============

2012-03-25 11:42 - 2012-03-25 11:41 - 0000000 ____D C:\FRST
2012-03-25 08:33 - 2012-03-24 15:28 - 4225609728 __ASH C:\hiberfil.sys
2012-03-25 07:09 - 2012-03-25 07:09 - 0000000 ____D C:\avrescue
2012-03-25 07:09 - 2008-12-09 14:29 - 0003499 ____A C:\Windows\bthservsdp.dat
2012-03-25 07:09 - 2008-12-09 14:28 - 1455731 ____A C:\Windows\WindowsUpdate.log
2012-03-25 07:09 - 2006-11-02 07:42 - 0032606 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-25 07:09 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-25 07:09 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-25 07:09 - 2006-11-02 07:22 - 0003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-25 07:04 - 2012-03-25 07:04 - 4443082 ____A (Swearware) C:\Users\Eros\Desktop\ComboFix.exe
2012-03-25 07:00 - 2009-06-30 13:36 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-25 05:09 - 2011-09-29 20:04 - 0000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2197349822-3307547253-2433129536-1000UA.job
2012-03-24 23:31 - 2008-12-13 16:28 - 0000416 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{9A29B295-8A51-411A-BC60-9A442E201868}.job
2012-03-24 21:16 - 2012-03-24 06:57 - 0000000 ____D C:\Users\Eros\{d13d7e28-36fa-4bc4-b7e6-7fdc76617f55}
2012-03-24 21:16 - 2011-12-31 20:37 - 0000000 ____D C:\Users\Public\Image-Line.FL.Studio.Edition.v10.0.0 @vAin4us
2012-03-24 21:16 - 2011-12-10 10:11 - 0000000 ____D C:\users\Mcx1
2012-03-24 21:16 - 2009-02-21 10:31 - 0000000 ____D C:\users\RA Media Server
2012-03-24 21:16 - 2008-12-17 19:25 - 0000000 ____D C:\Users\Eros\AppData\Roaming\vlc
2012-03-24 21:16 - 2008-12-14 09:03 - 0000000 ____D C:\Users\Eros\AppData\Roaming\BitTorrent
2012-03-24 21:16 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool
2012-03-24 21:16 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc
2012-03-24 21:16 - 2006-11-02 05:33 - 0000000 ___RD C:\users\Public
2012-03-24 21:16 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration
2012-03-24 21:16 - 2006-11-02 04:33 - 84672512 ____A C:\Windows\System32\config\software_previous
2012-03-24 21:16 - 2006-11-02 04:33 - 26738688 ____A C:\Windows\System32\config\system_previous
2012-03-24 21:09 - 2006-11-02 04:33 - 52953088 ____A C:\Windows\System32\config\components_previous
2012-03-24 21:09 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-03-24 20:24 - 2012-03-24 20:24 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Avira
2012-03-24 20:23 - 2006-11-02 04:46 - 0006416 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-24 20:19 - 2012-03-11 11:14 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-24 20:17 - 2009-06-30 13:36 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-24 20:17 - 2009-01-08 19:33 - 0000000 ____D C:\ProgramData\NVIDIA
2012-03-24 20:17 - 2008-01-20 19:26 - 0407406 ____A C:\Windows\PFRO.log
2012-03-24 19:56 - 2012-03-24 19:56 - 0001903 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-03-24 19:56 - 2012-03-24 19:56 - 0000000 ____D C:\ProgramData\Avira
2012-03-24 19:56 - 2012-03-24 19:56 - 0000000 ____D C:\Program Files (x86)\Avira
2012-03-24 19:40 - 2012-03-24 19:40 - 0002180 ____A C:\Users\Public\Desktop\Mass Effect 3.lnk
2012-03-24 18:55 - 2012-03-24 18:50 - 87031672 ____A C:\Users\Eros\Downloads\avira_free_antivirus_en.exe
2012-03-24 18:41 - 2009-05-24 18:28 - 0000000 ____D C:\Program Files (x86)\Steam
2012-03-24 18:33 - 2012-01-01 10:46 - 0000000 ____D C:\users\UpdatusUser
2012-03-24 18:30 - 2008-12-13 15:00 - 0000000 ____D C:\users\Eros
2012-03-24 18:30 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-24 18:07 - 2006-11-02 04:33 - 0524288 ____A C:\Windows\System32\config\default_previous
2012-03-24 18:07 - 2006-11-02 04:33 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-03-24 17:59 - 2012-03-20 16:08 - 0000000 ____D C:\ProgramData\MFAData
2012-03-24 17:46 - 2012-03-20 16:14 - 0000000 ____D C:\ProgramData\AVG2012
2012-03-24 16:14 - 2012-03-24 16:14 - 0000000 ____D C:\Program Files (x86)\EA Games
2012-03-24 13:26 - 2012-03-24 12:13 - 0121290 ____A C:\TDSSKiller.2.7.22.0_24.03.2012_15.13.56_log.txt
2012-03-24 12:20 - 2012-03-24 12:20 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-24 12:14 - 2011-12-17 09:07 - 0000000 ____D C:\Program Files (x86)\PS3 Media Server
2012-03-24 11:28 - 2009-01-08 19:11 - 0000732 ____A C:\Users\Eros\AppData\Local\d3d9caps64.dat
2012-03-24 06:55 - 2006-11-02 07:27 - 0190238 ____A C:\Windows\setupact.log
2012-03-24 06:52 - 2012-03-24 06:52 - 0000000 ____D C:\Program Files\Motorola Inc
2012-03-24 06:52 - 2012-03-24 06:52 - 0000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-03-24 06:52 - 2012-03-24 06:52 - 0000000 ____D C:\Program Files (x86)\Motorola
2012-03-24 06:50 - 2012-03-24 06:50 - 0012017 ____A C:\Users\Eros\Desktop\MAIL.mp3
2012-03-23 20:50 - 2011-11-06 07:39 - 0000000 ____D C:\Users\Public\2011-11-06 michelle
2012-03-23 20:43 - 2011-11-18 07:29 - 0000000 ____D C:\Users\Public\2011-11-18 jess
2012-03-23 20:28 - 2011-11-19 14:21 - 0000000 ____D C:\Users\Public\2011-11-19 steph
2012-03-23 20:26 - 2012-03-23 20:11 - 0000000 ____D C:\Users\Public\photography
2012-03-23 20:12 - 2011-12-17 09:25 - 0000000 ____D C:\Users\Eros\Desktop\mandys pix
2012-03-23 20:09 - 2011-09-29 20:04 - 0000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2197349822-3307547253-2433129536-1000Core.job
2012-03-22 17:55 - 2010-02-09 19:08 - 0000000 ____D C:\Program Files (x86)\PowerArchiver
2012-03-22 17:54 - 2012-03-22 17:54 - 0000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-03-22 17:54 - 2012-03-22 17:54 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Malwarebytes
2012-03-22 17:54 - 2012-03-22 17:54 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-22 17:54 - 2012-03-22 17:54 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-22 17:50 - 2012-03-22 17:50 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Eros\Downloads\mbam-setup-1.60.1.1000.exe
2012-03-22 17:19 - 2012-03-22 17:19 - 0066896 ____A (Malwarebytes Corporation) C:\Users\Eros\Downloads\mbam-clean.exe
2012-03-22 17:18 - 2012-03-22 17:16 - 7125992 ____A (Malwarebytes Corporation ) C:\Users\Eros\Downloads\mbam-rules.exe
2012-03-22 06:33 - 2011-12-18 09:15 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-22 06:33 - 2011-12-09 08:43 - 0000000 ____D C:\Program Files\Bonjour
2012-03-22 06:33 - 2008-12-31 20:15 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-03-22 06:33 - 2008-12-17 19:11 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-03-22 06:33 - 2008-12-14 12:38 - 0000000 ____D C:\Program Files (x86)\PowerISO
2012-03-22 06:33 - 2008-12-14 09:46 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-03-22 06:33 - 2008-12-09 20:47 - 0000000 ____D C:\Program Files (x86)\XPSMiniViewGadget
2012-03-22 06:32 - 2012-03-02 15:49 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-22 06:32 - 2012-02-25 17:42 - 0000000 ____D C:\Program Files (x86)\Call of Duty Modern Warfare 3
2012-03-22 06:32 - 2012-02-19 15:31 - 0000000 ____D C:\ProgramData\Rockstar Games
2012-03-22 06:32 - 2012-02-19 15:29 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-03-22 06:32 - 2012-02-13 15:45 - 0000000 ____D C:\Users\Eros\Downloads\Call.of.Duty.MW3-Black_Box
2012-03-22 06:32 - 2012-01-21 08:25 - 0000000 ____D C:\Users\Eros\Desktop\checkout.aspx_files
2012-03-22 06:32 - 2012-01-01 10:46 - 0000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2012-03-22 06:32 - 2012-01-01 10:46 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-03-22 06:32 - 2012-01-01 10:40 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-03-22 06:32 - 2012-01-01 09:18 - 0000000 ____D C:\Program Files (x86)\Rage
2012-03-22 06:32 - 2011-12-31 20:40 - 0000000 ____D C:\Program Files (x86)\Outsim
2012-03-22 06:32 - 2011-12-31 20:40 - 0000000 ____D C:\Program Files (x86)\Image-Line
2012-03-22 06:32 - 2011-12-31 20:34 - 0000000 ____D C:\Program Files (x86)\Fruity Loops
2012-03-22 06:32 - 2011-12-27 17:31 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-22 06:32 - 2011-12-18 09:15 - 0000000 ____D C:\Program Files\iTunes
2012-03-22 06:32 - 2011-12-18 09:15 - 0000000 ____D C:\Program Files\iPod
2012-03-22 06:32 - 2011-12-17 09:01 - 0000000 ____D C:\Program Files\McAfee
2012-03-22 06:32 - 2011-12-17 09:01 - 0000000 ____D C:\Program Files\Common Files\McAfee
2012-03-22 06:32 - 2011-12-17 07:54 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-03-22 06:32 - 2011-12-14 07:03 - 0000000 ____D C:\ProgramData\McAfee
2012-03-22 06:32 - 2011-12-10 10:11 - 0000000 ____D C:\Users\Mcx1\AppData\Roaming\Macromedia
2012-03-22 06:32 - 2011-12-09 09:00 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2012-03-22 06:32 - 2011-12-09 08:51 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-03-22 06:32 - 2011-12-09 08:26 - 0000000 ____D C:\Users\Eros\AppData\Roaming\McAfee
2012-03-22 06:32 - 2011-10-13 09:36 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-22 06:32 - 2011-09-29 20:04 - 0000000 ____D C:\Users\Eros\AppData\Local\Facebook
2012-03-22 06:32 - 2011-09-26 07:33 - 0000000 ____D C:\Users\Eros\Downloads\Portishead
2012-03-22 06:32 - 2011-09-09 17:59 - 0000000 ____D C:\Program Files\Google
2012-03-22 06:32 - 2011-09-07 09:40 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-03-22 06:32 - 2011-06-17 12:51 - 0000000 ____D C:\Program Files (x86)\THQ
2012-03-22 06:32 - 2011-05-28 09:26 - 0000000 ____D C:\ProgramData\Easybits GO
2012-03-22 06:32 - 2011-04-21 18:50 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Skype
2012-03-22 06:32 - 2011-04-21 18:49 - 0000000 ____D C:\ProgramData\Skype
2012-03-22 06:32 - 2011-04-13 10:12 - 0000000 ____D C:\Program Files (x86)\epson
2012-03-22 06:32 - 2011-04-11 08:54 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-03-22 06:32 - 2011-04-06 17:55 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Ubisoft
2012-03-22 06:32 - 2011-04-06 17:34 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2012-03-22 06:32 - 2011-03-26 09:08 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-03-22 06:32 - 2011-03-19 19:14 - 0000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2012-03-22 06:32 - 2010-08-04 16:02 - 0000000 ____D C:\ProgramData\EPSON
2012-03-22 06:32 - 2010-08-02 19:04 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Creative
2012-03-22 06:32 - 2010-08-02 18:54 - 0000000 ____D C:\Program Files (x86)\Dell Webcam
2012-03-22 06:32 - 2010-08-02 18:54 - 0000000 ____D C:\Program Files (x86)\Creative Live! Cam
2012-03-22 06:32 - 2010-06-13 15:33 - 0000000 ____D C:\Users\Eros\AppData\Roaming\PureEdge
2012-03-22 06:32 - 2010-06-13 15:33 - 0000000 ____D C:\ProgramData\PureEdge
2012-03-22 06:32 - 2010-06-13 15:33 - 0000000 ____D C:\Program Files (x86)\PureEdge
2012-03-22 06:32 - 2010-05-08 17:42 - 0000000 ____D C:\Program Files\Common Files\ActivIdentity
2012-03-22 06:32 - 2010-05-08 17:42 - 0000000 ____D C:\Program Files (x86)\ActivIdentity
2012-03-22 06:32 - 2010-04-21 14:42 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-22 06:32 - 2010-02-07 18:35 - 0000000 ____D C:\Program Files (x86)\NCH Software
2012-03-22 06:32 - 2010-02-07 18:34 - 0000000 ____D C:\Program Files (x86)\NCH Swift Sound
2012-03-22 06:32 - 2010-02-07 10:07 - 0000000 ____D C:\Users\Eros\Documents\BioWare
2012-03-22 06:32 - 2010-01-02 11:34 - 0000000 ____D C:\Users\Eros\AppData\Local\Downloaded Installations
2012-03-22 06:32 - 2009-11-30 16:18 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-03-22 06:32 - 2009-09-25 15:20 - 0000000 ____D C:\Windows\System32\EventProviders
2012-03-22 06:32 - 2009-09-23 16:10 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2012-03-22 06:32 - 2009-08-17 16:25 - 0000000 ____D C:\Program Files\Common Files\INCA Shared
2012-03-22 06:32 - 2009-05-17 08:40 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-22 06:32 - 2009-05-15 15:56 - 0000000 ___SD C:\Users\Eros\Documents\My Shapes
2012-03-22 06:32 - 2009-05-06 16:02 - 0000000 ____D C:\Users\Eros\AppData\Local\Citrix
2012-03-22 06:32 - 2009-05-06 16:02 - 0000000 ____D C:\Users\Eros\AppData\Local\Apps\2.0
2012-03-22 06:32 - 2009-05-06 16:02 - 0000000 ____D C:\Program Files (x86)\Citrix
2012-03-22 06:32 - 2009-03-12 14:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-03-22 06:32 - 2009-03-12 14:51 - 0000000 ____D C:\Program Files\Microsoft Office
2012-03-22 06:32 - 2009-03-12 14:51 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-03-22 06:32 - 2009-02-27 21:51 - 0000000 ____D C:\Program Files (x86)\Voice
2012-03-22 06:32 - 2009-02-06 18:44 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Electronic Arts
2012-03-22 06:32 - 2009-01-18 11:24 - 0000000 ____D C:\Users\Eros\AppData\Local\Microsoft Games
2012-03-22 06:32 - 2009-01-08 19:28 - 0000000 ____D C:\NVIDIA
2012-03-22 06:32 - 2009-01-06 15:11 - 0000000 ____D C:\Program Files (x86)\Lexmark X1100 Series
2012-03-22 06:32 - 2008-12-27 15:38 - 0000000 ____D C:\Program Files (x86)\Haali
2012-03-22 06:32 - 2008-12-26 18:19 - 0000000 ____D C:\Users\Eros\AppData\Roaming\InstallShield
2012-03-22 06:32 - 2008-12-17 20:41 - 0000000 ____D C:\Users\Eros\AppData\Local\PunkBuster
2012-03-22 06:32 - 2008-12-17 19:24 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-03-22 06:32 - 2008-12-15 18:02 - 0000000 ____D C:\Users\Eros\Documents\My Games
2012-03-22 06:32 - 2008-12-14 11:26 - 0000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2012-03-22 06:32 - 2008-12-14 09:02 - 0000000 ____D C:\Program Files (x86)\DNA
2012-03-22 06:32 - 2008-12-13 17:45 - 0000000 ____D C:\Program Files (x86)\TVersity
2012-03-22 06:32 - 2008-12-13 17:39 - 0000000 ____D C:\Program Files (x86)\DivX
2012-03-22 06:32 - 2008-12-13 15:47 - 0000000 ____D C:\Users\Eros\AppData\Roaming\Adobe
2012-03-22 06:32 - 2008-12-09 22:01 - 0000000 ____D C:\DELL
2012-03-22 06:32 - 2008-12-09 21:00 - 0000000 ____D C:\ProgramData\Dell
2012-03-22 06:32 - 2008-12-09 20:53 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-03-22 06:32 - 2008-12-09 20:51 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-03-22 06:32 - 2008-12-09 20:48 - 0000000 ____D C:\Program Files (x86)\Dell
2012-03-22 06:32 - 2008-12-09 20:44 - 0000000 ____D C:\ProgramData\Adobe
2012-03-22 06:32 - 2008-12-09 20:44 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-03-22 06:32 - 2008-12-09 20:40 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-03-22 06:32 - 2008-12-09 20:40 - 0000000 ____D C:\Windows\SysWOW64\Lang
2012-03-22 06:32 - 2006-11-02 05:33 - 0000000 __RHD C:\users\Default
2012-03-22 06:32 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2012-03-22 06:32 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Help
2012-03-22 06:32 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-03-22 06:31 - 2011-04-11 09:33 - 0000000 ____D C:\Users\Eros\AppData\Local\Rockstar Games
2012-03-22 06:31 - 2008-12-26 18:11 - 0000000 ____D C:\Program Files (x86)\Red Kawa
2012-03-22 06:31 - 2008-12-13 15:02 - 0000000 ____D C:\Users\Eros\AppData\LocalLow
2012-03-22 06:31 - 2008-12-09 20:57 - 0000000 ____D C:\ProgramData\Uninstall
2012-03-22 06:31 - 2008-12-09 20:55 - 0000000 ____D C:\ProgramData\Roxio
2012-03-22 06:31 - 2008-12-09 20:53 - 0000000 ____D C:\ProgramData\InstallShield
2012-03-22 06:31 - 2008-12-09 20:51 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-03-22 06:31 - 2008-12-09 20:51 - 0000000 ____D C:\Program Files (x86)\Dell Video Chat
2012-03-22 06:31 - 2006-11-02 07:22 - 0000000 ____D C:\Windows\Setup
2012-03-22 06:31 - 2006-11-02 07:22 - 0000000 ____D C:\Windows\ServiceProfiles
2012-03-22 06:31 - 2006-11-02 07:16 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-03-22 06:31 - 2006-11-02 07:16 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-03-22 06:31 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\WindowsMobile
2012-03-22 06:31 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-03-22 06:31 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-03-22 06:31 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\winrm
2012-03-22 06:31 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\WCN
2012-03-22 06:31 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\slmgr
2012-03-22 06:31 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Windows\Performance
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Windows\DigitalLocker
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Windows Photo Gallery
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Windows Journal
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Windows Defender
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Windows Collaboration
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Windows Calendar
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\MSBuild
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Movie Maker
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Microsoft Games
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files (x86)\Windows Photo Gallery
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files (x86)\Windows Calendar
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-03-22 06:31 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\Web
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\networklist
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\licensing
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\com
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Speech
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\SMI
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\RemInst
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\oobe
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\networklist
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\MUI
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\migwiz
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\licensing
2012-03-22 06:31 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\IME
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\System32\com
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Speech
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\servicing
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\security
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\schemas
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Resources
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Provisioning
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PLA
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\MSAgent64
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\MSAgent
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\IME
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Branding
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Windows NT
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\System
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-03-22 06:31 - 2006-11-02 05:33 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-03-22 06:31 - 2006-11-02 05:32 - 0000000 __SHD C:\$Recycle.Bin
2012-03-21 17:02 - 2012-03-21 16:57 - 0000000 ____D C:\Program Files (x86)\PowerArchiver(78)
2012-03-21 17:00 - 2012-03-21 17:00 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware(40)
2012-03-21 16:57 - 2012-03-21 16:57 - 0000000 ____D C:\Program Files (x86)\PatchBeam
2012-03-21 16:18 - 2012-03-21 16:18 - 0029475 ____A C:\Users\Eros\Downloads\_-Demonoid.me-_The_Devil_Inside_2012_RMVB_www_everything_center_com.torrent
2012-03-20 22:09 - 2012-03-20 20:20 - 0000000 ____D C:\Users\Eros\Downloads\Mass_Effect_3_Repack_LeChuck
2012-03-20 17:16 - 2012-03-20 16:39 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-20 17:03 - 2012-03-20 17:03 - 0000000 ___HD C:\$AVG
2012-03-20 16:49 - 2012-03-20 16:39 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-20 16:46 - 2012-03-20 16:46 - 1747541 ____A C:\Users\Eros\Downloads\PetesMotorolaRootTools_v1.07.zip
2012-03-20 16:12 - 2012-03-20 16:12 - 0000000 ____D C:\Program Files (x86)\AVG
2012-03-14 11:38 - 2011-05-11 11:27 - 0000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-03-14 00:21 - 2006-11-02 07:21 - 2347120 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 00:01 - 2009-03-12 13:50 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-03-14 00:01 - 2006-11-02 04:35 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-03-13 19:03 - 2012-03-13 18:32 - 0000000 ____D C:\Users\Eros\Downloads\PC_Mass.Effect.3.Rip.-TPTB
2012-03-13 18:44 - 2012-03-13 18:29 - 0000000 ____D C:\Users\Eros\Downloads\In Time (2011) DVDRip XviD-MAXSPEED
2012-03-11 11:57 - 2008-12-14 09:47 - 0117760 ____A C:\Users\Eros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-11 11:13 - 2012-03-11 11:13 - 0000000 ____D C:\Windows\system64
2012-03-11 11:13 - 2012-03-11 11:13 - 0000000 ____A C:\Users\Eros\AppData\Roaming\tkcsi.txt
2012-03-06 05:30 - 2012-03-06 04:26 - 0000000 ____D C:\Users\Eros\Downloads\Pink Floyd
2012-03-05 17:31 - 2012-03-05 16:23 - 0000000 ____D C:\Users\Eros\Downloads\Dexter_Season_6_Complete
2012-03-05 17:04 - 2012-03-22 18:01 - 209687566 ____A C:\Users\Public\Breaking Bad (S04E13) - Face Off [BoB].mkv
2012-03-05 16:46 - 2012-03-05 16:19 - 0000000 ____D C:\Users\Eros\Downloads\Breaking Bad - Season 4 (Complete) [BoB]
2012-03-02 15:49 - 2011-07-15 13:47 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-29 14:31 - 2012-02-29 14:30 - 0000000 ____D C:\Users\Eros\Desktop\1099 and w2 for mandy
2012-02-27 19:47 - 2012-02-27 19:47 - 1159581 ____A C:\Users\Eros\Downloads\02-22-2012.pdf
2012-02-27 19:46 - 2012-02-27 19:46 - 0840849 ____A C:\Users\Eros\Downloads\01-24-2012.pdf
2012-02-25 20:10 - 2012-02-25 20:10 - 0000176 ____A C:\Users\Eros\Desktop\shipping quote.rtf
2012-02-25 19:48 - 2012-02-25 19:48 - 0000976 ____A C:\Users\Public\Desktop\Call of Duty Modern Warfare 3.lnk
2012-02-25 16:45 - 2011-12-17 08:39 - 0000000 ____D C:\Users\Eros\AppData\Local\MPlayer
2012-02-19 19:27 - 2012-02-19 19:27 - 0000000 ____D C:\Users\Eros\AppData\Local\Chromium
2012-02-19 19:27 - 2011-04-11 09:36 - 0000000 ____D C:\Users\Eros\Documents\Rockstar Games
2012-02-19 19:26 - 2008-12-13 15:03 - 0116960 ____A C:\Users\Eros\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-19 18:48 - 2009-01-16 18:57 - 0000000 ____D C:\Program Files (x86)\Microsoft Games
2012-02-19 18:43 - 2012-02-19 18:43 - 0001968 ____A C:\Users\Public\Desktop\L.A. Noire.lnk
2012-02-19 18:30 - 2011-09-08 18:54 - 0000000 ____D C:\Program Files (x86)\Deus Ex - Human Revolution
2012-02-13 16:07 - 2011-09-08 19:13 - 0000000 ____D C:\Users\Eros\AppData\Local\dxhr
2012-02-11 17:30 - 2012-02-11 17:30 - 0037376 ____A C:\Users\Eros\Downloads\FRB Checklist.doc
2012-02-08 01:06 - 2009-05-15 15:52 - 0000039 ____A C:\Windows\vbaddin.ini
2012-02-08 01:03 - 2012-02-08 01:03 - 0000000 ____D C:\Windows\PCHEALTH
2012-02-08 01:02 - 2006-11-02 04:34 - 0000219 ____A C:\Windows\win.ini
2012-02-05 17:20 - 2012-02-05 17:18 - 0000000 ____D C:\Users\Eros\Downloads\Live Free Or Die Hard Unrated 2007 DvDrip[Eng]-greenbud1969
2012-02-02 07:34 - 2012-03-13 15:55 - 2765824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 05:57 - 2012-03-24 19:56 - 0132320 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-01-31 05:57 - 2012-03-24 19:56 - 0097312 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-01-27 16:34 - 2010-06-05 12:25 - 0000000 ____D C:\Users\Eros\Desktop\WOC stuff
2012-01-25 17:17 - 2012-01-25 17:17 - 0000000 ____D C:\Users\Eros\AppData\Roaming\EPSON
2012-01-25 17:16 - 2012-01-25 17:16 - 0001046 ____A C:\Users\Eros\Desktop\Adobe Photoshop CS3.lnk
2012-01-21 18:10 - 2012-01-21 18:10 - 0921011 ____A C:\Users\Eros\Desktop\uniform.pdf
2012-01-21 08:25 - 2012-01-21 08:25 - 0116468 ____A C:\Users\Eros\Desktop\checkout.aspx.htm
2012-01-11 14:20 - 2012-01-11 14:20 - 0001919 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-01-11 14:20 - 2008-12-14 13:38 - 0000000 ____D C:\Users\Eros\AppData\Local\Adobe
2012-01-10 18:00 - 2012-01-10 18:00 - 0000000 ____D C:\Users\Eros\AppData\Roaming\SynthMaker
2012-01-10 15:32 - 2012-01-10 15:31 - 0000000 ____D C:\Users\Eros\Downloads\Prime.Loops.Planet.Of.The.Orchestra.WAV.SCD-SUNiSO(Murlok)
2012-01-09 08:16 - 2012-03-13 15:55 - 0708096 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2012-01-09 07:54 - 2012-03-13 15:55 - 0613376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2012-01-09 06:27 - 2012-03-13 15:55 - 0209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-01-06 16:04 - 2012-01-06 15:59 - 0000000 ____D C:\Users\Eros\Downloads\Cowboys and Aliens (2011) DVDRip XviD-MAXSPEED
2012-01-06 16:02 - 2012-01-06 15:57 - 0000000 ____D C:\Users\Eros\Downloads\Puncture[2011]BRRip XviD-ExtraTorrentRG
2012-01-06 16:00 - 2012-01-06 15:43 - 0000000 ____D C:\Users\Eros\Downloads\[ UsaBit.com ] - Sherlock.Holmes.A.Game.Of.Shadows.2011.TS.XviD-DTRG
2012-01-06 15:57 - 2012-01-06 15:52 - 0000000 ____D C:\Users\Eros\Downloads\Shark Night 2011 BRRip XviD-FTW
2012-01-06 15:54 - 2012-01-06 15:51 - 0000000 ____D C:\Users\Eros\Downloads\Dont.Be.Afraid.Of.The.Dark.2010.DVDRip.XviD-SceneLovers
2012-01-03 15:21 - 2012-01-03 15:05 - 0000000 ____D C:\Users\Eros\Downloads\Halloween[2007]DvDrip[Eng]-FXG
2012-01-03 06:25 - 2012-02-14 20:17 - 0404992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-01-01 19:04 - 2012-01-01 17:52 - 0000000 ____D C:\Users\Eros\Downloads\Sons of Anarchy Season 4 Complete 720p
2012-01-01 11:45 - 2012-01-01 11:31 - 0000000 ____D C:\Users\Eros\AppData\Roaming\NVIDIA
2012-01-01 11:39 - 2008-12-09 20:51 - 0366188 ____A C:\Windows\DirectX.log
2012-01-01 10:46 - 2012-01-01 10:46 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-01-01 10:46 - 2012-01-01 10:46 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-01-01 10:45 - 2012-01-01 10:45 - 0000000 ____D C:\ProgramData\NVIDIA Corporation
2012-01-01 10:17 - 2012-01-01 10:15 - 155182440 ____A (NVIDIA Corporation) C:\Users\Eros\Downloads\285.62-desktop-win7-winvista-64bit-english-whql.exe
2012-01-01 09:58 - 2012-01-01 09:58 - 0000792 ____A C:\Users\Eros\Desktop\Rage - Shortcut.lnk
2011-12-31 20:42 - 2011-12-31 20:42 - 1700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2011-12-31 20:41 - 2011-12-31 20:41 - 0000979 ____A C:\Users\Eros\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2011-12-31 20:41 - 2011-12-31 20:41 - 0000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2011-12-31 20:40 - 2011-12-31 20:40 - 0000842 ____A C:\Users\Eros\Desktop\FL Studio 10.lnk
2011-12-31 20:40 - 2011-12-31 20:40 - 0000000 ____D C:\Users\Eros\Documents\Image-Line
2011-12-31 20:40 - 2011-12-31 20:40 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2011-12-29 17:24 - 2011-09-08 18:55 - 0000000 ____D C:\Users\Eros\Desktop\bike pix

