BleepingComputer.com: unable to run Run DDS

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

unable to run Run DDS

#1 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 18 March 2011 - 06:05 AM

Hello All

I'm new to this site, not particularly good with computers, and newly infected with something.

Background info
Windows vista home premium 64

Security
My Norton Internet Security subscription had run out so I have switched to using MSE, windows fire wall, Avast (free)
Also use Malwarebytes, and WindPatrol (free). WinPatrol keeps telling me something is trying to change my Windows auto update settings???

Current Problem
I'm trying to follow the instructions on "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help", and...

I can not run the DDS.scr It's likely I have deleted the .scr extension at some point in the past, so I would appreciate it if some one could provide how to enable this to run.

Sincerely
Zonk59

Hello All

futher on my post...

I was able to run the DDS as with results pasted and attached as follow:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by zonk at 8:55:44.57 on Fri 03/18/2011
Internet Explorer: 9.0.8080.16413
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4062.2231 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Privoxy\privoxy.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe
C:\Windows\Explorer.exe
C:\Users\zonk\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://exclusive.bellaliant.net/home.jsp
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Privoxy.lnk - C:\Program Files (x86)\Privoxy\privoxy.exe
uPolicies-explorer: NoFileSharing = 1 (0x1)
uPolicies-explorer: NoPrintSharing = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {46853A1B-FC8F-43E8-A257-60855A16501B} = 156.154.70.22,156.154.71.22
TCP: {B0F0C11A-5B88-4E53-B7A7-2818C42E62D8} = 156.154.70.22,156.154.71.22
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
mRun-x64: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.livestrong.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 8118
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 8118
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 1
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: C:\Users\zonk\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\zonk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\zonk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\WINDOWS\System32\drivers\NISx64\1205000.07D\symds64.sys [2011-1-6 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\System32\drivers\NISx64\1205000.07D\symefa64.sys [2011-1-6 802864]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2011-3-15 505176]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2011-3-15 280408]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-2-25 1124472]
R1 ElRawDisk;ElRawDisk;C:\WINDOWS\System32\drivers\ElRawDsk.sys [2010-10-8 23464]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSviA64.sys [2011-3-4 476792]
R1 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\System32\drivers\MpFilter.sys [2010-3-25 188928]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\NISx64\1205000.07D\ironx64.sys [2011-1-6 171128]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\WINDOWS\System32\drivers\NISx64\1205000.07D\symtdiv.sys [2011-1-6 432760]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\drivers\aswFsBlk.sys [2011-3-15 22360]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2011-3-15 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-3-15 42184]
R2 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-7-2 193840]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-7-25 724152]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-7-25 724152]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2011-1-6 130000]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\WINDOWS\SMINST\BLService.exe [2008-7-2 341328]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R3 enecir;ENE CIR Receiver;C:\WINDOWS\System32\drivers\enecir.sys [2008-1-24 60928]
R3 JMCR;JMCR;C:\WINDOWS\System32\drivers\jmcr.sys [2010-10-9 131424]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\WINDOWS\System32\drivers\NETw5v64.sys [2009-11-16 5449728]
R3 NisDrv;Microsoft Network Inspection System;C:\WINDOWS\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\WINDOWS\System32\drivers\nvhda64v.sys [2010-9-10 84000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;FssFltr;C:\WINDOWS\System32\drivers\fssfltr.sys [2010-11-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\WINDOWS\System32\drivers\MpNWMon.sys [2010-3-25 40832]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSI;PSI;C:\WINDOWS\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
S3 SWDUMon;SWDUMon;C:\WINDOWS\System32\drivers\SWDUMon.sys [2010-10-9 13920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-7-19 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-03-18 11:36:37 -------- d-----w- C:\asl
2011-03-18 10:18:11 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{8CAB70A9-9ED9-4314-B713-B67198A845C7}\mpengine.dll
2011-03-16 20:27:29 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-16 20:08:44 376480 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-03-16 00:59:00 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-03-16 00:58:59 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-03-16 00:58:12 40648 ----a-w- C:\Windows\avastSS.scr
2011-03-16 00:57:50 -------- d-----w- C:\Program Files\AVAST Software
2011-03-16 00:57:50 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-03-16 00:38:24 -------- d-----w- C:\Users\zonk\AppData\Roaming\WinPatrol
2011-03-16 00:38:16 -------- d-----w- C:\Program Files (x86)\BillP Studios
2011-03-16 00:38:16 -------- d-----w- C:\PROGRA~3\InstallMate
2011-03-15 23:44:51 69000 ----a-w- C:\Windows\System32\offreg.dll
2011-03-15 23:44:51 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2011-03-13 15:39:12 -------- d-----w- C:\Users\zonk\SecurityScans
2011-03-13 15:38:32 -------- d-----w- C:\Program Files\Microsoft Baseline Security Analyzer 2
2011-03-12 01:23:04 19453 ----a-w- C:\Windows\cscmondump.bin
2011-03-12 01:11:16 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-03-10 00:49:43 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-10 00:39:55 -------- d-----w- C:\Users\zonk\AppData\Local\FixItCenter
2011-03-10 00:35:45 -------- d-----w- C:\Windows\MATS
2011-03-10 00:35:44 -------- d-----w- C:\Program Files\Microsoft Fix it Center
2011-03-09 00:24:17 -------- d-----w- C:\Users\zonk\.thumbnails
2011-03-09 00:16:49 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 00:16:48 731136 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 00:16:48 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 00:16:48 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 00:16:42 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 00:16:42 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 00:16:42 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 00:16:42 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 00:16:41 322560 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 00:16:41 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-09 00:16:41 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 00:16:41 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-08 22:34:30 -------- d-----w- C:\Users\zonk\AppData\Roaming\SeriousBit
2011-03-07 22:21:58 -------- d-----w- C:\PROGRA~3\Comodo
2011-03-07 21:45:01 35227976 ----a-w- C:\Program Files (x86)\cispremium_installer_x86.exe
2011-03-07 21:44:24 35227976 ----a-w- C:\Program Files (x86)\Windows Defender\cispremium_installer_x86.exe
2011-03-06 20:13:22 94208 ----a-w- C:\Program Files (x86)\Internet Explorer\fr\iediag.resources.dll
2011-03-06 20:07:22 -------- d-----w- C:\Users\zonk\AppData\Local\Apps
2011-03-06 15:05:38 -------- d-----w- C:\Windows\Driver Cache
2011-02-24 00:10:54 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
2011-02-21 22:39:09 -------- d-----w- C:\Program Files (x86)\Privoxy
2011-02-16 23:10:33 -------- d-----w- C:\Users\zonk\AppData\Roaming\BatteryCare
.
==================== Find3M ====================
.
2011-03-11 04:54:14 97928 ----a-w- C:\Windows\System32\IncContxMenu.dll
2011-03-11 04:53:32 14848 ----a-w- C:\Windows\System32\smrgdf.exe
2011-03-11 04:53:28 45568 ----a-w- C:\Windows\System32\iolobtdfg.exe
2011-03-06 14:22:10 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-01-20 16:46:10 900480 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-20 16:17:15 366592 ----a-w- C:\Windows\System32\winspool.drv
2011-01-20 16:17:03 625152 ----a-w- C:\Windows\System32\dxgi.dll
2011-01-20 16:16:53 287232 ----a-w- C:\Windows\System32\d3d10core.dll
2011-01-20 16:16:52 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-01-20 16:16:52 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-01-20 16:16:52 1268224 ----a-w- C:\Windows\System32\d3d10.dll
2011-01-20 16:16:47 748544 ----a-w- C:\Windows\System32\stobject.dll
2011-01-20 16:16:40 47104 ----a-w- C:\Windows\System32\cdd.dll
2011-01-20 16:16:10 3548672 ----a-w- C:\Windows\System32\mf.dll
2011-01-20 16:16:08 35840 ----a-w- C:\Windows\System32\printfilterpipelineprxy.dll
2011-01-20 16:14:49 278528 ----a-w- C:\Windows\System32\mfplat.dll
2011-01-20 16:14:49 195072 ----a-w- C:\Windows\System32\mfps.dll
2011-01-20 16:08:16 478720 ----a-w- C:\Windows\SysWow64\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- C:\Windows\SysWow64\d3d10.dll
2011-01-20 16:07:42 258048 ----a-w- C:\Windows\SysWow64\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- C:\Windows\SysWow64\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-20 16:04:54 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- C:\Windows\SysWow64\mfplat.dll
2011-01-20 15:01:50 3068416 ----a-w- C:\Windows\System32\xpsservices.dll
2011-01-20 15:01:09 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-20 14:59:59 1032192 ----a-w- C:\Windows\System32\printfilterpipelinesvc.exe
2011-01-20 14:58:38 1461760 ----a-w- C:\Windows\System32\OpcServices.dll
2011-01-20 14:57:44 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-20 14:57:28 231936 ----a-w- C:\Windows\System32\XpsRasterService.dll
2011-01-20 14:42:00 1257984 ----a-w- C:\Windows\System32\MFH264Dec.dll
2011-01-20 14:41:29 428544 ----a-w- C:\Windows\System32\MFHEAACdec.dll
2011-01-20 14:40:17 345088 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-20 14:40:14 34304 ----a-w- C:\Windows\System32\mfpmp.exe
2011-01-20 14:40:11 377344 ----a-w- C:\Windows\System32\mfmp4src.dll
2011-01-20 14:37:06 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2011-01-20 14:35:30 566272 ----a-w- C:\Windows\System32\d3d10level9.dll
2011-01-20 14:28:38 1554432 ----a-w- C:\Windows\SysWow64\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-20 14:25:25 847360 ----a-w- C:\Windows\SysWow64\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- C:\Windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- C:\Windows\SysWow64\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2011-01-20 14:06:15 834048 ----a-w- C:\Windows\System32\d2d1.dll
2011-01-20 14:02:46 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-01-20 14:02:44 1147904 ----a-w- C:\Windows\System32\FntCache.dll
2011-01-20 13:47:51 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-01-08 09:03:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 08:47:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:45:51 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 06:28:49 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 14:16:41 2757632 ----a-w- C:\Windows\System32\win32k.sys
2010-12-28 16:08:18 466944 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-20 21:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 8:59:01.10 ===============