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 8125.03 MB
Available physical RAM: 7479.71 MB
Total Pagefile: 7874.43 MB
Available Pagefile: 7460.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:162.77 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (FRMCXFRE_EN_DVD) (CDROM) (Total:3.66 GB) (Free:0 GB) UDF
7 Drive i: () (Removable) (Total:14.81 GB) (Free:14.72 GB) NTFS
8 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.15 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 55 MB 32 KB
Partition 2 Primary 15 GB 55 MB
Partition 3 Primary 451 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 55 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 20 KB

======================================================================================================

Disk: 5
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 I NTFS Removable 15 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-24 23:21

======================= End Of Log ==========================

BC Ads
BleepingComputer.com

#2 paragon81

Member

Members
70 posts

Posted 25 March 2012 - 04:37 PM

update: managed to boot onto a avira boot disk. running scan now and will provide log after it is completed. Also planning on booting to the dell disk or another copy of vista and trying the repair again. Aparently I was not booting to disk before when I thought I was

#3 paragon81

Member

Members
70 posts

Posted 25 March 2012 - 07:07 PM

it is listed as TR/ATRAPS.gen2

infected files:
GAC_32/DESKTOP.INI
GAC_64/DESKTOP.INI
temp/u/80000032.@

#4 paragon81

Member

Members
70 posts

Posted 25 March 2012 - 07:15 PM

avira said it had renamed them, but not what it had renamed them as. And I am still getting the blue screen saying that consrv is missing....

#5 paragon81

Member

Members
70 posts

Posted 25 March 2012 - 07:57 PM

not sure if this means anything, but when I am in the command prompt in recovery it is listing windows under X:\... just seems kinda weird

#6 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 26 March 2012 - 04:28 AM

Hello paragon81 and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
- Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
- Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:

Special thanks to quietman7 for providing the above information.

NEXT:

Posted Image

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
SubSystems: [Windows] ==> ZeroAccess
2012-03-11 11:14 - 2012-03-24 20:19 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please see if you're able to boot up successfully into Windows after you run the above fix.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#7 paragon81

Member

Members
70 posts

Posted 26 March 2012 - 05:25 PM

I want to say first that u r very much appreciated and if at all possible I will make u some cookies, even though I suk at cooking >). I am here and rdy.

I am more than willing to do a format if necessary, but I would really like to gain access to windows one more time so that I can verify that I have backed up what I need. Hopefully we can handle it though.

Running the fix now, will update here afterwards.....

#8 paragon81

Member

Members
70 posts

Posted 26 March 2012 - 05:34 PM

Fix ran and success!!! I did a little dance when windows opened ;)))

Here is your fixlog, I will try not to restart or anything until you get back with me. Avira auto started a scan, I will cancel for now just let me know what to do next.

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-26 17:30:27 R:1
Running from D:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
C:\Windows\System32\dds_trash_log.cmd moved successfully.

==== End of Fixlog ====

#9 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 27 March 2012 - 12:39 AM

Hello paragon81!

I want to say first that u r very much appreciated and if at all possible I will make u some cookies, even though I suk at cooking >). I am here and rdy.

Not a problem! I'm glad to be able to help you out!

Congratulations! I've had that bit about the Chocolate Chip cookies in my into speech for over a month now, and you're the first person to point it out. I added that into my introduction speech to see how many of my users were reading it completly.

Fix ran and success!!! I did a little dance when windows opened ;)))

Great! Glad to hear that you're able to boot back into Windows now!

If you'd like to proceed with cleaning-up this computer and not reformat, please proceed with these instructions below:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure SKIP is selected, then click Continue.
Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

NEXT:

Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

NEXT:

Running OTL

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"

Copy and Paste the following code into the Posted Image

textbox.

msconfig
safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
tdx.sys
afd.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Please let me know how the above scans go.

Kindest Regards,
ST.