EDIT: Posts merged ~BP

This post has been edited by Budapest: 18 March 2011 - 07:07 PM

#2 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 23 March 2011 - 09:15 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.


  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.


  • Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#3 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 26 March 2011 - 06:49 AM

hello

I'm here, and will chedk this site more often than my usual habit.

Thanks

#4 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 26 March 2011 - 02:28 PM

Hi,

Quote

WinPatrol keeps telling me something is trying to change my Windows auto update settings


WinPatrol monitors Auto Update and let's you know if anything tries to change your settings. Now this is a good thing but it isn't just malicious software that changes these settings - Microsoft also change these without telling you, the user.

Do these warnings come with any identification of what has accessed the autoupdate?
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#5 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 27 March 2011 - 09:09 AM

Hello I could tell if WinPatrol was ab;e to determine what was chainging the home page and search page. Next I have re-installed WinPatrol, which has now stopped warning of any change to the home page or search page. Avast free internet security found something like FakeItfakeit-REM (sorry I diddn't keep better n otic of what it found) Also for some reason the Avast free Internet security kept failing to start up, so I removed it. I have since un-installed and and have cleaned out much of the misc junk that was on the computer. Then installed Comodo free fire wall, and I'm using MSE and Malwarebytes for anti-virsus, anti-spyware, etc. Also have Threatfire free installed. All of these are not finding anything now, but I'm not sure I can trust my computer at this point. Your advise on how to ensue the computer is now clean would be welcome.

#6 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 27 March 2011 - 01:47 PM

If there's no symptoms and you have not found anything with the tools you are using it does sound positive. We should check for rootkits with Gmer and I will take a manual look at your PC with OTL.

Please run OTL and Gmer

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#7 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 27 March 2011 - 03:07 PM