#10 paragon81

Member

Members
70 posts

Posted 27 March 2012 - 04:48 PM

16:38:15.0422 1600 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
16:38:15.0730 1600 ============================================================
16:38:15.0730 1600 Current date / time: 2012/03/27 16:38:15.0730
16:38:15.0730 1600 SystemInfo:
16:38:15.0730 1600
16:38:15.0730 1600 OS Version: 6.0.6002 ServicePack: 2.0
16:38:15.0730 1600 Product type: Workstation
16:38:15.0730 1600 ComputerName: PARAGON
16:38:15.0730 1600 UserName: Eros
16:38:15.0730 1600 Windows directory: C:\Windows
16:38:15.0730 1600 System windows directory: C:\Windows
16:38:15.0730 1600 Running under WOW64
16:38:15.0731 1600 Processor architecture: Intel x64
16:38:15.0731 1600 Number of processors: 4
16:38:15.0731 1600 Page size: 0x1000
16:38:15.0731 1600 Boot type: Normal boot
16:38:15.0731 1600 ============================================================
16:38:16.0184 1600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:38:16.0226 1600 Drive \Device\Harddisk5\DR6 - Size: 0x3B4000000 (14.81 Gb), SectorSize: 0x200, Cylinders: 0x78D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:38:16.0229 1600 \Device\Harddisk0\DR0:
16:38:16.0229 1600 MBR used
16:38:16.0229 1600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
16:38:16.0229 1600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x3856A000
16:38:16.0229 1600 \Device\Harddisk5\DR6:
16:38:16.0229 1600 MBR used
16:38:16.0230 1600 \Device\Harddisk5\DR6\Partition0: MBR, Type 0x7, StartLBA 0x28, BlocksNum 0x1D9FFD8
16:38:16.0296 1600 Initialize success
16:38:16.0296 1600 ============================================================
16:39:03.0846 2324 ============================================================
16:39:03.0846 2324 Scan started
16:39:03.0846 2324 Mode: Manual; SigCheck; TDLFS;
16:39:03.0846 2324 ============================================================
16:39:04.0417 2324 ac.sharedstore (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
16:39:04.0514 2324 ac.sharedstore - ok
16:39:04.0606 2324 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:39:04.0626 2324 ACPI - ok
16:39:04.0673 2324 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:39:04.0703 2324 adp94xx - ok
16:39:04.0724 2324 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:39:04.0748 2324 adpahci - ok
16:39:04.0767 2324 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:39:04.0785 2324 adpu160m - ok
16:39:04.0805 2324 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:39:04.0825 2324 adpu320 - ok
16:39:04.0891 2324 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
16:39:04.0941 2324 AeLookupSvc - ok
16:39:05.0005 2324 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
16:39:05.0078 2324 AFD - ok
16:39:05.0136 2324 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:39:05.0154 2324 agp440 - ok
16:39:05.0174 2324 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:39:05.0193 2324 aic78xx - ok
16:39:05.0242 2324 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
16:39:05.0312 2324 ALG - ok
16:39:05.0329 2324 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
16:39:05.0347 2324 aliide - ok
16:39:05.0360 2324 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:39:05.0377 2324 amdide - ok
16:39:05.0393 2324 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:39:05.0476 2324 AmdK8 - ok
16:39:05.0575 2324 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:39:05.0590 2324 AntiVirSchedulerService - ok
16:39:05.0625 2324 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:39:05.0638 2324 AntiVirService - ok
16:39:05.0703 2324 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
16:39:05.0781 2324 Appinfo - ok
16:39:05.0861 2324 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:39:05.0879 2324 Apple Mobile Device - ok
16:39:05.0923 2324 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:39:05.0944 2324 arc - ok
16:39:05.0988 2324 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:39:06.0010 2324 arcsas - ok
16:39:06.0046 2324 aspnet_state - ok
16:39:06.0067 2324 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:39:06.0143 2324 AsyncMac - ok
16:39:06.0186 2324 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
16:39:06.0204 2324 atapi - ok
16:39:06.0252 2324 Ati External Event Utility (5f85c7284ed3d1b8fa923e876a168021) C:\Windows\system32\Ati2evxx.exe
16:39:06.0325 2324 Ati External Event Utility - ok
16:39:06.0479 2324 atikmdag (77e980eb1cc596fb6073c5c540e85f62) C:\Windows\system32\DRIVERS\atikmdag.sys
16:39:06.0711 2324 atikmdag - ok
16:39:06.0814 2324 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
16:39:06.0854 2324 AudioEndpointBuilder - ok
16:39:06.0862 2324 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
16:39:06.0902 2324 AudioSrv - ok
16:39:06.0945 2324 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:39:06.0997 2324 avgntflt - ok
16:39:07.0015 2324 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
16:39:07.0037 2324 avipbb - ok
16:39:07.0053 2324 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:39:07.0069 2324 avkmgr - ok
16:39:07.0118 2324 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
16:39:07.0238 2324 BITS - ok
16:39:07.0324 2324 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:39:07.0396 2324 blbdrive - ok
16:39:07.0471 2324 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:39:07.0500 2324 Bonjour Service - ok
16:39:07.0537 2324 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:39:07.0587 2324 bowser - ok
16:39:07.0668 2324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:39:07.0703 2324 BrFiltLo - ok
16:39:07.0722 2324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:39:07.0781 2324 BrFiltUp - ok
16:39:07.0862 2324 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
16:39:07.0934 2324 Browser - ok
16:39:07.0968 2324 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:39:08.0040 2324 Brserid - ok
16:39:08.0064 2324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:39:08.0161 2324 BrSerWdm - ok
16:39:08.0228 2324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:39:08.0276 2324 BrUsbMdm - ok
16:39:08.0292 2324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:39:08.0361 2324 BrUsbSer - ok
16:39:08.0419 2324 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
16:39:08.0462 2324 BthEnum - ok
16:39:08.0499 2324 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:39:08.0577 2324 BTHMODEM - ok
16:39:08.0652 2324 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
16:39:08.0709 2324 BthPan - ok
16:39:08.0778 2324 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
16:39:08.0841 2324 BTHPORT - ok
16:39:08.0891 2324 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
16:39:08.0924 2324 BthServ - ok
16:39:08.0970 2324 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
16:39:08.0989 2324 BTHUSB - ok
16:39:09.0048 2324 btwaudio (a44ad9ab3bf98a65eb58662e3c78eae0) C:\Windows\system32\drivers\btwaudio.sys
16:39:09.0065 2324 btwaudio - ok
16:39:09.0104 2324 btwavdt (a441d453821a6336f516f97f79bbfa17) C:\Windows\system32\drivers\btwavdt.sys
16:39:09.0121 2324 btwavdt - ok
16:39:09.0135 2324 btwrchid (b550c75397d96251a92391555fe5534c) C:\Windows\system32\DRIVERS\btwrchid.sys
16:39:09.0148 2324 btwrchid - ok
16:39:09.0210 2324 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:39:09.0274 2324 cdfs - ok
16:39:09.0322 2324 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:39:09.0382 2324 cdrom - ok
16:39:09.0443 2324 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
16:39:09.0498 2324 CertPropSvc - ok
16:39:09.0566 2324 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
16:39:09.0643 2324 circlass - ok
16:39:09.0712 2324 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:39:09.0766 2324 CLFS - ok
16:39:09.0834 2324 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:39:09.0855 2324 clr_optimization_v2.0.50727_32 - ok
16:39:09.0919 2324 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:39:09.0933 2324 clr_optimization_v2.0.50727_64 - ok
16:39:09.0973 2324 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:39:09.0991 2324 cmdide - ok
16:39:10.0001 2324 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
16:39:10.0019 2324 Compbatt - ok
16:39:10.0036 2324 COMSysApp - ok
16:39:10.0047 2324 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:39:10.0061 2324 crcdisk - ok
16:39:10.0099 2324 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
16:39:10.0158 2324 CryptSvc - ok
16:39:10.0243 2324 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
16:39:10.0317 2324 DcomLaunch - ok
16:39:10.0396 2324 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:39:10.0440 2324 DfsC - ok
16:39:10.0562 2324 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
16:39:10.0730 2324 DFSR - ok
16:39:10.0818 2324 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
16:39:10.0892 2324 Dhcp - ok
16:39:10.0964 2324 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:39:10.0980 2324 disk - ok
16:39:11.0021 2324 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
16:39:11.0047 2324 Dnscache - ok
16:39:11.0122 2324 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
16:39:11.0136 2324 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
16:39:11.0136 2324 DockLoginService - detected UnsignedFile.Multi.Generic (1)
16:39:11.0198 2324 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
16:39:11.0340 2324 dot3svc - ok
16:39:11.0387 2324 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
16:39:11.0459 2324 DPS - ok
16:39:11.0517 2324 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:39:11.0575 2324 drmkaud - ok
16:39:11.0608 2324 dump_wmimmc - ok
16:39:11.0669 2324 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
16:39:11.0785 2324 DXGKrnl - ok
16:39:11.0870 2324 e1express (090c52161e62d06cc7df831f4bff7644) C:\Windows\system32\DRIVERS\e1e6032e.sys
16:39:11.0896 2324 e1express - ok
16:39:11.0930 2324 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:39:12.0003 2324 E1G60 - ok
16:39:12.0066 2324 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
16:39:12.0127 2324 EapHost - ok
16:39:12.0176 2324 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:39:12.0193 2324 Ecache - ok
16:39:12.0230 2324 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
16:39:12.0272 2324 ehRecvr - ok
16:39:12.0286 2324 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
16:39:12.0304 2324 ehSched - ok
16:39:12.0325 2324 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
16:39:12.0394 2324 ehstart - ok
16:39:12.0463 2324 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:39:12.0493 2324 elxstor - ok
16:39:12.0538 2324 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
16:39:12.0603 2324 EMDMgmt - ok
16:39:12.0631 2324 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:39:12.0702 2324 ErrDev - ok
16:39:12.0754 2324 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
16:39:12.0858 2324 EventSystem - ok
16:39:12.0939 2324 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:39:12.0991 2324 exfat - ok
16:39:13.0034 2324 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:39:13.0091 2324 fastfat - ok
16:39:13.0136 2324 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:39:13.0204 2324 fdc - ok
16:39:13.0250 2324 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
16:39:13.0323 2324 fdPHost - ok
16:39:13.0384 2324 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
16:39:13.0476 2324 FDResPub - ok
16:39:13.0513 2324 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:39:13.0527 2324 FileInfo - ok
16:39:13.0545 2324 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:39:13.0592 2324 Filetrace - ok
16:39:13.0691 2324 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:39:13.0762 2324 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:39:13.0762 2324 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:39:13.0834 2324 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:39:13.0917 2324 flpydisk - ok
16:39:13.0964 2324 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:39:13.0984 2324 FltMgr - ok
16:39:14.0026 2324 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:39:14.0043 2324 FontCache3.0.0.0 - ok
16:39:14.0059 2324 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:39:14.0123 2324 Fs_Rec - ok
16:39:14.0201 2324 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:39:14.0221 2324 gagp30kx - ok
16:39:14.0257 2324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:39:14.0272 2324 GEARAspiWDM - ok
16:39:14.0332 2324 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:39:14.0348 2324 GoToAssist - ok
16:39:14.0375 2324 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
16:39:14.0419 2324 gpsvc - ok
16:39:14.0483 2324 gupdate1c9d70e4f573805 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:14.0496 2324 gupdate1c9d70e4f573805 - ok
16:39:14.0522 2324 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:14.0535 2324 gupdatem - ok
16:39:14.0597 2324 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:39:14.0611 2324 gusvc - ok
16:39:14.0670 2324 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
16:39:14.0686 2324 hamachi - ok
16:39:14.0736 2324 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
16:39:14.0768 2324 HdAudAddService - ok
16:39:14.0798 2324 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:39:14.0900 2324 HDAudBus - ok
16:39:14.0936 2324 HidBth (39f7d79b3401be029d8451f761d30331) C:\Windows\system32\DRIVERS\hidbth.sys
16:39:15.0000 2324 HidBth - ok
16:39:15.0061 2324 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
16:39:15.0154 2324 HidIr - ok
16:39:15.0194 2324 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
16:39:15.0228 2324 hidserv - ok
16:39:15.0249 2324 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:39:15.0312 2324 HidUsb - ok
16:39:15.0350 2324 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
16:39:15.0420 2324 hkmsvc - ok
16:39:15.0495 2324 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:39:15.0515 2324 HpCISSs - ok
16:39:15.0565 2324 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:39:15.0622 2324 HTTP - ok
16:39:15.0666 2324 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:39:15.0685 2324 i2omp - ok
16:39:15.0699 2324 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:39:15.0761 2324 i8042prt - ok
16:39:15.0865 2324 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:39:15.0893 2324 IAANTMON - ok
16:39:15.0953 2324 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\drivers\iastor.sys
16:39:15.0972 2324 iaStor - ok
16:39:16.0021 2324 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:39:16.0047 2324 iaStorV - ok
16:39:16.0093 2324 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:39:16.0124 2324 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:39:16.0124 2324 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:39:16.0195 2324 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:39:16.0251 2324 idsvc - ok
16:39:16.0283 2324 IFPUSB - ok
16:39:16.0336 2324 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:39:16.0355 2324 iirsp - ok
16:39:16.0395 2324 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
16:39:16.0469 2324 IKEEXT - ok
16:39:16.0525 2324 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:39:16.0543 2324 intelide - ok
16:39:16.0573 2324 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:39:16.0642 2324 intelppm - ok
16:39:16.0700 2324 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
16:39:16.0773 2324 IPBusEnum - ok
16:39:16.0831 2324 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:39:16.0899 2324 IpFilterDriver - ok
16:39:16.0930 2324 IpInIp - ok
16:39:16.0959 2324 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:39:17.0009 2324 IPMIDRV - ok
16:39:17.0048 2324 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:39:17.0120 2324 IPNAT - ok
16:39:17.0205 2324 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
16:39:17.0268 2324 iPod Service - ok
16:39:17.0338 2324 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:39:17.0386 2324 IRENUM - ok
16:39:17.0447 2324 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:39:17.0465 2324 isapnp - ok
16:39:17.0505 2324 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:39:17.0524 2324 iScsiPrt - ok
16:39:17.0542 2324 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:39:17.0561 2324 iteatapi - ok
16:39:17.0575 2324 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:39:17.0593 2324 iteraid - ok
16:39:17.0628 2324 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:39:17.0647 2324 kbdclass - ok
16:39:17.0684 2324 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:39:17.0746 2324 kbdhid - ok
16:39:17.0809 2324 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:39:17.0851 2324 KeyIso - ok
16:39:17.0908 2324 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
16:39:17.0935 2324 KSecDD - ok
16:39:17.0961 2324 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:39:18.0036 2324 ksthunk - ok
16:39:18.0103 2324 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
16:39:18.0186 2324 KtmRm - ok
16:39:18.0250 2324 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
16:39:18.0320 2324 LanmanServer - ok
16:39:18.0352 2324 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
16:39:18.0387 2324 LanmanWorkstation - ok
16:39:18.0436 2324 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:39:18.0456 2324 LHidFilt - ok
16:39:18.0484 2324 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:39:18.0561 2324 lltdio - ok
16:39:18.0623 2324 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
16:39:18.0700 2324 lltdsvc - ok
16:39:18.0731 2324 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
16:39:18.0798 2324 lmhosts - ok
16:39:18.0835 2324 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:39:18.0853 2324 LMouFilt - ok
16:39:18.0903 2324 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:39:18.0924 2324 LSI_FC - ok
16:39:18.0963 2324 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:39:18.0985 2324 LSI_SAS - ok
16:39:19.0034 2324 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:39:19.0055 2324 LSI_SCSI - ok
16:39:19.0073 2324 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:39:19.0145 2324 luafv - ok
16:39:19.0193 2324 McAfee SiteAdvisor Service - ok
16:39:19.0299 2324 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:39:19.0323 2324 McNASvc - ok
16:39:19.0329 2324 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:39:19.0344 2324 McProxy - ok
16:39:19.0401 2324 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
16:39:19.0446 2324 Mcx2Svc - ok
16:39:19.0512 2324 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:39:19.0531 2324 megasas - ok
16:39:19.0568 2324 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:39:19.0600 2324 MegaSR - ok
16:39:19.0685 2324 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:39:19.0698 2324 Microsoft Office Groove Audit Service - ok
16:39:19.0742 2324 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:39:19.0813 2324 MMCSS - ok
16:39:19.0853 2324 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:39:19.0930 2324 Modem - ok
16:39:19.0965 2324 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:39:20.0034 2324 monitor - ok
16:39:20.0075 2324 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:39:20.0095 2324 mouclass - ok
16:39:20.0135 2324 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:39:20.0210 2324 mouhid - ok
16:39:20.0265 2324 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:39:20.0280 2324 MountMgr - ok
16:39:20.0299 2324 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:39:20.0322 2324 mpio - ok
16:39:20.0337 2324 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:39:20.0399 2324 mpsdrv - ok
16:39:20.0447 2324 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:39:20.0466 2324 Mraid35x - ok
16:39:20.0515 2324 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:39:20.0536 2324 MRxDAV - ok
16:39:20.0596 2324 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:39:20.0654 2324 mrxsmb - ok
16:39:20.0698 2324 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:39:20.0720 2324 mrxsmb10 - ok
16:39:20.0733 2324 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:39:20.0773 2324 mrxsmb20 - ok
16:39:20.0836 2324 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
16:39:20.0855 2324 msahci - ok
16:39:20.0891 2324 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:39:20.0914 2324 msdsm - ok
16:39:20.0951 2324 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
16:39:21.0002 2324 MSDTC - ok
16:39:21.0027 2324 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:39:21.0096 2324 Msfs - ok
16:39:21.0127 2324 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:39:21.0141 2324 msisadrv - ok
16:39:21.0167 2324 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
16:39:21.0240 2324 MSiSCSI - ok
16:39:21.0290 2324 msiserver - ok
16:39:21.0335 2324 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:39:21.0409 2324 MSKSSRV - ok
16:39:21.0456 2324 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:39:21.0524 2324 MSPCLOCK - ok
16:39:21.0558 2324 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:39:21.0605 2324 MSPQM - ok
16:39:21.0641 2324 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:39:21.0663 2324 MsRPC - ok
16:39:21.0702 2324 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:39:21.0717 2324 mssmbios - ok
16:39:21.0744 2324 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:39:21.0813 2324 MSTEE - ok
16:39:21.0846 2324 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:39:21.0863 2324 Mup - ok
16:39:21.0906 2324 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
16:39:21.0948 2324 napagent - ok
16:39:21.0997 2324 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:39:22.0044 2324 NativeWifiP - ok
16:39:22.0134 2324 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:39:22.0167 2324 NDIS - ok
16:39:22.0227 2324 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:39:22.0291 2324 NdisTapi - ok
16:39:22.0338 2324 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:39:22.0412 2324 Ndisuio - ok
16:39:22.0483 2324 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:39:22.0546 2324 NdisWan - ok
16:39:22.0603 2324 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:39:22.0665 2324 NDProxy - ok
16:39:22.0699 2324 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:39:22.0766 2324 NetBIOS - ok
16:39:22.0811 2324 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:39:22.0880 2324 netbt - ok
16:39:22.0950 2324 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:39:22.0968 2324 Netlogon - ok
16:39:23.0008 2324 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
16:39:23.0113 2324 Netman - ok
16:39:23.0150 2324 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
16:39:23.0233 2324 netprofm - ok
16:39:23.0313 2324 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:39:23.0336 2324 NetTcpPortSharing - ok
16:39:23.0380 2324 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:39:23.0400 2324 nfrd960 - ok
16:39:23.0441 2324 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
16:39:23.0511 2324 NlaSvc - ok
16:39:23.0552 2324 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:39:23.0610 2324 Npfs - ok
16:39:23.0640 2324 NPPTNT2 - ok
16:39:23.0655 2324 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
16:39:23.0721 2324 nsi - ok
16:39:23.0788 2324 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:39:23.0878 2324 nsiproxy - ok
16:39:23.0968 2324 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:39:24.0100 2324 Ntfs - ok
16:39:24.0180 2324 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:39:24.0250 2324 Null - ok
16:39:24.0492 2324 nv (9e3d7427dd7fabb06b590b94123ef568) C:\Windows\system32\DRIVERS\nv4_mini.sys
16:39:24.0846 2324 nv ( UnsignedFile.Multi.Generic ) - warning
16:39:24.0846 2324 nv - detected UnsignedFile.Multi.Generic (1)
16:39:25.0168 2324 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:39:25.0726 2324 nvlddmkm - ok
16:39:25.0789 2324 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:39:25.0812 2324 nvraid - ok
16:39:25.0841 2324 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:39:25.0860 2324 nvstor - ok
16:39:25.0925 2324 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
16:39:26.0013 2324 nvsvc - ok
16:39:26.0141 2324 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:39:26.0213 2324 nvUpdatusService - ok
16:39:26.0274 2324 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:39:26.0297 2324 nv_agp - ok
16:39:26.0305 2324 NwlnkFlt - ok
16:39:26.0314 2324 NwlnkFwd - ok
16:39:26.0360 2324 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
16:39:26.0385 2324 OA002Afx - ok
16:39:26.0400 2324 OA002Ufd (9bcc62c6de92cab213c31eb2d6ec32b3) C:\Windows\system32\DRIVERS\OA002Ufd.sys
16:39:26.0446 2324 OA002Ufd - ok
16:39:26.0457 2324 OA002Vid (9e3e1046854b2a9093b662ed1d937308) C:\Windows\system32\DRIVERS\OA002Vid.sys
16:39:26.0490 2324 OA002Vid - ok
16:39:26.0586 2324 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:39:26.0620 2324 odserv - ok
16:39:26.0687 2324 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
16:39:26.0743 2324 ohci1394 - ok
16:39:26.0822 2324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:39:26.0843 2324 ose - ok
16:39:26.0913 2324 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:39:27.0009 2324 p2pimsvc - ok
16:39:27.0022 2324 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:39:27.0054 2324 p2psvc - ok
16:39:27.0104 2324 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:39:27.0203 2324 Parport - ok
16:39:27.0253 2324 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:39:27.0269 2324 partmgr - ok
16:39:27.0300 2324 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
16:39:27.0341 2324 PcaSvc - ok
16:39:27.0368 2324 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:39:27.0386 2324 pci - ok
16:39:27.0437 2324 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:39:27.0454 2324 pciide - ok
16:39:27.0468 2324 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:39:27.0494 2324 pcmcia - ok
16:39:27.0527 2324 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:39:27.0647 2324 PEAUTH - ok
16:39:27.0706 2324 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
16:39:27.0779 2324 PerfHost - ok
16:39:27.0867 2324 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
16:39:27.0995 2324 pla - ok
16:39:28.0055 2324 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
16:39:28.0094 2324 PlugPlay - ok
16:39:28.0121 2324 PnkBstrA - ok
16:39:28.0171 2324 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:39:28.0203 2324 PNRPAutoReg - ok
16:39:28.0217 2324 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:39:28.0249 2324 PNRPsvc - ok
16:39:28.0310 2324 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
16:39:28.0414 2324 PolicyAgent - ok
16:39:28.0478 2324 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:39:28.0542 2324 PptpMiniport - ok
16:39:28.0591 2324 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:39:28.0626 2324 Processor - ok
16:39:28.0683 2324 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
16:39:28.0740 2324 ProfSvc - ok
16:39:28.0782 2324 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:39:28.0796 2324 ProtectedStorage - ok
16:39:28.0876 2324 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:39:28.0902 2324 PSched - ok
16:39:28.0936 2324 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
16:39:28.0946 2324 PxHlpa64 - ok
16:39:28.0991 2324 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:39:29.0042 2324 ql2300 - ok
16:39:29.0083 2324 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:39:29.0103 2324 ql40xx - ok
16:39:29.0144 2324 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
16:39:29.0189 2324 QWAVE - ok
16:39:29.0243 2324 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:39:29.0292 2324 QWAVEdrv - ok
16:39:29.0432 2324 R300 (77e980eb1cc596fb6073c5c540e85f62) C:\Windows\system32\DRIVERS\atikmdag.sys
16:39:29.0534 2324 R300 - ok
16:39:29.0606 2324 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:39:29.0680 2324 RasAcd - ok
16:39:29.0727 2324 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
16:39:29.0797 2324 RasAuto - ok
16:39:29.0852 2324 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:39:29.0892 2324 Rasl2tp - ok
16:39:29.0911 2324 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
16:39:29.0949 2324 RasMan - ok
16:39:30.0017 2324 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:39:30.0083 2324 RasPppoe - ok
16:39:30.0126 2324 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:39:30.0174 2324 RasSstp - ok
16:39:30.0233 2324 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:39:30.0269 2324 rdbss - ok
16:39:30.0295 2324 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:39:30.0341 2324 RDPCDD - ok
16:39:30.0402 2324 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:39:30.0479 2324 rdpdr - ok
16:39:30.0487 2324 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:39:30.0533 2324 RDPENCDD - ok
16:39:30.0590 2324 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
16:39:30.0654 2324 RDPWD - ok
16:39:30.0688 2324 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
16:39:30.0763 2324 RemoteAccess - ok
16:39:30.0814 2324 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
16:39:30.0884 2324 RemoteRegistry - ok
16:39:30.0969 2324 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
16:39:31.0038 2324 RFCOMM - ok
16:39:31.0072 2324 RimUsb - ok
16:39:31.0104 2324 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:39:31.0128 2324 RimVSerPort - ok
16:39:31.0173 2324 RLDesignVirtualAudioCableWdm (cf1eee81fd32238fc51adca9f2266b7d) C:\Windows\system32\DRIVERS\livecamv.sys
16:39:31.0222 2324 RLDesignVirtualAudioCableWdm - ok
16:39:31.0298 2324 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
16:39:31.0343 2324 ROOTMODEM - ok
16:39:31.0432 2324 RoxLiveShare10 (fded778daf09235e4580f1b9046946b6) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
16:39:31.0448 2324 RoxLiveShare10 - ok
16:39:31.0476 2324 RoxLiveShare9 - ok
16:39:31.0528 2324 RoxMediaDB10 (e054a2caf0e2a55c9aac0bf1ccc558a5) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
16:39:31.0615 2324 RoxMediaDB10 - ok
16:39:31.0724 2324 RoxWatch10 (c75fda9ab3314e555123673e08f9d86d) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
16:39:31.0738 2324 RoxWatch10 - ok
16:39:31.0840 2324 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
16:39:31.0918 2324 RpcLocator - ok
16:39:31.0971 2324 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
16:39:32.0017 2324 RpcSs - ok
16:39:32.0050 2324 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:39:32.0100 2324 rspndr - ok
16:39:32.0131 2324 RTPatch File Service - ok
16:39:32.0189 2324 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:39:32.0207 2324 SamSs - ok
16:39:32.0226 2324 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:39:32.0248 2324 sbp2port - ok
16:39:32.0280 2324 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
16:39:32.0344 2324 SCardSvr - ok
16:39:32.0394 2324 SCDEmu (7fb7a7448d6d3609724c3e5bd7a90f8e) C:\Windows\system32\drivers\SCDEmu.sys
16:39:32.0415 2324 SCDEmu - ok
16:39:32.0459 2324 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
16:39:32.0512 2324 Schedule - ok
16:39:32.0565 2324 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
16:39:32.0598 2324 SCPolicySvc - ok
16:39:32.0623 2324 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
16:39:32.0692 2324 SDRSVC - ok
16:39:32.0730 2324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:39:32.0834 2324 secdrv - ok
16:39:32.0857 2324 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
16:39:32.0929 2324 seclogon - ok
16:39:32.0960 2324 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
16:39:33.0019 2324 SENS - ok
16:39:33.0064 2324 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:39:33.0141 2324 Serenum - ok
16:39:33.0224 2324 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:39:33.0323 2324 Serial - ok
16:39:33.0349 2324 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:39:33.0419 2324 sermouse - ok
16:39:33.0448 2324 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
16:39:33.0519 2324 SessionEnv - ok
16:39:33.0550 2324 SessionLauncher - ok
16:39:33.0615 2324 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:39:33.0696 2324 sffdisk - ok
16:39:33.0721 2324 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:39:33.0793 2324 sffp_mmc - ok
16:39:33.0830 2324 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:39:33.0902 2324 sffp_sd - ok
16:39:33.0938 2324 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:39:34.0034 2324 sfloppy - ok
16:39:34.0091 2324 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
16:39:34.0178 2324 SharedAccess - ok
16:39:34.0249 2324 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
16:39:34.0322 2324 ShellHWDetection - ok
16:39:34.0358 2324 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:39:34.0378 2324 SiSRaid2 - ok
16:39:34.0427 2324 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:39:34.0448 2324 SiSRaid4 - ok
16:39:34.0528 2324 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
16:39:34.0621 2324 slsvc - ok
16:39:34.0653 2324 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
16:39:34.0716 2324 SLUINotify - ok
16:39:34.0771 2324 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:39:34.0810 2324 Smb - ok
16:39:34.0882 2324 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
16:39:34.0928 2324 SNMPTRAP - ok
16:39:34.0961 2324 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:39:34.0976 2324 spldr - ok
16:39:35.0004 2324 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
16:39:35.0081 2324 Spooler - ok
16:39:35.0157 2324 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
16:39:35.0158 2324 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
16:39:35.0159 2324 sptd ( LockedFile.Multi.Generic ) - warning
16:39:35.0160 2324 sptd - detected LockedFile.Multi.Generic (1)
16:39:35.0225 2324 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:39:35.0252 2324 srv - ok
16:39:35.0292 2324 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:39:35.0311 2324 srv2 - ok
16:39:35.0325 2324 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:39:35.0370 2324 srvnet - ok
16:39:35.0411 2324 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
16:39:35.0487 2324 SSDPSRV - ok
16:39:35.0564 2324 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
16:39:35.0612 2324 SstpSvc - ok
16:39:35.0682 2324 STacSV (dc4a7a067508470838d2d2336bfeb1e1) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe
16:39:35.0708 2324 STacSV - ok
16:39:35.0747 2324 Steam Client Service - ok
16:39:35.0814 2324 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:39:35.0834 2324 Stereo Service - ok
16:39:35.0921 2324 STHDA (6299f206f17e34ead0ef63dad8cd4272) C:\Windows\system32\DRIVERS\stwrt64.sys
16:39:35.0983 2324 STHDA - ok
16:39:36.0055 2324 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
16:39:36.0087 2324 stisvc - ok
16:39:36.0151 2324 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:39:36.0171 2324 stllssvr - ok
16:39:36.0228 2324 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:39:36.0245 2324 swenum - ok
16:39:36.0285 2324 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
16:39:36.0328 2324 swprv - ok
16:39:36.0344 2324 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:39:36.0364 2324 Symc8xx - ok
16:39:36.0381 2324 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:39:36.0399 2324 Sym_hi - ok
16:39:36.0410 2324 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:39:36.0430 2324 Sym_u3 - ok
16:39:36.0474 2324 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
16:39:36.0552 2324 SysMain - ok
16:39:36.0615 2324 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
16:39:36.0678 2324 TabletInputService - ok
16:39:36.0723 2324 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
16:39:36.0791 2324 TapiSrv - ok
16:39:36.0834 2324 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
16:39:36.0879 2324 TBS - ok
16:39:36.0940 2324 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
16:39:37.0006 2324 Tcpip - ok
16:39:37.0063 2324 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
16:39:37.0111 2324 Tcpip6 - ok
16:39:37.0134 2324 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:39:37.0209 2324 tcpipreg - ok
16:39:37.0235 2324 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:39:37.0281 2324 TDPIPE - ok
16:39:37.0300 2324 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:39:37.0370 2324 TDTCP - ok
16:39:37.0415 2324 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:39:37.0470 2324 tdx - ok
16:39:37.0551 2324 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:39:37.0566 2324 TermDD - ok
16:39:37.0612 2324 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
16:39:37.0706 2324 TermService - ok
16:39:37.0772 2324 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
16:39:37.0789 2324 Themes - ok
16:39:37.0838 2324 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:39:37.0872 2324 THREADORDER - ok
16:39:37.0927 2324 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
16:39:37.0991 2324 TrkWks - ok
16:39:38.0047 2324 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
16:39:38.0098 2324 TrustedInstaller - ok
16:39:38.0152 2324 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:39:38.0220 2324 tssecsrv - ok
16:39:38.0253 2324 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:39:38.0298 2324 tunmp - ok
16:39:38.0378 2324 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:39:38.0419 2324 tunnel - ok
16:39:38.0450 2324 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:39:38.0464 2324 uagp35 - ok
16:39:38.0499 2324 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:39:38.0564 2324 udfs - ok
16:39:38.0604 2324 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
16:39:38.0677 2324 UI0Detect - ok
16:39:38.0717 2324 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:39:38.0732 2324 uliagpkx - ok
16:39:38.0788 2324 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:39:38.0808 2324 uliahci - ok
16:39:38.0844 2324 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:39:38.0860 2324 UlSata - ok
16:39:38.0874 2324 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:39:38.0889 2324 ulsata2 - ok
16:39:38.0908 2324 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:39:38.0956 2324 umbus - ok
16:39:38.0985 2324 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
16:39:39.0032 2324 UMPass - ok
16:39:39.0064 2324 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
16:39:39.0152 2324 upnphost - ok
16:39:39.0247 2324 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:39:39.0327 2324 USBAAPL64 - ok
16:39:39.0378 2324 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:39:39.0439 2324 usbaudio - ok
16:39:39.0501 2324 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:39:39.0564 2324 usbccgp - ok
16:39:39.0662 2324 USBCCID (f8e1cb9b8da037219953190cd2aca358) C:\Windows\system32\DRIVERS\usbccid.sys
16:39:39.0719 2324 USBCCID - ok
16:39:39.0762 2324 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:39:39.0864 2324 usbcir - ok
16:39:39.0911 2324 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:39:39.0970 2324 usbehci - ok
16:39:40.0008 2324 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:39:40.0073 2324 usbhub - ok
16:39:40.0136 2324 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
16:39:40.0201 2324 usbohci - ok
16:39:40.0234 2324 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:39:40.0281 2324 usbprint - ok
16:39:40.0318 2324 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:39:40.0381 2324 usbscan - ok
16:39:40.0430 2324 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:39:40.0469 2324 USBSTOR - ok
16:39:40.0509 2324 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:39:40.0546 2324 usbuhci - ok
16:39:40.0615 2324 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
16:39:40.0666 2324 usbvideo - ok
16:39:40.0732 2324 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
16:39:40.0790 2324 usb_rndisx - ok
16:39:40.0837 2324 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
16:39:40.0876 2324 UxSms - ok
16:39:40.0913 2324 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
16:39:40.0978 2324 vds - ok
16:39:41.0054 2324 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:39:41.0129 2324 vga - ok
16:39:41.0167 2324 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:39:41.0242 2324 VgaSave - ok
16:39:41.0278 2324 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:39:41.0295 2324 viaide - ok
16:39:41.0334 2324 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:39:41.0350 2324 volmgr - ok
16:39:41.0395 2324 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:39:41.0421 2324 volmgrx - ok
16:39:41.0453 2324 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:39:41.0474 2324 volsnap - ok
16:39:41.0539 2324 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:39:41.0562 2324 vsmraid - ok
16:39:41.0623 2324 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
16:39:41.0718 2324 VSS - ok
16:39:41.0754 2324 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
16:39:41.0818 2324 W32Time - ok
16:39:41.0844 2324 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:39:41.0894 2324 WacomPen - ok
16:39:41.0927 2324 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:39:41.0981 2324 Wanarp - ok
16:39:41.0984 2324 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:39:42.0006 2324 Wanarpv6 - ok
16:39:42.0721 2324 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
16:39:42.0791 2324 wcncsvc - ok
16:39:42.0874 2324 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
16:39:42.0933 2324 WcsPlugInService - ok
16:39:43.0096 2324 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:39:43.0114 2324 Wd - ok
16:39:43.0147 2324 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:39:43.0185 2324 Wdf01000 - ok
16:39:43.0202 2324 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:39:43.0248 2324 WdiServiceHost - ok
16:39:43.0252 2324 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:39:43.0298 2324 WdiSystemHost - ok
16:39:43.0366 2324 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
16:39:43.0408 2324 WebClient - ok
16:39:43.0453 2324 Wecsvc (bd9a749f36710ffa02e0e530f7451936) C:\Windows\system32\wecsvc.dll
16:39:43.0486 2324 Wecsvc - ok
16:39:43.0500 2324 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
16:39:43.0525 2324 wercplsupport - ok
16:39:43.0535 2324 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
16:39:43.0586 2324 WerSvc - ok
16:39:43.0590 2324 WinHttpAutoProxySvc - ok
16:39:43.0654 2324 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
16:39:43.0712 2324 Winmgmt - ok
16:39:43.0817 2324 WinRM (42717db2be3a075d0f0cd5c927c27a43) C:\Windows\system32\WsmSvc.dll
16:39:43.0911 2324 WinRM - ok
16:39:43.0974 2324 WinUsb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.SYS
16:39:44.0032 2324 WinUsb - ok
16:39:44.0089 2324 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
16:39:44.0138 2324 Wlansvc - ok
16:39:44.0196 2324 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
16:39:44.0253 2324 WmiAcpi - ok
16:39:44.0318 2324 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
16:39:44.0353 2324 wmiApSrv - ok
16:39:44.0399 2324 WMPNetworkSvc - ok
16:39:44.0425 2324 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
16:39:44.0501 2324 WPCSvc - ok
16:39:44.0543 2324 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
16:39:44.0624 2324 WPDBusEnum - ok
16:39:44.0667 2324 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
16:39:44.0729 2324 WpdUsb - ok
16:39:44.0775 2324 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:39:44.0847 2324 ws2ifsl - ok
16:39:44.0854 2324 WSearch - ok
16:39:44.0941 2324 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
16:39:45.0027 2324 wuauserv - ok
16:39:45.0077 2324 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:39:45.0126 2324 WUDFRd - ok
16:39:45.0167 2324 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
16:39:45.0199 2324 wudfsvc - ok
16:39:45.0235 2324 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
16:39:45.0249 2324 xusb21 - ok
16:39:45.0288 2324 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:39:45.0415 2324 \Device\Harddisk0\DR0 - ok
16:39:45.0419 2324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR6
16:39:47.0749 2324 \Device\Harddisk5\DR6 - ok
16:39:47.0760 2324 Boot (0x1200) (5d835d8f3646c6ea92ae9fc6e363fa92) \Device\Harddisk0\DR0\Partition0
16:39:47.0761 2324 \Device\Harddisk0\DR0\Partition0 - ok
16:39:47.0764 2324 Boot (0x1200) (0e481f7ff19595aa741b0e56b0c77082) \Device\Harddisk0\DR0\Partition1
16:39:47.0765 2324 \Device\Harddisk0\DR0\Partition1 - ok
16:39:47.0768 2324 Boot (0x1200) (8fd25176d4e5ebb4b84e0756f397bbd4) \Device\Harddisk5\DR6\Partition0
16:39:47.0770 2324 \Device\Harddisk5\DR6\Partition0 - ok
16:39:47.0770 2324 ============================================================
16:39:47.0770 2324 Scan finished
16:39:47.0770 2324 ============================================================
16:39:47.0780 4752 Detected object count: 5
16:39:47.0780 4752 Actual detected object count: 5
16:40:42.0132 4752 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
16:40:42.0132 4752 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:40:42.0134 4752 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:40:42.0134 4752 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:40:42.0135 4752 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:40:42.0135 4752 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:40:42.0137 4752 nv ( UnsignedFile.Multi.Generic ) - skipped by user
16:40:42.0137 4752 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:40:42.0138 4752 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:40:42.0138 4752 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:40:49.0511 3564 Deinitialize success