Hello Here's the results of running OTL and GMER is pasted below, once again thank you for your help.... OTL Extras logfile created on: 3/27/2011 4:10:21 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files (x86)\OLT 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.67 Gb Total Space | 192.01 Gb Free Space | 66.75% Space Free | Partition Type: NTFS Drive D: | 10.41 Gb Total Space | 1.26 Gb Free Space | 12.13% Space Free | Partition Type: NTFS Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: DOD019-PC | User Name: zonk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 62 97 CD EA 4F 28 CB 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06EA36C9-5F96-4B7E-BCA2-559E2E700B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{2DE8B9C1-B69E-4930-B779-9EEADF2D0576}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{44C97B3B-B4E9-4255-B4FF-A71EBC9AFC42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{66C95822-51FC-45DB-BE2E-51598B288770}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{8EAE5A0A-7DA4-4041-A06A-DDBFC4AE8F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{C733BD3A-5A35-4963-AEDF-B5A90A18CB1C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "TCP Query User{42BE6AC5-2C99-4B4F-A004-0D870D0558E0}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "TCP Query User{BB43A38F-57CC-4E43-BBDB-DAC46632D8FB}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | "TCP Query User{D04E4E48-2565-4B6A-BEFF-C65B7BB31855}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | "UDP Query User{30612446-1DF1-48FA-B130-4A64B067E741}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | "UDP Query User{4411E497-FF22-44FE-BB38-180BCF2C90AF}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | "UDP Query User{9386EB31-6B4A-4604-8D97-915981AD0A3F}C:\program files (x86)\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2 "{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2 "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit) "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java™ SE Development Kit 6 Update 22 (64-bit) "{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24 (64-bit) "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{C4039DC0-905D-4372-8B20-120F0B6CF283}" = COMODO System-Cleaner "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "CCleaner" = CCleaner "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Digital Editions" = Adobe Digital Editions "ESET Online Scanner" = ESET Online Scanner v3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MoffFreeCalc_is1" = Moffsoft FreeCalc "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US) "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9) "NIS" = Norton Internet Security "Revo Uninstaller" = Revo Uninstaller 1.91 "Smart Defrag 2_is1" = Smart Defrag 2 "StarCraft II" = StarCraft II ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome SxS" = Google Chrome Canary Build ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/26/2011 5:41:56 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = Error - 3/26/2011 5:48:52 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = Error - 3/26/2011 6:45:15 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = Error - 3/26/2011 6:48:27 PM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application CSC.exe, version 3.1.51459.14, time stamp 0x4d75fb68, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception code 0xc0000374, fault offset 0x00000000000aca57, process id 0x1350, application start time 0x01cbec07eae8ed65. Error - 3/26/2011 6:48:47 PM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application CSC.exe, version 3.1.51459.14, time stamp 0x4d75fb68, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception code 0xc0000374, fault offset 0x00000000000aca57, process id 0x1090, application start time 0x01cbec07f74e5405. Error - 3/26/2011 6:49:47 PM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application CSC.exe, version 3.1.51459.14, time stamp 0x4d75fb68, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception code 0xc0000374, fault offset 0x00000000000aca57, process id 0xd00, application start time 0x01cbec081a9092c5. Error - 3/26/2011 6:51:58 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = Error - 3/26/2011 6:55:50 PM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application CSC.exe, version 3.1.51459.14, time stamp 0x4d75fb68, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception code 0xc0000374, fault offset 0x00000000000aca57, process id 0x11b0, application start time 0x01cbec08f37c01c1. Error - 3/26/2011 6:56:28 PM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application CSC.exe, version 3.1.51459.14, time stamp 0x4d75fb68, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb74dd3, exception code 0xc0000374, fault offset 0x00000000000aca57, process id 0x86c, application start time 0x01cbec090a048021. Error - 3/26/2011 6:59:42 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 11/17/2010 9:48:56 AM | Computer Name = dod019-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 867 seconds with 600 seconds of active time. This session ended with a crash. Error - 3/11/2011 9:42:44 AM | Computer Name = dod019-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 3/26/2011 8:21:18 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/26/2011 8:21:20 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/26/2011 8:21:21 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7026 Description = Error - 3/26/2011 8:21:27 PM | Computer Name = dod019-PC | Source = VDS Dynamic Provider | ID = 16908298 Description = Error - 3/26/2011 8:35:25 PM | Computer Name = dod019-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003 Description = Error - 3/27/2011 8:01:53 AM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/27/2011 8:03:14 AM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/27/2011 8:03:16 AM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/27/2011 8:03:16 AM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7026 Description = Error - 3/27/2011 8:17:18 AM | Computer Name = dod019-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003 Description = < End of report > OTL logfile created on: 3/27/2011 4:10:21 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files (x86)\OLT 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.67 Gb Total Space | 192.01 Gb Free Space | 66.75% Space Free | Partition Type: NTFS Drive D: | 10.41 Gb Total Space | 1.26 Gb Free Space | 12.13% Space Free | Partition Type: NTFS Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: DOD019-PC | User Name: zonk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\OLT\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation) PRC - C:\WINDOWS\SysWOW64\conime.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\SMINST\BLService.exe () ========== Modules (SafeList) ========== MOD - C:\Program Files (x86)\OLT\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\SysWOW64\guard32.dll (COMODO) MOD - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation) MOD - C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV:64bit: - (Cleaner_Validator) -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe () SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.) SRV:64bit: - (gpsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV - (ioloSystemService) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) SRV - (ioloFileInfoList) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys () DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools) DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools) DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools) DRV:64bit: - (CFRPD) -- C:\Windows\SysNative\DRIVERS\CFRPD.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (CFRMD) -- C:\Windows\SysNative\DRIVERS\CFRMD.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1205000.07D\SYMTDIV.SYS (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1205000.07D\SRTSP64.SYS (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SRTSPX64.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SYMEFA64.SYS (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.SYS (Symantec Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SYMDS64.SYS (Symantec Corporation) DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys () DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (LSI Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110306.002\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110306.002\ENG64.SYS (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://exclusive.bellaliant.net/home.jsp IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.livestrong.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2 FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.4 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 8118 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 8118 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 8118 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 8118 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 8118 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 8118 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 8118 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8118 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/07 09:06:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 19:38:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/20 03:03:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011/03/22 18:15:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/06 11:30:53 | 000,000,000 | ---D | M] [2010/07/29 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions [2010/07/29 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/07/19 18:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/03/27 11:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions [2011/03/09 22:05:23 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2010/10/16 08:11:12 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011/03/09 22:05:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/11/08 18:54:09 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2011/03/11 22:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2011/03/26 07:08:57 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011/01/26 20:47:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/03/24 17:24:52 | 000,000,000 | ---D | M] (Anti-Aliasing Tuner) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\aatuner@hotmint.com [2011/02/25 17:22:03 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\firefox@ghostery.com [2011/02/17 17:16:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\https-everywhere@eff.org [2011/03/13 18:58:45 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\startup.service@mozilla.com [2011/03/11 22:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\testpilot@labs.mozilla.com [2010/07/25 09:40:39 | 000,001,820 | ---- | M] () -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\searchplugins\bing.xml [2010/10/21 18:47:10 | 000,002,470 | ---- | M] () -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\searchplugins\safesearch.xml [2011/03/11 19:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/07/24 19:29:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- [2011/01/06 19:38:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN [2011/01/07 09:06:31 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{DAF44BF7-A45E-4450-979C-91CF07434C3D}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\FIRECOOKIE@JANODVARKO.CZ.