Farbar Service Scanner Version: 01-03-2012
Ran by Eros (administrator) on 27-03-2012 at 16:43:50
Running from "C:\Users\Eros\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-11 17:40] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-14 23:17] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2011-04-13 15:56] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-11 17:41] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-11 17:40] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2009-09-11 17:41] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-11 17:40] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-11 17:40] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll
[2009-10-28 17:14] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2009-09-11 17:41] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-11 17:41] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2009-09-11 17:40] - [2009-04-11 02:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-11 17:41] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

#11 paragon81

Member

Members
70 posts

Posted 27 March 2012 - 04:52 PM

Above I posted the TDSS and FSS reports. The computer seems to be running fine although avira locked up when i stopped the original scan and has remained unresponsive. I will prob restart after all the scans are complete.

ok.... OTL had an error that is as follows : There is no disk in the drive. Please insert a disk into drive \Device\Harddisk1\DRI

#12 paragon81

Member

Members
70 posts

Posted 27 March 2012 - 05:24 PM

I tryed the try again option to no avail and it took three times but the continue option allowed for the scan to continue.

Here is OTLtxt

OTL logfile created on: 3/27/2012 4:48:09 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Eros\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.14 Gb Available Physical Memory | 64.74% Memory free
16.02 Gb Paging File | 13.40 Gb Available in Paging File | 83.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 156.98 Gb Free Space | 34.83% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.15 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
Drive L: | 14.81 Gb Total Space | 14.72 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

Computer Name: PARAGON | User Name: Eros | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/27 16:43:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Eros\Downloads\OTL.exe
PRC - [2012/02/18 18:55:31 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:54 | 000,492,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/06 20:56:06 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/09/13 08:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/04/11 01:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/08/23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files (x86)\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/02/13 13:51:18 | 000,014,640 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/02 18:49:12 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/18 18:55:31 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/08/23 16:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files (x86)\XPSMiniViewGadget\XPSMiniViewGadget.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2009/06/03 16:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/09/17 05:24:58 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/07/24 06:49:06 | 000,881,664 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (transactional)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/27 18:22:57 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/06 20:56:06 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/09/21 17:16:45 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/06 19:02:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/14 11:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 11:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 11:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/31 08:57:31 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/01/31 08:57:30 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/09/16 16:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/09 18:24:14 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/06/13 09:02:15 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/26 19:44:15 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/04/11 00:34:05 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccid.sys -- (USBCCID)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/10/31 02:00:24 | 000,085,936 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2008/09/25 04:42:16 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/09/25 04:42:10 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/09/25 04:42:10 | 000,087,856 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/09/17 05:25:04 | 000,457,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/16 01:40:58 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/09/16 01:30:26 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/24 06:49:08 | 004,310,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008/07/24 06:49:08 | 004,310,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/04/08 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/03/25 11:37:50 | 000,166,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Ufd.sys -- (OA002Ufd)
DRV:64bit: - [2008/03/25 09:00:02 | 000,304,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Vid.sys -- (OA002Vid)
DRV:64bit: - [2008/01/20 21:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/08 12:53:00 | 009,527,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nv4_mini.sys -- (nv)
DRV:64bit: - [2007/06/08 09:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\OA002Afx.sys -- (OA002Afx)
DRV:64bit: - [2007/02/05 17:36:48 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2005/01/03 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3081210
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.us.army.mil/
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {6b6601f1-361e-4b9f-bb6d-f8305000e4f6}:0.9.20.05
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Eros\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 09:33:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/11 17:20:33 | 000,000,000 | ---D | M]

[2008/12/31 23:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eros\AppData\Roaming\Mozilla\Extensions
[2012/03/22 09:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions
[2012/03/22 09:32:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/22 09:32:11 | 000,000,000 | ---D | M] (googlebar) -- C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\searchplugins\MySpace.xml
[2011/12/08 21:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/18 18:55:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/04 23:40:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/04 23:40:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\SysNative\HCIMNTR.DLL (Logitech Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000..\Run: [Facebook Update] C:\Users\Eros\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Eros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7EC9A6-14B6-4309-AA7D-889B8F1DB5D6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E1EDDD2-DA93-4590-9684-66BB27A2EDDA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Eros\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Eros\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: Bluetooth HCI Monitor - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: EPSON NX410 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFCA.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: masqform.exe - hkey= - key= - C:\Program Files (x86)\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
MsConfig:64bit - StartUpReg: MSWUpdate - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SightSpeed - hkey= - key= - C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9212D8B4-C3CF-43E1-A1FF-8EEA311633DC} - PureEdge Viewer
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

NetSvcs:64bit: transactional - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/03/27 16:37:20 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Eros\Desktop\TDSSKiller.exe
[2012/03/25 22:41:01 | 000,000,000 | ---D | C] -- C:\Temp
[2012/03/25 14:41:20 | 000,000,000 | ---D | C] -- C:\FRST
[2012/03/25 10:04:50 | 004,443,082 | ---- | C] (Swearware) -- C:\Users\Eros\Desktop\ComboFix.exe
[2012/03/24 23:24:50 | 000,000,000 | ---D | C] -- C:\Users\Eros\AppData\Roaming\Avira
[2012/03/24 22:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/03/24 22:56:01 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/03/24 22:56:01 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/03/24 22:56:01 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/03/24 22:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/03/24 22:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/03/24 19:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012/03/24 19:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2012/03/24 15:20:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/24 09:57:07 | 000,000,000 | ---D | C] -- C:\Users\Eros\{d13d7e28-36fa-4bc4-b7e6-7fdc76617f55}
[2012/03/24 09:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/03/24 09:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola
[2012/03/24 09:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/03/24 09:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012/03/22 20:54:39 | 000,000,000 | ---D | C] -- C:\Users\Eros\AppData\Roaming\Malwarebytes
[2012/03/22 20:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/22 20:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/22 20:54:34 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/22 20:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/21 20:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware(40)
[2012/03/21 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PatchBeam
[2012/03/21 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerArchiver(78)
[2012/03/21 19:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerArchiver(130)
[2012/03/20 20:03:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/03/20 19:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/20 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/03/20 19:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/20 19:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/03/20 19:08:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/20 19:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/13 18:55:09 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012/03/13 18:55:09 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012/03/11 14:13:43 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/03/02 18:49:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/02/29 17:30:13 | 000,000,000 | ---D | C] -- C:\Users\Eros\Desktop\1099 and w2 for mandy

========== Files - Modified Within 30 Days ==========

[2012/03/27 16:38:22 | 004,556,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/27 16:38:22 | 001,484,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/27 16:38:22 | 000,006,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/27 16:05:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/27 15:32:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 15:32:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 14:37:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/03/27 14:09:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2197349822-3307547253-2433129536-1000UA.job
[2012/03/26 23:09:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2197349822-3307547253-2433129536-1000Core.job
[2012/03/26 23:05:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/26 17:35:34 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A29B295-8A51-411A-BC60-9A442E201868}.job
[2012/03/26 17:33:03 | 002,347,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/26 17:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/26 17:32:15 | 4225,667,071 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Eros\Desktop\TDSSKiller.exe
[2012/03/25 10:09:27 | 000,003,499 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/25 10:04:52 | 004,443,082 | ---- | M] (Swearware) -- C:\Users\Eros\Desktop\ComboFix.exe
[2012/03/24 22:56:10 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/03/24 22:40:52 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/03/24 14:28:52 | 000,000,732 | ---- | M] () -- C:\Users\Eros\AppData\Local\d3d9caps64.dat
[2012/03/24 09:50:27 | 000,012,017 | ---- | M] () -- C:\Users\Eros\Desktop\MAIL.mp3
[2012/03/22 20:54:35 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/11 14:57:51 | 000,117,760 | ---- | M] () -- C:\Users\Eros\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 18:49:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/03/24 22:56:10 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/03/24 22:40:52 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/03/24 18:28:20 | 4225,667,071 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/24 09:50:27 | 000,012,017 | ---- | C] () -- C:\Users\Eros\Desktop\MAIL.mp3
[2012/03/22 20:54:35 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/17 12:00:27 | 000,000,680 | ---- | C] () -- C:\Users\Eros\AppData\Local\d3d9caps.dat
[2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/12 11:20:33 | 000,012,098 | -HS- | C] () -- C:\Users\Eros\AppData\Local\80b8pg205i3703f7k01v8p6t64t7nml47ly
[2011/06/12 11:20:33 | 000,012,098 | -HS- | C] () -- C:\ProgramData\80b8pg205i3703f7k01v8p6t64t7nml47ly
[2011/04/21 21:51:19 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/13 13:17:12 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/04/13 13:17:12 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/04/13 13:17:12 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/04/13 13:17:12 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/04/13 13:17:12 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/04/13 13:17:12 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/04/13 13:17:12 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/04/13 13:17:12 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/04/13 13:17:12 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/04/13 13:17:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/04/13 13:17:12 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/04/13 13:17:12 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/04/13 13:17:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/04/13 13:17:12 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/04/13 13:17:12 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/04/13 13:17:12 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/08/02 21:58:09 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2012/01/03 09:21:38 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=022ED7EB19DFECF39C106E0F9CF2BB19 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22770_none_362b4e6b2d472f6a\afd.sys
[2011/04/21 09:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2009/04/11 00:44:24 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2011/04/21 08:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011/04/21 08:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011/04/21 08:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
[2012/01/03 09:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\SysNative\drivers\afd.sys
[2012/01/03 09:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\system64\drivers\afd.sys
[2012/01/03 09:25:21 | 000,404,992 | ---- | M] (Microsoft Corporation) MD5=C4F6CE6087760AD70960C9EB130E7943 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18564_none_35b080ce141ddbe4\afd.sys
[2008/01/20 21:48:18 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=DB37041AB857ABC7E179E856D8E1582C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_1d87dda2\atapi.sys
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2008/12/10 01:04:01 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2006/11/02 07:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_f8cccc79\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_b6d20d6f\atapi.sys
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2008/12/10 01:04:01 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys
[2008/12/10 01:04:01 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\system64\drivers\atapi.sys
[2008/12/10 01:04:01 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_2e70e17b\atapi.sys
[2008/12/10 01:04:01 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: TDX.SYS >
[2009/04/11 00:43:00 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=458919C8C42E398DC4802178D5FFEE27 -- C:\Windows\SysNative\drivers\tdx.sys
[2009/04/11 00:43:00 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=458919C8C42E398DC4802178D5FFEE27 -- C:\Windows\system64\drivers\tdx.sys
[2009/04/11 00:43:00 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=458919C8C42E398DC4802178D5FFEE27 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_4847dcdb9194e539\tdx.sys
[2008/01/20 21:49:53 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=8C39C72E0E853DE04748C0337D9B9216 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_465c63cf947319ed\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2009/04/11 02:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/04/11 02:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\system64\drivers\volsnap.sys
[2009/04/11 02:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_d5525b4d\volsnap.sys
[2009/04/11 02:15:45 | 000,269,288 | ---- | M] (Microsoft Corporation) MD5=5280AADA24AB36B01A84A6424C475C8D -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_73c0cc10b194374f\volsnap.sys
[2006/11/02 06:51:39 | 000,247,912 | ---- | M] (Microsoft Corporation) MD5=D4674E125878F77EED0D87E6C46889AA -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_c52a9a32\volsnap.sys
[2008/01/20 21:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_47e59f7b\volsnap.sys
[2008/01/20 21:47:03 | 000,271,416 | ---- | M] (Microsoft Corporation) MD5=DE4307412D98050239026E56A7DFF3C0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_71d55304b4726c03\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 21:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008/01/20 21:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008/01/20 21:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008/01/20 21:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\system64\wininit.exe
[2008/01/20 21:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\system64\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/18 18:55:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/18 18:55:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/18 18:55:29 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/18 18:55:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/18 18:55:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/18 18:55:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2008/01/20 21:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2008/01/20 21:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2008/01/20 21:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %ProgramFiles(x86)%\Internet Explorer\iexplore.exe [2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2008/01/20 21:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2008/01/20 21:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2008/01/20 21:48:18 | 000,084,992 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: %PROGRAMFILES(X86)%\INTERNET EXPLORER\IEXPLORE.EXE [2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

and extras

OTL Extras logfile created on: 3/27/2012 4:48:09 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Eros\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.14 Gb Available Physical Memory | 64.74% Memory free
16.02 Gb Paging File | 13.40 Gb Available in Paging File | 83.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 156.98 Gb Free Space | 34.83% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.15 Gb Free Space | 54.31% Space Free | Partition Type: NTFS
Drive L: | 14.81 Gb Total Space | 14.72 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