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2010/07/20 03:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/03/04 18:57:53 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll [2011/03/04 18:57:53 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll [2010/08/16 12:45:57 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2011/03/04 18:57:54 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll [2011/01/30 12:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll O1 HOSTS File: ([2011/03/22 19:29:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileSharing = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrintSharing = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\WINDOWS\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\WINDOWS\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/05/25 01:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{33a2192d-92e4-11df-be5f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{33a2192d-92e4-11df-be5f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010/05/25 01:56:52 | 002,505,256 | ---- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/27 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OLT [2011/03/26 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II [2011/03/26 16:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol [2011/03/26 16:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2011/03/26 16:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios [2011/03/23 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\zonk\SecurityScans [2011/03/23 18:43:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/03/23 18:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/23 17:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2011/03/23 17:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2011/03/22 19:45:58 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011/03/22 19:45:58 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011/03/22 19:45:58 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011/03/22 19:45:58 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011/03/22 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\temp [2011/03/22 19:15:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/03/22 19:15:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/03/22 19:15:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/03/22 19:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/03/22 19:15:17 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/03/22 19:13:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011/03/22 19:13:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2011/03/22 16:11:01 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\AVG10 [2011/03/22 16:08:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011/03/22 16:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2011/03/22 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011/03/21 19:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011/03/20 11:23:48 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\IObit [2011/03/20 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2 [2011/03/20 11:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2011/03/18 22:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire [2011/03/18 22:50:32 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2011/03/18 22:50:32 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2011/03/18 22:50:32 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2011/03/18 22:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire [2011/03/18 22:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011/03/18 20:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/03/18 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011/03/18 20:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/03/17 17:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011/03/15 21:58:59 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011/03/15 21:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011/03/15 21:38:24 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\WinPatrol [2011/03/15 20:44:51 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll [2011/03/15 20:44:51 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offreg.dll [2011/03/15 18:36:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011/03/13 12:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2 [2011/03/11 22:11:16 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2011/03/09 21:49:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011/03/09 21:39:55 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\FixItCenter [2011/03/09 21:35:45 | 000,000,000 | ---D | C] -- C:\Windows\MATS [2011/03/09 21:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center [2011/03/08 21:24:42 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\gtk-2.0 [2011/03/08 21:24:17 | 000,000,000 | ---D | C] -- C:\Users\zonk\.thumbnails [2011/03/08 21:16:49 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011/03/08 21:16:48 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011/03/08 21:16:48 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011/03/08 21:16:48 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011/03/08 21:16:42 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011/03/08 21:16:42 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011/03/08 21:16:42 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011/03/08 21:16:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011/03/08 21:16:41 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011/03/08 21:16:41 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll [2011/03/08 21:16:41 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011/03/08 21:16:41 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll [2011/03/08 19:34:30 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\SeriousBit [2011/03/07 19:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2011/03/06 18:28:55 | 000,000,000 | ---D | C] -- C:\Users\zonk\Documents\gegl-0.0 [2011/03/06 18:05:02 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011/03/06 17:07:22 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\Apps [2011/03/06 12:05:38 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache [2011/03/06 11:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2011/03/06 11:22:23 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011/03/06 11:22:23 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011/03/06 11:22:23 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011/03/06 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\CyberLink [2011/03/02 20:52:56 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011/03/02 20:52:56 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011/03/02 20:52:55 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011/03/02 20:52:55 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011/03/02 20:52:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011/03/02 20:52:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011/03/02 20:52:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011/03/02 20:52:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011/03/02 20:52:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011/03/02 20:52:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011/03/02 20:52:54 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011/03/02 20:52:54 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011/03/02 20:52:54 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011/03/02 20:52:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011/03/02 20:52:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011/03/02 20:52:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/03/02 20:52:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011/03/02 20:52:53 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011/03/02 20:52:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/03/02 20:52:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011/03/02 20:52:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011/03/02 20:52:53 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011/03/02 20:52:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011/03/02 20:52:52 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011/03/02 20:52:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/03/02 20:52:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011/03/02 20:52:52 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011/03/02 20:52:52 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011/03/02 20:52:52 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2011/03/02 20:52:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011/03/02 20:52:52 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011/03/02 20:52:52 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011/03/02 20:52:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011/03/02 20:52:52 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011/03/02 20:52:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011/03/02 20:52:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011/03/02 20:52:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011/03/02 20:52:51 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011/03/02 20:52:51 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011/03/02 20:52:50 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011/03/02 20:52:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/03/02 20:52:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011/03/02 20:52:49 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011/03/02 20:52:49 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011/03/02 20:52:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011/03/02 20:52:48 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011/03/02 20:52:48 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011/03/02 20:52:48 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011/03/02 20:52:48 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011/03/02 20:52:48 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011/03/02 20:52:48 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011/03/02 20:52:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011/03/02 20:52:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011/03/02 20:52:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011/03/02 20:52:47 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011/03/02 20:52:47 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011/03/02 20:52:47 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011/03/02 20:52:47 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011/03/02 20:52:47 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011/03/02 20:52:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011/03/02 20:52:47 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011/03/02 20:52:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/03/02 20:52:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011/03/02 20:52:47 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011/03/02 20:52:46 | 002,272,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011/03/02 20:52:46 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/03/02 20:52:46 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011/03/02 20:52:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011/03/02 20:52:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011/03/02 20:52:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011/03/02 20:52:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2011/03/02 20:52:46 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011/03/02 20:52:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011/03/02 20:52:46 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011/03/02 20:52:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011/03/02 20:52:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011/03/02 20:52:45 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011/03/02 20:52:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011/03/02 20:52:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011/03/02 20:52:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe ========== Files - Modified Within 30 Days ========== [2011/03/27 15:55:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/27 15:55:44 | 000,097,376 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011/03/27 15:55:44 | 000,097,376 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/03/27 11:01:06 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/27 11:01:06 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/26 22:08:12 | 000,018,562 | ---- | M] () -- C:\Windows\cscmondump.bin [2011/03/26 22:08:06 | 000,319,688 | ---- | M] () -- C:\Windows\CSC_ServiceDump.dat [2011/03/26 22:08:06 | 000,159,606 | ---- | M] () -- C:\Windows\CSC_ActiveCleanLog.dat [2011/03/26 22:08:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/03/26 19:57:59 | 000,000,012 | ---- | M] () -- C:\Windows\prcdump.bin [2011/03/26 19:57:59 | 000,000,008 | ---- | M] () -- C:\Windows\MonitorPaths.bin [2011/03/26 19:57:59 | 000,000,000 | ---- | M] () -- C:\Windows\CSC_FirstRUN.bin [2011/03/26 19:44:03 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\COMODO Updater.job [2011/03/23 20:36:53 | 000,307,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/03/23 19:40:37 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/03/23 18:43:41 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/23 18:01:43 | 001,006,764 | ---- | M] () -- C:\rkill.exe [2011/03/22 19:29:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/03/22 18:55:33 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll [2011/03/22 12:20:46 | 001,515,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/03/22 12:20:46 | 000,688,328 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2011/03/22 12:20:46 | 000,615,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/03/22 12:20:46 | 000,133,728 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2011/03/22 12:20:46 | 000,111,616 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/03/21 19:38:19 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/03/21 19:13:03 | 000,000,333 | ---- | M] () -- C:\Windows\SysMech.INI [2011/03/21 16:57:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011/03/18 22:19:23 | 000,712,380 | ---- | M] () -- C:\Users\zonk\AppData\Local\census.cache [2011/03/18 22:18:11 | 000,162,417 | ---- | M] () -- C:\Users\zonk\AppData\Local\ars.cache [2011/03/18 21:54:43 | 000,000,036 | ---- | M] () -- C:\Users\zonk\AppData\Local\housecall.guid.cache [2011/03/18 07:33:16 | 000,000,000 | ---- | M] () -- C:\Users\zonk\defogger_reenable [2011/03/15 20:45:16 | 000,001,929 | ---- | M] () -- C:\Users\zonk\Desktop\System Mechanic.lnk [2011/03/14 22:13:53 | 000,000,386 | ---- | M] () -- C:\Windows\SysWow64\ioloBootDefrag.cfg [2011/03/14 20:27:49 | 000,000,000 | -H-- | M] () -- C:\Users\zonk\Documents\Default.rdp [2011/03/14 19:30:44 | 000,000,732 | ---- | M] () -- C:\Users\zonk\AppData\Local\d3d9caps64.dat [2011/03/11 22:11:16 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2011/03/11 20:27:00 | 000,000,949 | ---- | M] () -- C:\Users\zonk\Desktop\Internet Explorer (64-bit).lnk [2011/03/11 10:54:48 | 000,000,680 | ---- | M] () -- C:\Users\zonk\AppData\Local\d3d9caps.dat [2011/03/11 01:54:14 | 000,097,928 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\IncContxMenu.dll [2011/03/11 01:53:32 | 000,014,848 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe [2011/03/11 01:53:28 | 000,045,568 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe [2011/03/08 21:25:04 | 000,001,457 | ---- | M] () -- C:\Users\zonk\.recently-used.xbel [2011/03/06 11:22:11 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011/03/06 11:22:11 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011/03/06 11:22:11 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011/03/06 11:22:10 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011/03/02 20:53:10 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2011/03/02 20:53:10 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat [2011/03/02 20:53:10 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2011/03/02 20:53:10 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat [2011/03/02 20:52:56 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011/03/02 20:52:56 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011/03/02 20:52:55 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011/03/02 20:52:55 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011/03/02 20:52:55 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011/03/02 20:52:55 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011/03/02 20:52:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011/03/02 20:52:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011/03/02 20:52:55 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011/03/02 20:52:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/03/02 20:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011/03/02 20:52:55 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011/03/02 20:52:54 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011/03/02 20:52:54 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011/03/02 20:52:54 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011/03/02 20:52:54 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011/03/02 20:52:54 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/03/02 20:52:54 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011/03/02 20:52:53 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011/03/02 20:52:53 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/03/02 20:52:53 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011/03/02 20:52:53 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011/03/02 20:52:53 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011/03/02 20:52:53 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011/03/02 20:52:53 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011/03/02 20:52:52 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/03/02 20:52:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011/03/02 20:52:52 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011/03/02 20:52:52 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011/03/02 20:52:52 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2011/03/02 20:52:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011/03/02 20:52:52 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011/03/02 20:52:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011/03/02 20:52:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011/03/02 20:52:52 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011/03/02 20:52:52 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011/03/02 20:52:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011/03/02 20:52:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011/03/02 20:52:51 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011/03/02 20:52:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011/03/02 20:52:50 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011/03/02 20:52:49 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/03/02 20:52:49 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011/03/02 20:52:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011/03/02 20:52:49 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011/03/02 20:52:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011/03/02 20:52:48 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011/03/02 20:52:48 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011/03/02 20:52:48 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011/03/02 20:52:48 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011/03/02 20:52:48 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011/03/02 20:52:48 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011/03/02 20:52:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011/03/02 20:52:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011/03/02 20:52:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011/03/02 20:52:48 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011/03/02 20:52:47 | 001,490,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011/03/02 20:52:47 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011/03/02 20:52:47 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011/03/02 20:52:47 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011/03/02 20:52:47 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011/03/02 20:52:47 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011/03/02 20:52:47 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011/03/02 20:52:47 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/03/02 20:52:47 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011/03/02 20:52:47 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011/03/02 20:52:46 | 002,272,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011/03/02 20:52:46 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/03/02 20:52:46 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011/03/02 20:52:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011/03/02 20:52:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011/03/02 20:52:46 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011/03/02 20:52:46 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011/03/02 20:52:46 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2011/03/02 20:52:46 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011/03/02 20:52:46 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011/03/02 20:52:46 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011/03/02 20:52:46 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011/03/02 20:52:45 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011/03/02 20:52:45 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011/03/02 20:52:45 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011/03/02 20:52:45 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe ========== Files Created - No Company Name ========== [2011/03/26 20:18:20 | 000,319,688 | ---- | C] () -- C:\Windows\CSC_ServiceDump.dat [2011/03/26 20:18:20 | 000,159,606 | ---- | C] () -- C:\Windows\CSC_ActiveCleanLog.dat [2011/03/26 19:57:59 | 000,018,562 | ---- | C] () -- C:\Windows\cscmondump.bin [2011/03/26 19:50:05 | 000,000,012 | ---- | C] () -- C:\Windows\prcdump.bin [2011/03/26 19:50:05 | 000,000,008 | ---- | C] () -- C:\Windows\MonitorPaths.bin [2011/03/26 19:50:05 | 000,000,000 | ---- | C] () -- C:\Windows\CSC_FirstRUN.bin [2011/03/26 19:34:34 | 000,000,448 | ---- | C] () -- C:\Windows\tasks\COMODO Updater.job [2011/03/23 18:43:41 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/23 18:05:40 | 001,006,764 | ---- | C] () -- C:\rkill.exe [2011/03/22 19:15:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/03/22 19:15:32 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/03/22 19:15:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/03/22 19:15:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/03/22 18:55:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2011/03/21 19:38:19 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/03/21 19:38:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/03/20 11:23:38 | 000,032,648 | ---- | C] () -- C:\Windows\SysNative\SmartDefragBootTime.exe [2011/03/20 11:23:35 | 000,018,232 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys [2011/03/18 22:19:23 | 000,712,380 | ---- | C] () -- C:\Users\zonk\AppData\Local\census.cache [2011/03/18 22:18:11 | 000,162,417 | ---- | C] () -- C:\Users\zonk\AppData\Local\ars.cache [2011/03/18 21:54:43 | 000,000,036 | ---- | C] () -- C:\Users\zonk\AppData\Local\housecall.guid.cache [2011/03/18 07:33:16 | 000,000,000 | ---- | C] () -- C:\Users\zonk\defogger_reenable [2011/03/15 21:58:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2011/03/14 20:27:49 | 000,000,000 | -H-- | C] () -- C:\Users\zonk\Documents\Default.rdp [2011/03/11 20:27:00 | 000,000,949 | ---- | C] () -- C:\Users\zonk\Desktop\Internet Explorer (64-bit).lnk [2011/03/11 10:54:48 | 000,000,680 | ---- | C] () -- C:\Users\zonk\AppData\Local\d3d9caps.dat [2011/03/09 21:35:46 | 000,000,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk [2011/03/08 21:25:04 | 000,001,457 | ---- | C] () -- C:\Users\zonk\.recently-used.xbel [2011/03/08 12:25:37 | 000,000,732 | ---- | C] () -- C:\Users\zonk\AppData\Local\d3d9caps64.dat [2011/03/02 20:52:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/03/02 20:52:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011/01/18 20:47:32 | 000,000,173 | ---- | C] () -- C:\Users\zonk\AppData\Local\msmathematics.qat.zonk [2010/12/17 18:34:35 | 001,528,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/12/15 21:27:55 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010/12/04 13:02:28 | 000,004,608 | ---- | C] () -- C:\Users\zonk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/16 06:45:50 | 000,000,333 | ---- | C] () -- C:\Windows\SysMech.INI [2010/07/30 12:30:23 | 000,000,022 | -HS- | C] () -- C:\Users\zonk\AppData\Roaming\Sys6925.Config Collection.sys [2010/07/30 12:30:23 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin [2010/07/19 21:32:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010/07/19 21:31:58 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010/07/19 21:31:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010/07/19 01:41:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010/07/19 00:07:26 | 000,097,376 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010/07/19 00:07:00 | 000,097,376 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010/07/18 23:23:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/07/02 16:07:50 | 000,101,632 | ---- | C] () -- C:\Windows\hpqins13.dat [2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2011/02/15 19:30:14 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\.anomos [2010/09/21 06:28:12 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\.minecraft [2010/12/17 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Auslogics [2011/03/22 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\AVG10 [2011/03/06 12:24:12 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\BatteryCare [2010/07/21 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\GARMIN [2010/12/17 20:31:39 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\GlarySoft [2011/03/08 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\gtk-2.0 [2011/03/20 11:23:48 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\IObit [2011/03/21 19:16:48 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\iolo [2011/03/26 08:37:43 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\QuickScan [2011/03/08 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\SeriousBit [2010/07/29 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Thunderbird [2010/10/09 08:12:14 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Tific [2010/07/23 17:52:50 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\WinBatch [2011/01/05 15:45:18 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Windows Live Writer [2011/03/15 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\WinPatrol [2011/03/26 22:08:06 | 000,032,570 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-03-27 16:58:50 Windows 6.0.6002 Service Pack 2 Running: e79e8962.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c8cf2b Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186c8cf2b (not active ControlSet) ---- Files - GMER 1.0.15 ---- File C:\Users\zonk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat 622592 bytes File C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat 32768 bytes ---- EOF - GMER 1.0.15 ----