Computer Name: PARAGON | User Name: Eros | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2197349822-3307547253-2433129536-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4D C3 FA A2 9D 86 CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C94414-CC39-401B-9B4B-740825349DA1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{06831158-DCF8-4CE6-B57C-21010AB15115}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{079FFFA0-AB79-4036-84FF-36839A78BAD0}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1227C596-846A-458B-8CBC-5FF2D53E98FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17C33FFD-8FEC-4A83-AFBA-D4D21ABE0B2A}" = lport=3390 | protocol=6 | dir=in | app=system |
"{19EA891E-C2AB-4900-90A9-F4D164B2336F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1D845782-9E66-449C-A102-1FF6F046F2AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{203F374E-E2D8-4457-9EFB-CEE571D3BBC8}" = rport=10244 | protocol=6 | dir=out | app=system |
"{2A983E46-33E0-491A-894D-CC9CB850827C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A988906-98F1-4DCE-826B-98A69230BF7A}" = lport=139 | protocol=6 | dir=in | app=system |
"{36B1F6AB-95DE-46DC-9E46-E8F3F18EDBB9}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{4FF5FDB3-F292-49C6-8E47-D3813B357302}" = lport=138 | protocol=17 | dir=in | app=system |
"{57FDAFE0-327A-41F3-8224-0DBE0B347BF6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59C51D67-9BA3-4467-A79D-EDE69E36B603}" = rport=139 | protocol=6 | dir=out | app=system |
"{5FE48BB2-44A4-4818-BFBF-09B504B966A7}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6322B60D-8939-43B6-8C93-F64554F20795}" = lport=137 | protocol=17 | dir=in | app=system |
"{63536EFF-808B-418A-BF92-4D66FD7C39BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64F66293-1A72-4AAB-BEF7-AC8BB51927AF}" = rport=137 | protocol=17 | dir=out | app=system |
"{6A28989B-FE56-4BC7-B496-4E20615B33AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E748D18-F0B3-4F41-B70A-1908A7D5BD90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73B7735A-60DD-46BE-A144-F9C527597828}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{931E1F2F-8802-4CF0-A3D1-62079106224C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93E29693-47B2-4047-A778-47C301593F08}" = rport=10244 | protocol=6 | dir=out | app=system |
"{998B2055-D83E-4EFF-A757-F1C27C75CA09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AC2CAA1-1A0C-4448-BD52-EA01567602AA}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{9AEBEB46-91F4-4037-96D5-F6EC838596D8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB6A7CD9-5EE4-416F-B074-2A6A8D5FC3B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{AC7F09D9-F7A8-4FAC-85CE-8C27286BF310}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE479689-68D5-4908-A3A2-6D6F3A3AE240}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFE4B7C8-F93C-4685-8CA4-FE037E0FF0D0}" = lport=445 | protocol=6 | dir=in | app=system |
"{B274EF1A-DD41-4BEB-B935-61C4148B1456}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B4A3EE08-A91E-4616-B5F4-5F40D57A51CF}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB121946-276C-49FA-804E-1FD3D2803DA3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BCFFFDB1-A5B8-47E3-8F7B-300056118FBA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C092FA5B-3633-4087-B7D6-E9940CB32FD2}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{C539F813-21DD-49B1-8086-1FC0FEEF4781}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C7454B0B-95BF-4B20-A322-A366F937E9C8}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CCA58B75-EC13-4F8F-87B0-44CD1FC5A03D}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{D11433C2-12EA-4C2F-807D-E1A98AB3A48E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA7B7D30-3405-4D6E-9D5F-678FC4168B20}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DC6BD51F-F0AC-44AC-B5C8-FB57CD44DB99}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E434F802-DDFA-4C7A-AA34-03A63F952F9A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E75137CE-FC56-48C3-A181-1C23ED1F2EC4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC01AF31-2F11-4949-A399-3D0C32EEA481}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD1F4666-B330-4E7E-9B2A-5C9541D1F20E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FFB06564-E080-42E4-AC44-2B5504FFCAED}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0036A47B-E72B-4CB6-B27F-550CCB5B55F5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\launcher.exe |
"{0046B304-9FE2-4920-9EEC-2E495206706E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{02FD494C-EBAB-4428-8945-8F56A74AF077}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{05CD506A-5A7E-4923-A424-419C33DD8C53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0682319B-0798-41A4-9C03-0663EAA1C729}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{09847FC2-CA0A-4970-B7ED-18BDA92E7224}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{0F172AF9-C1E1-4C37-83BC-1C07701C93C9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{10BD996C-56DB-438D-BC6B-63DFB3DEBC53}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{161F2AAD-D2D4-4036-9B31-0B77A37D7CAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1901FA1B-A67A-4B76-80F1-674D87B24FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{190A891C-AE1C-427D-9513-EFD539E848D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{19B1EF23-FEE6-44AF-AF24-03CD8B56E860}" = protocol=6 | dir=in | app=c:\users\eros\appdata\roaming\dropbox\bin\dropbox.exe |
"{1DA501C2-14F8-4C1A-8697-628B6495F5E8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{1DD74ABD-70F3-4576-AFF7-7E903D7BF632}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1ED4615B-2952-4D09-B233-9864913C4E41}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{213ACEAA-68E0-4533-A19C-814BC5678C32}" = dir=in | app=c:\users\eros\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{22C151A3-AEC5-4668-A1E9-90D249BE6941}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{26FCDAFD-7612-45F4-ADA3-A53BBD1D4295}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{286F0248-67DB-45C1-BEBD-F965B141E5D1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{299374AE-C80D-415F-84A9-1ED5DFA0CFD8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{2BC20888-B137-41FE-9E7A-E902AD750017}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2EE72CC3-B966-4E4F-93FC-3E7AAACA681E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2EEC575B-7EF8-4EC3-B5CD-318D932C90E0}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{2FAD1FE7-30F0-40E8-BCF2-4114193CCFEF}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{310C724D-127C-48E9-9598-DF3A1FBD2883}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{3187C32E-74D7-45DD-9849-F98868F6F7B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{31C520E9-37BA-49AF-91FC-1F84A1563526}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{32B5D349-E1E0-442C-8270-84C9073B6F41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{3C368C8C-73E5-49E3-8BBB-FEEB135496AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{3C549649-2C27-4E30-9098-4D131F0954B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{3EED6C40-8567-4C97-8652-E74A04914E58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{41530887-D1B9-491E-AEBF-0B88832F7764}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{417AD3C4-2774-4B8B-BE16-C232E8B5C227}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{42D90251-FC4E-42A4-BF89-2442735A7AFA}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{43DBC1D4-21E3-4FE1-9067-079057E43873}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{470C3E2F-117F-4EF1-A43F-F8AF23B2534C}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{4A6C5A7F-5BBC-4894-AFF8-015E67C23C26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{4B89A45A-039D-4F4A-93FE-183BAAD2BF01}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{51164390-1B3B-4C5A-A3D1-2909D971F478}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. free week end\ruse.exe |
"{52D15F8C-8090-4D4A-9821-B84428E36FBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{5527E6A8-ECC4-49C7-A78F-DCF03250B0A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5B08B28F-7154-4F03-AA61-0ED6C8831560}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5B88DEEE-0A89-43A1-8B0A-71BF61CCC073}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\prince of persia.exe |
"{5C79F6F1-1769-4F62-898E-C1E41B6CAA3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{5D24E40B-A555-4B3E-8B22-E125DCFEFEDB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{61EACD9C-1159-4FE6-8BCC-72CE1443470E}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{6435C0FF-B37E-4F79-A074-011F6446C85D}" = protocol=6 | dir=in | app=c:\program files\gas powered games\demigod\bin\demigod.exe |
"{655BC309-FA12-4EE9-A0BF-ABE86A590FE7}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe |
"{663A3A78-A7B2-4315-9A96-CFA5100C3EF3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{66CCF412-5794-460E-A2BF-5848A19C1DC6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6809CC29-1EB4-407B-A610-1EED9E9D953E}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{6D732E19-DA9D-4928-A26E-90838C6C4767}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{701B8623-2673-44DF-A384-53F12CE2DB9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{766E3B69-DE75-4292-A507-95AD519DCA7A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7CCF9520-984A-4BB2-AC2C-BDA9258884D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{7E874B1C-CE22-46A3-AB8B-9BDA92D1EF73}" = protocol=6 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymedia.exe |
"{7EC3839B-DF6D-4D1E-A871-14B07EF3929E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F46CFF1-4F8E-460D-8F69-5C7AE96026BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7F64E5F4-788E-4FC7-B1B0-27C02CFADCDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{80115821-1638-49D8-90B0-E30491DD9835}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{811DD1D7-43F0-4923-BDB6-C2999B90B9BD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{83229655-D0D9-4064-9A4F-AA3B0A969487}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84A1B624-A86E-48C1-843F-5FF25F3FF6D9}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{8BB11018-305A-44F9-AEAE-91B20B2D5E1B}" = protocol=17 | dir=in | app=c:\users\eros\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8EB99EAF-45CA-4F67-9315-C85125A03C60}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwawmp.exe |
"{90DE494D-F3A5-42D0-AE59-813A17C7D3AA}" = dir=in | app=c:\program files (x86)\myspace\im\myspaceim.exe |
"{91804733-0C2B-40ED-8CB0-8D7C5436413E}" = protocol=17 | dir=in | app=c:\program files\gas powered games\demigod\bin\demigod.exe |
"{928AC730-43B4-4014-9920-6D8FC97C1FDD}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\spider-man - web of shadows\image\pc\spider-man web of shadows.exe |
"{9373CADA-04A8-45D4-990E-53C502709967}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{97CB104F-CC46-4F38-B880-CE9F091E1F02}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{9F67140E-6033-4D7E-94FA-7C6F4C5856F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0287F91-17E4-4F9D-9F10-1F760FB1A8DD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A3729286-62FD-45BF-AC93-2C912217B27B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3DAEDE9-F684-4E2E-9877-F98F5C5BC616}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4E0775A-1663-4A97-8A6C-869D609C2B08}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |
"{A79268D6-C931-4EFA-8AC6-477657AEE5A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA860E65-9B36-4633-8BC3-39D74C94357E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{B3E7FEDD-7FD2-4012-9B1C-AD46BCC7C8DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4C23274-BCA2-4529-ACE7-E1F32943FAA6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B51E73D2-51BC-4440-B91D-87D65B3223B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7014A11-954A-475F-8180-D52EC525D7B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B80EAA74-699B-4CDA-92DF-779AC962D1A0}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed™ hot pursuit\launcher.exe |
"{B8524DA8-DCF0-4463-8A37-4197ABCF824B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B8E27CE1-67AC-469A-80B7-644F2C31C914}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{BAC30EF0-9FAF-4102-B5C9-6DAF7A2BC30F}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{BD586975-87CE-40F7-8E09-9E3E24FCA859}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BE44A63B-8D37-450B-946A-12DBEAC88F34}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEB1626D-0F0A-4B2D-9919-91F392F86F27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF9FE99E-C339-4C11-82F7-27E6F1D5A09C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2AC6D19-8E6A-4791-B53E-A1AD366EFEDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C4B7081F-26D7-4A89-946F-27B080F3895A}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{C5818BE6-512F-4EF4-9854-B8BA2300DB71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{C6305C86-12BC-4052-B342-261EBE338230}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C69A373B-B3F8-4B61-81B0-9E4F389F796A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{C872BA05-9B65-4ADD-93F3-2824F51979E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C8D64FA1-99CB-43CE-B0B8-202A486EAF6E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CB0F58D3-13FE-4C44-97EB-96500EF57098}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\assassins creed brotherhood\acbsp.exe |
"{CE066B9E-A57C-46FE-9492-1DE6A0EB733C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE663039-163F-4ABC-9C6D-8A8CB39673FA}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{CFA67F16-4F51-46B0-A310-A01A3DD54A83}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0483044-CE2B-4276-A088-5560C4309069}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{D0879A97-15A1-4F8F-9257-93615AACAF7A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D28B278F-F3E0-41E2-9175-62C84BB11B56}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D3ED82A3-684A-4E17-9B85-DEC4DCF1328F}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{D4392FD1-30F0-4F2D-B2ED-D556538318EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{D550525F-0687-4AC8-909B-AD77952EEDA4}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymediaserver.exe |
"{D64FB2DE-0FC0-463A-B8DE-05BF38A54572}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D65D2AD6-D6FF-4D3E-AA4B-7168D81AAED8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DC483A77-FE39-4A69-92BF-AE6A24FC081F}" = protocol=6 | dir=in | app=c:\users\eros\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DC513CA9-E4FD-4FF7-A900-4D43727C9D82}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DCE1426E-2035-4010-BBC0-6D5BCE26BB46}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\prototype\prototypef.exe |
"{DD58D9AA-50C8-49A9-AF67-346DCF9C6716}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF4D9DD4-A94A-4CE2-BE23-3B1EB65EF18F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E167E81A-3ABA-4B1D-B84D-D04EFDDD8BDC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E1833163-7039-4706-AAD9-928DD0005EB3}" = protocol=17 | dir=in | app=c:\users\eros\appdata\roaming\dropbox\bin\dropbox.exe |
"{E2BADBE5-47D8-48AA-9780-0713158F1CF6}" = protocol=6 | dir=out | app=system |
"{E488DB3B-A945-4FDC-944E-AECE84C48F81}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{E4ACF676-AD01-40D7-9B56-4C6BCEFC1699}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5423445-6B38-45CE-86DC-05684657F199}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - world at war\codwaw.exe |
"{E6DEADDF-468F-4A10-82F9-852CBDA7D60C}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{EDA76C11-B85B-49D2-9E3C-080A1F343D06}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\spider-man - web of shadows\image\pc\spider-man web of shadows.exe |
"{F3FB8926-AA9D-40F9-BF01-4132969B2883}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |
"{F66191F0-5D3E-48A5-B509-66420D49BD76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{F6BD63D6-257A-4E27-AAE9-155995A31F5A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |
"{F7B22FDB-8DB4-4CC3-B596-29D78C0EC8A0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{FAA18871-D03B-4A29-AAE8-FF418B6A4B02}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FCE13C34-6893-4AB8-91F1-30BD8A2E096E}" = protocol=17 | dir=in | app=c:\program files (x86)\twonkymedia\twonkymedia.exe |
"{FE1A1277-8C54-4968-AE38-EADC217A2BCC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e. free week end\ruse.exe |
"{FF05E8FD-6EDE-4476-A68F-0DC26E6B3871}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\prince of persia\prince of persia.exe |
"TCP Query User{11AB6184-650A-4532-B945-085A9EFEF723}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B6FE8709-C7DA-432D-9C8D-F3F670C3A75B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{D6D0FB9D-3527-4B34-A97C-13FB478537CC}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"UDP Query User{8C9010BE-A5A3-4E0E-81F5-A5B32C5B837E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{DCCB9E71-1CD3-4891-9CB3-F76C5EDAE49D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E4004E57-EF73-4246-ABFA-9C98A3987AFF}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{581F6FB0-46E6-42DA-98CC-ABB001386520}" = Motorola Mobile Drivers Installation 5.1.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient CAC x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Creative OA002" = Monitor Webcam Driver (1.00.03.0325)
"Crysis WARHEAD®" = Crysis WARHEAD®
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0BC6B278-0C5E-45D4-8CFF-CE2589610699}" = PowerArchiver 2010
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-LKS1-75B1-CODMW3-18CD6E6334R1}_is1" = Call of Duty Modern Warfare 3 version 1.0
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58192647-B4DD-45E1-9C3C-1614B4A03897}" = 64 bit Windows Card Reader Driver
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{945307A4-5471-46AA-BC26-C0C6BB276EEE}" = LOKI2
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F6E23FB-453A-4AF5-9118-B4D5617B1696}_is1" = Mass Effect 3 version 1.0.5427.1
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2163962-BFD2-4187-8B47-D9B24737DFD7}" = Kort's Spellcraft Calculator
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C735206E-A8D7-2DC8-EADF-744C18174654}" = Acrobat.com
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crysis WARHEAD®" = Crysis WARHEAD®
"DAOCCharplan" = DAOC-Charplan
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"FairUse Wizard 2" = FairUse Wizard 2
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FL Studio 10" = FL Studio 10
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"IL Download Manager" = IL Download Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Switch" = Switch Sound File Converter
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2197349822-3307547253-2433129536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ ActivIdentity Events ]
Error - 4/2/2011 1:06:48 PM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/7/2011 11:29:35 AM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/10/2011 9:03:41 PM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/11/2011 11:16:21 AM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/11/2011 12:01:40 PM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/13/2011 2:26:36 PM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/13/2011 2:37:25 PM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/13/2011 2:43:31 PM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/15/2011 8:58:18 AM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

Error - 12/19/2011 9:24:48 AM | Computer Name = Paragon | Source = ActivClient | ID = 769
Description = No exchange account

[ Application Events ]
Error - 3/25/2012 12:23:38 AM | Computer Name = Paragon | Source = LoadPerf | ID = 3012
Description =

Error - 3/25/2012 12:23:38 AM | Computer Name = Paragon | Source = LoadPerf | ID = 3011
Description =

Error - 3/25/2012 10:08:17 AM | Computer Name = Paragon | Source = VSS | ID = 12289
Description =

Error - 3/25/2012 10:08:34 AM | Computer Name = Paragon | Source = VSS | ID = 12289
Description =

Error - 3/25/2012 10:08:34 AM | Computer Name = Paragon | Source = VSS | ID = 12289
Description =

Error - 3/26/2012 6:38:44 PM | Computer Name = Paragon | Source = LoadPerf | ID = 3012
Description =

Error - 3/26/2012 6:38:45 PM | Computer Name = Paragon | Source = LoadPerf | ID = 3011
Description =

Error - 3/26/2012 8:28:10 PM | Computer Name = Paragon | Source = VSS | ID = 12289
Description =

Error - 3/27/2012 5:38:19 PM | Computer Name = Paragon | Source = LoadPerf | ID = 3012
Description =

Error - 3/27/2012 5:38:19 PM | Computer Name = Paragon | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 12/10/2011 2:10:06 PM | Computer Name = Paragon | Source = Mcx2Dvcs | ID = 401
Description =

Error - 12/10/2011 2:13:52 PM | Computer Name = Paragon | Source = McrMgr | ID = 107
Description =

Error - 12/10/2011 2:15:52 PM | Computer Name = Paragon | Source = McrMgr | ID = 107
Description =

Error - 12/10/2011 2:18:27 PM | Computer Name = Paragon | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 3/26/2012 6:33:33 PM | Computer Name = Paragon | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 6:33:33 PM | Computer Name = Paragon | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2012 6:33:33 PM | Computer Name = Paragon | Source = Service Control Manager | ID = 7003
Description =

Error - 3/26/2012 6:33:33 PM | Computer Name = Paragon | Source = Service Control Manager | ID = 7003
Description =

Error - 3/26/2012 6:33:33 PM | Computer Name = Paragon | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2012 6:33:33 PM | Computer Name = Paragon | Source = Service Control Manager | ID = 7023
Description =

Error - 3/26/2012 6:34:05 PM | Computer Name = Paragon | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80070424'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 3/26/2012 6:35:27 PM | Computer Name = Paragon | Source = Service Control Manager | ID = 7003
Description =

Error - 3/26/2012 6:36:34 PM | Computer Name = Paragon | Source = WMPNetworkSvc | ID = 866293
Description = Service 'WMPNetworkSvc' did not start correctly because QueryService
encountered error '0x80070424'. In Windows Media Player, turn off media sharing,
and then turn it back on.

Error - 3/26/2012 9:52:41 PM | Computer Name = Paragon | Source = PlugPlayManager | ID = 12
Description = The device 'Hitachi HDS722020ALA330' (IDE\DiskHitachi_HDS722020ALA330_________________JKAOA20N\4&276286f9&0&0.2.0)
disappeared from the system without first being prepared for removal.

< End of report >

#13 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 28 March 2012 - 12:51 AM

Hi paragon81!

Thanks for posting those log files for me to review!

It looks like the Farbar Service Scanner log file shows some issues with a few registry keys. The keys are corrupt, so we'll need to fix these later to prevent any issues with the Windows Firewall and Security Center.

Sorry to hear you experienced a bit of a hiccup when attempting to run OTL. I'm glad to hear that you were able to get it to run properly, and provide you with a log file.

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
IE - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O3 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2197349822-3307547253-2433129536-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Eros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
[2011/06/12 11:20:33 | 000,012,098 | -HS- | C] () -- C:\Users\Eros\AppData\Local\80b8pg205i3703f7k01v8p6t64t7nml47ly
[2011/06/12 11:20:33 | 000,012,098 | -HS- | C] () -- C:\ProgramData\80b8pg205i3703f7k01v8p6t64t7nml47ly
@Alternate Data Stream - 85 bytes -> C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM


:Reg

:Files
dir /s /a "C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}" /c
dir /s /a "C:\Users\Eros\{d13d7e28-36fa-4bc4-b7e6-7fdc76617f55}" /c
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[EMPTYFLASH]
[EMPTYJAVA]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

#14 paragon81

Member

Members
70 posts

Posted 28 March 2012 - 09:29 PM

OTL log

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2197349822-3307547253-2433129536-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2197349822-3307547253-2433129536-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-2197349822-3307547253-2433129536-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
C:\Users\Eros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Autorun.exe not found.
C:\Users\Eros\AppData\Local\80b8pg205i3703f7k01v8p6t64t7nml47ly moved successfully.
C:\ProgramData\80b8pg205i3703f7k01v8p6t64t7nml47ly moved successfully.
Unable to delete ADS C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM .
ADS C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}" /c >
Volume in drive C is OS
Volume Serial Number is 5E2B-A046
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
03/22/2012 09:32 AM <DIR> .
03/22/2012 09:32 AM <DIR> ..
03/22/2012 09:32 AM <DIR> chrome
08/02/2010 08:59 PM 817 chrome.manifest
03/22/2012 09:32 AM <DIR> defaults
08/02/2010 08:59 PM 130 install.js
07/22/2011 12:57 PM 3,367 install.rdf
3 File(s) 4,314 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome
03/22/2012 09:32 AM <DIR> .
03/22/2012 09:32 AM <DIR> ..
03/22/2012 09:32 AM <DIR> googlebar
0 File(s) 0 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar
03/22/2012 09:32 AM <DIR> .
03/22/2012 09:32 AM <DIR> ..
03/22/2012 09:32 AM <DIR> content
03/22/2012 09:32 AM <DIR> locale
09/02/2011 04:57 PM <DIR> skin
0 File(s) 0 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar\content
03/22/2012 09:32 AM <DIR> .
03/22/2012 09:32 AM <DIR> ..
08/02/2010 08:59 PM 1,665 contents.rdf
08/02/2010 08:59 PM 36,244 googlebarButtonOverlay.xul
08/02/2010 08:59 PM 16,209 googlebarContextOverlay.xul
08/02/2010 08:59 PM 7,547 googlebarDragAndDrop.js
08/02/2010 08:59 PM 398 googlebarExtrasOverlay.js
08/02/2010 08:59 PM 1,105 googlebarExtrasOverlay.xul
08/02/2010 08:59 PM 12,183 googlebarHighlight.js
08/02/2010 08:59 PM 8,360 googlebarHistory.js
08/02/2010 08:59 PM 19,667 googlebarMail.js
08/02/2010 08:59 PM 16,889 googlebarNavigation.js
07/22/2011 02:42 PM 87,308 googlebarOverlay.js
08/02/2010 08:59 PM 10,462 googlebarOverlay.xul
08/02/2010 08:59 PM 18,241 googlebarPopupOverlay.xul
08/02/2010 08:59 PM 26,085 googlebarPrefDialog.xul
08/02/2010 08:59 PM 3,212 googlebarPrefOverlay.xul
08/02/2010 08:59 PM 23,163 googlebarPrefUtil.js
08/02/2010 08:59 PM 5,515 googlebarSuggest.js
08/02/2010 08:59 PM 26,047 googlebarUtil.js
09/02/2011 04:57 PM <DIR> install
09/02/2011 04:57 PM <DIR> pref
18 File(s) 320,300 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar\content\install
09/02/2011 04:57 PM <DIR> .
09/02/2011 04:57 PM <DIR> ..
08/02/2010 08:59 PM 23,515 freshStart.js
08/02/2010 08:59 PM 1,450 freshStart.xul
08/02/2010 08:59 PM 0 googlebarIsNew
08/02/2010 08:59 PM 12,158 uninstallGoogleBar.js
4 File(s) 37,123 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar\content\pref
09/02/2011 04:57 PM <DIR> .
09/02/2011 04:57 PM <DIR> ..
08/02/2010 08:59 PM 3,324 pref-googlebar1.xul
08/02/2010 08:59 PM 6,421 pref-googlebar2.xul
08/02/2010 08:59 PM 6,782 pref-googlebar3.xul
08/02/2010 08:59 PM 4,891 pref-googlebar4.xul
08/02/2010 08:59 PM 18,192 pref-googlebar5.xul
08/02/2010 08:59 PM 2,975 pref-googlebar6.xul
08/02/2010 08:59 PM 2,428 pref-googlebar7.xul
08/02/2010 08:59 PM 7,279 pref-googlebar8.xul
08/02/2010 08:59 PM 7,732 prefCustomOverlay.xul
08/02/2010 08:59 PM 10,160 prefExpanderOverlay.xul
08/02/2010 08:59 PM 29,633 prefPopupOverlay.xul
11 File(s) 99,817 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar\locale
03/22/2012 09:32 AM <DIR> .
03/22/2012 09:32 AM <DIR> ..
03/22/2012 09:32 AM <DIR> en-US
0 File(s) 0 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar\locale\en-US
03/22/2012 09:32 AM <DIR> .
03/22/2012 09:32 AM <DIR> ..
09/02/2011 04:57 PM <DIR> googlebar
0 File(s) 0 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar\locale\en-US\googlebar
09/02/2011 04:57 PM <DIR> .
09/02/2011 04:57 PM <DIR> ..
08/02/2010 08:59 PM 637 contents.rdf
08/02/2010 08:59 PM 213 freshStart.dtd
08/02/2010 08:59 PM 615 freshStart.properties
07/22/2011 01:39 PM 27,194 googlebar.dtd
08/02/2010 08:59 PM 9,996 googlebar.properties
08/02/2010 08:59 PM 517 googlebarExtras.dtd
08/02/2010 08:59 PM 2,198 locale.inf
7 File(s) 41,370 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar\skin
09/02/2011 04:57 PM <DIR> .
09/02/2011 04:57 PM <DIR> ..
08/02/2010 08:59 PM 962 answers.png
08/02/2010 08:59 PM 779 backwards.png
08/02/2010 08:59 PM 1,279 bsd.png
08/02/2010 08:59 PM 611 cached.png
08/02/2010 08:59 PM 805 catalogs.png
08/02/2010 08:59 PM 780 computers.png
08/02/2010 08:59 PM 1,321 contents.rdf
08/02/2010 08:59 PM 12,661 default-tight.css
08/02/2010 08:59 PM 12,359 default.css
08/02/2010 08:59 PM 771 desk1-disabled.png
08/02/2010 08:59 PM 858 desk1.png
08/02/2010 08:59 PM 466 desk2-disabled.png
08/02/2010 08:59 PM 1,208 desk2.png
08/02/2010 08:59 PM 542 dictionary-disabled.png
08/02/2010 08:59 PM 660 dictionary.png
08/02/2010 08:59 PM 766 dictionary2.png
08/02/2010 08:59 PM 573 english.png
08/02/2010 08:59 PM 584 findtermsmall.png
08/02/2010 08:59 PM 544 froogle.png
08/02/2010 08:59 PM 1,273 gb-mycountry.png
08/02/2010 08:59 PM 679 gb-mylocal.png
08/02/2010 08:59 PM 732 gb-options.png
08/02/2010 08:59 PM 879 gb-prefill.png
08/02/2010 08:59 PM 1,759 gblogger-search.png
08/02/2010 08:59 PM 415 gblogger.png
08/02/2010 08:59 PM 9,165 gbpref.gif
08/02/2010 08:59 PM 808 glossarysearch.png
08/02/2010 08:59 PM 327 gmail.png
08/02/2010 08:59 PM 389 googlebarExtras.css
08/02/2010 08:59 PM 275 googlebarPrefs.css
08/02/2010 08:59 PM 1,532 googlebar_large.png
08/02/2010 08:59 PM 869 googlebar_small.png
08/02/2010 08:59 PM 235 grippy.png
08/02/2010 08:59 PM 830 groups.png
08/02/2010 08:59 PM 615 highlightedtext-disabled.png
08/02/2010 08:59 PM 714 highlightedtext.png
08/02/2010 08:59 PM 583 highlighter-disabled.png
08/02/2010 08:59 PM 686 highlighter.png
08/02/2010 08:59 PM 666 images.png
08/02/2010 08:59 PM 2,766 install.png
08/02/2010 08:59 PM 955 linux.png
08/02/2010 08:59 PM 1,170 lucky.png
08/02/2010 08:59 PM 833 mac.png
08/02/2010 08:59 PM 540 maps.png
08/02/2010 08:59 PM 4,520 menubutton.css
08/02/2010 08:59 PM 1,285 menulogo.png
08/02/2010 08:59 PM 301 microsoft.png
08/02/2010 08:59 PM 565 ms.png
08/02/2010 08:59 PM 455 nav-next-disabled.png
08/02/2010 08:59 PM 544 nav-next.png
08/02/2010 08:59 PM 477 nav-prev-disabled.png
08/02/2010 08:59 PM 533 nav-prev.png
08/02/2010 08:59 PM 600 nav-refresh-disabled.png
08/02/2010 08:59 PM 710 nav-refresh.png
08/02/2010 08:59 PM 1,024 newssearch.png
08/02/2010 08:59 PM 363 nocalc.png
08/02/2010 08:59 PM 898 pageinfo.png
08/02/2010 08:59 PM 196 play.png
08/02/2010 08:59 PM 1,181 print.png
08/02/2010 08:59 PM 780 sample.png
08/02/2010 08:59 PM 653 scholar.png
08/02/2010 08:59 PM 697 search.png
08/02/2010 08:59 PM 360 similar.png
08/02/2010 08:59 PM 603 sitesearch-disabled.png
08/02/2010 08:59 PM 723 sitesearch.png
09/02/2011 04:57 PM <DIR> sound
08/02/2010 08:59 PM 706 specialsearch.png
08/02/2010 08:59 PM 951 stocks.png
08/02/2010 08:59 PM 565 unclesam.png
08/02/2010 08:59 PM 718 university.png
08/02/2010 08:59 PM 837 up-dir-disabled.png
08/02/2010 08:59 PM 937 up-dir.png
08/02/2010 08:59 PM 502 video.png
08/02/2010 08:59 PM 879 viewer.png
08/02/2010 08:59 PM 949 webdir.png
08/02/2010 08:59 PM 377 webquotes.png
08/02/2010 08:59 PM 861 websearch.png
76 File(s) 93,974 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\chrome\googlebar\skin\sound
09/02/2011 04:57 PM <DIR> .
09/02/2011 04:57 PM <DIR> ..
08/02/2010 08:59 PM 7,740 boing.wav
08/02/2010 08:59 PM 5,256 double.wav
08/02/2010 08:59 PM 4,190 hitwall.wav
08/02/2010 08:59 PM 2,974 pinc.wav
08/02/2010 08:59 PM 6,060 zinc.wav
5 File(s) 26,220 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\defaults
03/22/2012 09:32 AM <DIR> .
03/22/2012 09:32 AM <DIR> ..
09/02/2011 04:57 PM <DIR> preferences
0 File(s) 0 bytes
Directory of C:\Users\Eros\AppData\Roaming\Mozilla\Firefox\Profiles\7avg9om0.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}\defaults\preferences
09/02/2011 04:57 PM <DIR> .
09/02/2011 04:57 PM <DIR> ..
10/21/2010 03:13 PM 3,641 googlebar.js
1 File(s) 3,641 bytes
Total Files Listed:
125 File(s) 626,759 bytes
38 Dir(s) 123,431,440,384 bytes free
C:\Users\Eros\Downloads\cmd.bat deleted successfully.
C:\Users\Eros\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Eros\{d13d7e28-36fa-4bc4-b7e6-7fdc76617f55}" /c >
Volume in drive C is OS
Volume Serial Number is 5E2B-A046
Directory of C:\Users\Eros\{d13d7e28-36fa-4bc4-b7e6-7fdc76617f55}
03/25/2012 12:16 AM <DIR> .
03/25/2012 12:16 AM <DIR> ..
02/24/2009 11:18 PM 1,709 Moser.inf
03/10/2009 09:49 PM 8,151 Mousbser.cat
03/02/2009 10:02 PM 118,016 mousbser.sys
3 File(s) 127,876 bytes
Total Files Listed:
3 File(s) 127,876 bytes
2 Dir(s) 123,431,452,672 bytes free
C:\Users\Eros\Downloads\cmd.bat deleted successfully.
C:\Users\Eros\Downloads\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Users\Eros\Downloads\cmd.bat deleted successfully.
C:\Users\Eros\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Eros\Downloads\cmd.bat deleted successfully.
C:\Users\Eros\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: AppData

User: Default
->Flash cache emptied: 41661 bytes

User: Eros
->Flash cache emptied: 2335208 bytes

User: Mcx1
->Flash cache emptied: 41661 bytes

User: Public

User: RA Media Server

User: UpdatusUser
->Flash cache emptied: 41661 bytes

Total Flash Files Cleaned = 2.00 mb

[EMPTYJAVA]

User: AppData

User: Default

User: Eros
->Java cache emptied: 80829546 bytes

User: Mcx1

User: Public

User: RA Media Server

User: UpdatusUser

Total Java Files Cleaned = 77.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 03282012_212326

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#15 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 29 March 2012 - 01:49 AM

Hi paragon81!

Thanks for posting the OTL fix log.

Do you happen to have the ComboFix.txt log file for me to review? It can be located in your C:\ drive.

Also be sure to provide me with an update on how things are running in your next reply.

Kindest Regards,
ST.