#8 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 27 March 2011 - 05:15 PM

Whoa, what happened to the formatting there?

Did you have these saved in the notepad format? If you still have the files can you open the OTL.txt file and attempt to copy and paste it again. It should look like this------> A random link to an OTL log
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#9 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 28 March 2011 - 04:48 PM

Hello here's the info requested (OLT & Extras with gemr in next post) OTL Extras logfile created on: 3/28/2011 6:36:33 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files (x86)\OLT 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.67 Gb Total Space | 192.06 Gb Free Space | 66.76% Space Free | Partition Type: NTFS Drive D: | 10.41 Gb Total Space | 1.26 Gb Free Space | 12.13% Space Free | Partition Type: NTFS Computer Name: DOD019-PC | User Name: zonk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 62 97 CD EA 4F 28 CB 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06EA36C9-5F96-4B7E-BCA2-559E2E700B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{2DE8B9C1-B69E-4930-B779-9EEADF2D0576}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{44C97B3B-B4E9-4255-B4FF-A71EBC9AFC42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{66C95822-51FC-45DB-BE2E-51598B288770}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{8EAE5A0A-7DA4-4041-A06A-DDBFC4AE8F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{C733BD3A-5A35-4963-AEDF-B5A90A18CB1C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2 "{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2 "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit) "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java™ SE Development Kit 6 Update 22 (64-bit) "{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24 (64-bit) "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit "CCleaner" = CCleaner "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1) "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Digital Editions" = Adobe Digital Editions "ESET Online Scanner" = ESET Online Scanner v3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "MoffFreeCalc_is1" = Moffsoft FreeCalc "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US) "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9) "NIS" = Norton Internet Security "Revo Uninstaller" = Revo Uninstaller 1.91 "Smart Defrag 2_is1" = Smart Defrag 2 "StarCraft II" = StarCraft II ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome SxS" = Google Chrome Canary Build ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/27/2011 8:23:34 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8080.16413, time stamp 0x4d4ce896, faulting module jscript9.dll, version 9.0.8080.16413, time stamp 0x4d4ce9fb, exception code 0xc0000005, fault offset 0x000000000004e964, process id 0x1258, application start time 0x01cbec79b1ebff51. Error - 3/27/2011 11:08:32 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception code 0xc0000005, fault offset 0x0057088e, process id 0xc18, application start time 0x01cbec90cda2afe0. Error - 3/27/2011 11:08:57 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception code 0xc0000005, fault offset 0x0057088e, process id 0x13e4, application start time 0x01cbec90e296ea10. Error - 3/27/2011 11:09:23 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception code 0xc0000005, fault offset 0x0057088e, process id 0x139c, application start time 0x01cbec90f154b7d0. Error - 3/27/2011 11:10:03 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception code 0xc0000005, fault offset 0x0057088e, process id 0x13e4, application start time 0x01cbec9109f83e60. Error - 3/27/2011 11:11:27 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000 Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception code 0xc0000005, fault offset 0x0057088e, process id 0x700, application start time 0x01cbec913bb65040. Error - 3/27/2011 7:48:59 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = Error - 3/27/2011 7:59:21 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = Error - 3/27/2011 8:30:23 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = Error - 3/27/2011 9:20:27 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 11/17/2010 9:48:56 AM | Computer Name = dod019-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 867 seconds with 600 seconds of active time. This session ended with a crash. Error - 3/11/2011 9:42:44 AM | Computer Name = dod019-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 3/28/2011 4:59:57 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/28/2011 4:59:59 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/28/2011 4:59:59 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7026 Description = Error - 3/28/2011 5:00:10 PM | Computer Name = dod019-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 3/28/2011 5:14:19 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7000 Description = Error - 3/28/2011 5:15:20 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/28/2011 5:15:22 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022 Description = Error - 3/28/2011 5:15:22 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7026 Description = Error - 3/28/2011 5:15:33 PM | Computer Name = dod019-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 3/28/2011 5:29:29 PM | Computer Name = dod019-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003 Description = < End of report > OTL logfile created on: 3/28/2011 6:36:33 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files (x86)\OLT 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287.67 Gb Total Space | 192.06 Gb Free Space | 66.76% Space Free | Partition Type: NTFS Drive D: | 10.41 Gb Total Space | 1.26 Gb Free Space | 12.13% Space Free | Partition Type: NTFS Computer Name: DOD019-PC | User Name: zonk | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\OLT\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\SMINST\BLService.exe () ========== Modules (SafeList) ========== MOD - C:\Program Files (x86)\OLT\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\ThreatFire\TFWAH.dll (PC Tools) MOD - C:\WINDOWS\SysWOW64\guard32.dll (COMODO) MOD - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation) MOD - C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation) MOD - C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.) SRV:64bit: - (gpsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV - (ioloSystemService) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) SRV - (ioloFileInfoList) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys () DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools) DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools) DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools) DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1205000.07D\SYMTDIV.SYS (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1205000.07D\SRTSP64.SYS (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SRTSPX64.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SYMEFA64.SYS (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.SYS (Symantec Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SYMDS64.SYS (Symantec Corporation) DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys () DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation) DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (LSI Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek ) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110306.002\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110306.002\ENG64.SYS (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.livestrong.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2 FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.4 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 8118 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 8118 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 8118 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 8118 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 8118 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 8118 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 8118 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8118 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/07 09:06:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 19:38:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/20 03:03:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011/03/22 18:15:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/06 11:30:53 | 000,000,000 | ---D | M] [2010/07/29 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions [2010/07/29 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/07/19 18:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/03/27 21:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions [2011/03/09 22:05:23 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef} [2010/10/16 08:11:12 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011/03/09 22:05:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/11/08 18:54:09 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2011/03/28 01:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/03/11 22:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2011/03/26 07:08:57 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(182) [2011/01/26 20:47:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/03/24 17:24:52 | 000,000,000 | ---D | M] (Anti-Aliasing Tuner) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\aatuner@hotmint.com [2011/02/25 17:22:03 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\firefox@ghostery.com [2011/02/17 17:16:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\https-everywhere@eff.org [2011/03/13 18:58:45 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\startup.service@mozilla.com [2011/03/11 22:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\testpilot@labs.mozilla.com [2010/07/25 09:40:39 | 000,001,820 | ---- | M] () -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\searchplugins\bing.xml [2010/10/21 18:47:10 | 000,002,470 | ---- | M] () -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\searchplugins\safesearch.xml [2011/03/11 19:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/07/24 19:29:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- [2011/01/06 19:38:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN [2011/01/07 09:06:31 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{DAF44BF7-A45E-4450-979C-91CF07434C3D}.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\FIRECOOKIE@JANODVARKO.CZ.XPI () (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2010/07/20 03:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/03/04 18:57:53 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll [2011/03/04 18:57:53 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll [2010/08/16 12:45:57 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2011/03/04 18:57:54 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll [2011/01/30 12:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll O1 HOSTS File: ([2011/03/22 19:29:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileSharing = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrintSharing = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\WINDOWS\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\zonk\AppData\Roaming\iolo\) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/28 18:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2011/03/27 21:30:18 | 000,000,000 | -H-D | C] -- C:\VritualRoot [2011/03/27 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OLT [2011/03/26 16:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2011/03/26 16:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios [2011/03/23 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\zonk\SecurityScans(186) [2011/03/23 17:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2011/03/22 19:45:58 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011/03/22 19:45:58 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011/03/22 19:45:58 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011/03/22 19:45:58 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011/03/22 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\temp [2011/03/22 19:15:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/03/22 19:15:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/03/22 19:15:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/03/22 19:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/03/22 19:15:17 | 000,000,000 | ---D | C] -- C:\ComboFix [2011/03/22 19:13:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/03/22 19:13:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011/03/22 19:13:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2011/03/22 16:11:01 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\AVG10 [2011/03/22 16:08:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011/03/22 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011/03/21 19:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011/03/20 11:23:48 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\IObit [2011/03/20 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2 [2011/03/20 11:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2011/03/18 22:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire [2011/03/18 22:50:32 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2011/03/18 22:50:32 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2011/03/18 22:50:32 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2011/03/18 22:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire [2011/03/18 22:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011/03/18 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011/03/18 20:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/03/15 21:58:59 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011/03/15 21:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011/03/15 21:38:24 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\WinPatrol [2011/03/15 20:44:51 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll [2011/03/15 20:44:51 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offreg.dll [2011/03/15 18:36:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011/03/13 12:39:12 | 000,000,000 | ---D | C] -- C:\Users\zonk\SecurityScans [2011/03/13 12:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2 [2011/03/11 22:11:16 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2011/03/09 21:49:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011/03/09 21:39:55 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\FixItCenter [2011/03/09 21:35:45 | 000,000,000 | ---D | C] -- C:\Windows\MATS [2011/03/09 21:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center [2011/03/08 21:24:42 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\gtk-2.0 [2011/03/08 21:24:17 | 000,000,000 | ---D | C] -- C:\Users\zonk\.thumbnails [2011/03/08 21:16:49 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2011/03/08 21:16:48 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2011/03/08 21:16:48 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2011/03/08 21:16:48 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2011/03/08 21:16:42 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011/03/08 21:16:42 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011/03/08 21:16:42 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll [2011/03/08 21:16:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax [2011/03/08 21:16:41 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll [2011/03/08 21:16:41 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll [2011/03/08 21:16:41 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2011/03/08 21:16:41 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll [2011/03/08 19:34:30 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\SeriousBit [2011/03/07 19:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2011/03/06 18:28:55 | 000,000,000 | ---D | C] -- C:\Users\zonk\Documents\gegl-0.0 [2011/03/06 18:05:02 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011/03/06 17:07:22 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\Apps [2011/03/06 12:05:38 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache [2011/03/06 11:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2011/03/06 11:22:23 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011/03/06 11:22:23 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011/03/06 11:22:23 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011/03/06 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\CyberLink [2011/03/02 20:52:56 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011/03/02 20:52:56 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011/03/02 20:52:55 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011/03/02 20:52:55 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011/03/02 20:52:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011/03/02 20:52:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011/03/02 20:52:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011/03/02 20:52:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011/03/02 20:52:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011/03/02 20:52:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011/03/02 20:52:54 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011/03/02 20:52:54 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011/03/02 20:52:54 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011/03/02 20:52:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011/03/02 20:52:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011/03/02 20:52:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/03/02 20:52:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011/03/02 20:52:53 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011/03/02 20:52:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/03/02 20:52:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011/03/02 20:52:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011/03/02 20:52:53 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011/03/02 20:52:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011/03/02 20:52:52 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011/03/02 20:52:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/03/02 20:52:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011/03/02 20:52:52 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011/03/02 20:52:52 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011/03/02 20:52:52 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2011/03/02 20:52:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011/03/02 20:52:52 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011/03/02 20:52:52 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011/03/02 20:52:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011/03/02 20:52:52 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011/03/02 20:52:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011/03/02 20:52:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011/03/02 20:52:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011/03/02 20:52:51 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011/03/02 20:52:51 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011/03/02 20:52:50 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011/03/02 20:52:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/03/02 20:52:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011/03/02 20:52:49 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011/03/02 20:52:49 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011/03/02 20:52:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011/03/02 20:52:48 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011/03/02 20:52:48 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011/03/02 20:52:48 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011/03/02 20:52:48 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011/03/02 20:52:48 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011/03/02 20:52:48 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011/03/02 20:52:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011/03/02 20:52:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011/03/02 20:52:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011/03/02 20:52:47 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011/03/02 20:52:47 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011/03/02 20:52:47 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011/03/02 20:52:47 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011/03/02 20:52:47 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011/03/02 20:52:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011/03/02 20:52:47 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011/03/02 20:52:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/03/02 20:52:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011/03/02 20:52:47 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011/03/02 20:52:46 | 002,272,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011/03/02 20:52:46 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/03/02 20:52:46 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011/03/02 20:52:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011/03/02 20:52:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011/03/02 20:52:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011/03/02 20:52:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2011/03/02 20:52:46 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011/03/02 20:52:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011/03/02 20:52:46 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011/03/02 20:52:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011/03/02 20:52:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011/03/02 20:52:45 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011/03/02 20:52:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011/03/02 20:52:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011/03/02 20:52:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe ========== Files - Modified Within 30 Days ========== [2011/03/28 18:13:32 | 000,097,376 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011/03/28 18:13:32 | 000,097,376 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011/03/28 18:13:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/28 18:13:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/28 18:13:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/28 18:11:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011/03/28 18:07:33 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2011/03/22 19:29:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011/03/22 18:55:33 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll [2011/03/22 12:20:46 | 001,515,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/03/22 12:20:46 | 000,688,328 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2011/03/22 12:20:46 | 000,615,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/03/22 12:20:46 | 000,133,728 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2011/03/22 12:20:46 | 000,111,616 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/03/21 19:38:19 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/03/21 19:13:03 | 000,000,333 | ---- | M] () -- C:\Windows\SysMech.INI [2011/03/21 16:57:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011/03/18 22:50:37 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk [2011/03/18 22:19:23 | 000,712,380 | ---- | M] () -- C:\Users\zonk\AppData\Local\census.cache [2011/03/18 22:18:11 | 000,162,417 | ---- | M] () -- C:\Users\zonk\AppData\Local\ars.cache [2011/03/18 21:54:43 | 000,000,036 | ---- | M] () -- C:\Users\zonk\AppData\Local\housecall.guid.cache [2011/03/18 07:33:16 | 000,000,000 | ---- | M] () -- C:\Users\zonk\defogger_reenable [2011/03/15 20:45:16 | 000,001,929 | ---- | M] () -- C:\Users\zonk\Desktop\System Mechanic.lnk [2011/03/14 22:13:53 | 000,000,386 | ---- | M] () -- C:\Windows\SysWow64\ioloBootDefrag.cfg [2011/03/14 20:27:49 | 000,000,000 | -H-- | M] () -- C:\Users\zonk\Documents\Default.rdp [2011/03/14 19:30:44 | 000,000,732 | ---- | M] () -- C:\Users\zonk\AppData\Local\d3d9caps64.dat [2011/03/11 22:11:16 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll [2011/03/11 20:27:00 | 000,000,949 | ---- | M] () -- C:\Users\zonk\Desktop\Internet Explorer (64-bit).lnk [2011/03/11 10:54:48 | 000,000,680 | ---- | M] () -- C:\Users\zonk\AppData\Local\d3d9caps.dat [2011/03/11 01:54:14 | 000,097,928 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\IncContxMenu.dll [2011/03/11 01:53:32 | 000,014,848 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe [2011/03/11 01:53:28 | 000,045,568 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe [2011/03/08 21:25:04 | 000,001,457 | ---- | M] () -- C:\Users\zonk\.recently-used.xbel [2011/03/08 19:44:53 | 000,307,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/03/06 11:22:11 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2011/03/06 11:22:11 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2011/03/06 11:22:11 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2011/03/06 11:22:10 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011/03/02 20:53:10 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2011/03/02 20:53:10 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat [2011/03/02 20:53:10 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2011/03/02 20:53:10 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat [2011/03/02 20:52:56 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011/03/02 20:52:56 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011/03/02 20:52:55 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011/03/02 20:52:55 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011/03/02 20:52:55 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011/03/02 20:52:55 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011/03/02 20:52:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011/03/02 20:52:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011/03/02 20:52:55 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011/03/02 20:52:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011/03/02 20:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011/03/02 20:52:55 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011/03/02 20:52:54 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011/03/02 20:52:54 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011/03/02 20:52:54 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011/03/02 20:52:54 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011/03/02 20:52:54 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/03/02 20:52:54 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011/03/02 20:52:53 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2011/03/02 20:52:53 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/03/02 20:52:53 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011/03/02 20:52:53 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011/03/02 20:52:53 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011/03/02 20:52:53 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011/03/02 20:52:53 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011/03/02 20:52:52 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/03/02 20:52:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011/03/02 20:52:52 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011/03/02 20:52:52 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011/03/02 20:52:52 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2011/03/02 20:52:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2011/03/02 20:52:52 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011/03/02 20:52:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011/03/02 20:52:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011/03/02 20:52:52 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011/03/02 20:52:52 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011/03/02 20:52:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011/03/02 20:52:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011/03/02 20:52:51 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011/03/02 20:52:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011/03/02 20:52:50 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2011/03/02 20:52:49 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/03/02 20:52:49 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2011/03/02 20:52:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011/03/02 20:52:49 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011/03/02 20:52:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2011/03/02 20:52:48 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2011/03/02 20:52:48 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011/03/02 20:52:48 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2011/03/02 20:52:48 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011/03/02 20:52:48 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2011/03/02 20:52:48 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011/03/02 20:52:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2011/03/02 20:52:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2011/03/02 20:52:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011/03/02 20:52:48 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011/03/02 20:52:47 | 001,490,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011/03/02 20:52:47 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011/03/02 20:52:47 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011/03/02 20:52:47 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011/03/02 20:52:47 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2011/03/02 20:52:47 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2011/03/02 20:52:47 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2011/03/02 20:52:47 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/03/02 20:52:47 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011/03/02 20:52:47 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011/03/02 20:52:46 | 002,272,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011/03/02 20:52:46 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/03/02 20:52:46 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2011/03/02 20:52:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011/03/02 20:52:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2011/03/02 20:52:46 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011/03/02 20:52:46 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011/03/02 20:52:46 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2011/03/02 20:52:46 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2011/03/02 20:52:46 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2011/03/02 20:52:46 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2011/03/02 20:52:46 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2011/03/02 20:52:45 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2011/03/02 20:52:45 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2011/03/02 20:52:45 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011/03/02 20:52:45 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe ========== Files Created - No Company Name ========== [2011/03/28 18:07:32 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2011/03/22 19:15:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/03/22 19:15:32 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/03/22 19:15:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/03/22 19:15:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/03/22 18:55:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2011/03/21 19:38:19 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011/03/21 19:38:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011/03/20 11:23:38 | 000,032,648 | ---- | C] () -- C:\Windows\SysNative\SmartDefragBootTime.exe [2011/03/20 11:23:35 | 000,018,232 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys [2011/03/18 22:50:37 | 000,000,735 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk [2011/03/18 22:19:23 | 000,712,380 | ---- | C] () -- C:\Users\zonk\AppData\Local\census.cache [2011/03/18 22:18:11 | 000,162,417 | ---- | C] () -- C:\Users\zonk\AppData\Local\ars.cache [2011/03/18 21:54:43 | 000,000,036 | ---- | C] () -- C:\Users\zonk\AppData\Local\housecall.guid.cache [2011/03/18 07:33:16 | 000,000,000 | ---- | C] () -- C:\Users\zonk\defogger_reenable [2011/03/15 21:58:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2011/03/14 20:27:49 | 000,000,000 | -H-- | C] () -- C:\Users\zonk\Documents\Default.rdp [2011/03/11 20:27:00 | 000,000,949 | ---- | C] () -- C:\Users\zonk\Desktop\Internet Explorer (64-bit).lnk [2011/03/11 10:54:48 | 000,000,680 | ---- | C] () -- C:\Users\zonk\AppData\Local\d3d9caps.dat [2011/03/09 21:35:46 | 000,000,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk [2011/03/08 21:25:04 | 000,001,457 | ---- | C] () -- C:\Users\zonk\.recently-used.xbel [2011/03/08 12:25:37 | 000,000,732 | ---- | C] () -- C:\Users\zonk\AppData\Local\d3d9caps64.dat [2011/03/02 20:52:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011/03/02 20:52:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011/01/18 20:47:32 | 000,000,173 | ---- | C] () -- C:\Users\zonk\AppData\Local\msmathematics.qat.zonk [2010/12/17 18:34:35 | 001,528,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/12/15 21:27:55 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010/12/04 13:02:28 | 000,004,608 | ---- | C] () -- C:\Users\zonk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/16 06:45:50 | 000,000,333 | ---- | C] () -- C:\Windows\SysMech.INI [2010/07/30 12:30:23 | 000,000,022 | -HS- | C] () -- C:\Users\zonk\AppData\Roaming\Sys6925.Config Collection.sys [2010/07/30 12:30:23 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin [2010/07/19 21:32:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2010/07/19 21:31:58 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2010/07/19 21:31:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2010/07/19 01:41:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010/07/19 00:07:26 | 000,097,376 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010/07/19 00:07:00 | 000,097,376 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010/07/18 23:23:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/07/02 16:07:50 | 000,101,632 | ---- | C] () -- C:\Windows\hpqins13.dat [2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2011/02/15 19:30:14 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\.anomos [2010/09/21 06:28:12 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\.minecraft [2010/12/17 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Auslogics [2011/03/22 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\AVG10 [2011/03/06 12:24:12 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\BatteryCare [2010/07/21 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\GARMIN [2010/12/17 20:31:39 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\GlarySoft [2011/03/08 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\gtk-2.0 [2011/03/20 11:23:48 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\IObit [2011/03/28 01:44:59 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\iolo [2011/03/26 08:37:43 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\QuickScan [2011/03/08 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\SeriousBit [2010/07/29 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Thunderbird [2010/10/09 08:12:14 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Tific [2010/07/23 17:52:50 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\WinBatch [2011/01/05 15:45:18 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Windows Live Writer [2011/03/15 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\WinPatrol [2011/03/28 18:11:26 | 000,032,614 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >

#10 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 28 March 2011 - 04:50 PM

OTL logfile created on: 3/28/2011 6:36:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files (x86)\OLT
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.67 Gb Total Space | 192.06 Gb Free Space | 66.76% Space Free | Partition Type: NTFS
Drive D: | 10.41 Gb Total Space | 1.26 Gb Free Space | 12.13% Space Free | Partition Type: NTFS

Computer Name: DOD019-PC | User Name: zonk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\OLT\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\WINDOWS\SMINST\BLService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Program Files (x86)\OLT\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\ThreatFire\TFWAH.dll (PC Tools)
MOD - C:\WINDOWS\SysWOW64\guard32.dll (COMODO)
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (gpsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (ioloSystemService) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ioloFileInfoList) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (ThreatFire) -- C:\Program Files (x86)\ThreatFire\TFService.exe (PC Tools)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys ()
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\NISx64\1205000.07D\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1205000.07D\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (LSI Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110306.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110306.002\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.livestrong.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.4
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8118
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 8118
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8118
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8118
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8118
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/07 09:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 19:38:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/20 03:03:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011/03/22 18:15:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/06 11:30:53 | 000,000,000 | ---D | M]

[2010/07/29 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions
[2010/07/29 22:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/19 18:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/03/27 21:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions
[2011/03/09 22:05:23 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/10/16 08:11:12 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/03/09 22:05:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/08 18:54:09 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2011/03/28 01:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/11 22:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/03/26 07:08:57 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(182)
[2011/01/26 20:47:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/24 17:24:52 | 000,000,000 | ---D | M] (Anti-Aliasing Tuner) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\aatuner@hotmint.com
[2011/02/25 17:22:03 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\firefox@ghostery.com
[2011/02/17 17:16:17 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\https-everywhere@eff.org
[2011/03/13 18:58:45 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\startup.service@mozilla.com
[2011/03/11 22:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\extensions\testpilot@labs.mozilla.com
[2010/07/25 09:40:39 | 000,001,820 | ---- | M] () -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\searchplugins\bing.xml
[2010/10/21 18:47:10 | 000,002,470 | ---- | M] () -- C:\Users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\searchplugins\safesearch.xml
[2011/03/11 19:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/24 19:29:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/06 19:38:36 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/07 09:06:31 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\{DAF44BF7-A45E-4450-979C-91CF07434C3D}.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\FIRECOOKIE@JANODVARKO.CZ.XPI
() (No name found) -- C:\USERS\ZONK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZVFC4OJU.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/07/20 03:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/04 18:57:53 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2011/03/04 18:57:53 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010/08/16 12:45:57 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/04 18:57:54 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2011/01/30 12:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

O1 HOSTS File: ([2011/03/22 19:29:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileSharing = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrintSharing = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\WINDOWS\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\zonk\AppData\Roaming\iolo\) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/28 18:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/03/27 21:30:18 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/03/27 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OLT
[2011/03/26 16:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/03/26 16:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2011/03/23 20:55:14 | 000,000,000 | ---D | C] -- C:\Users\zonk\SecurityScans(186)
[2011/03/23 17:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/03/22 19:45:58 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/22 19:45:58 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/22 19:45:58 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/03/22 19:45:58 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/03/22 19:29:28 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\temp
[2011/03/22 19:15:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/22 19:15:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/22 19:15:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/22 19:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/22 19:15:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/22 19:13:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/22 19:13:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/22 19:13:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/22 16:11:01 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\AVG10
[2011/03/22 16:08:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/03/22 15:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/21 19:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/03/20 11:23:48 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\IObit
[2011/03/20 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/03/20 11:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/03/18 22:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2011/03/18 22:50:32 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011/03/18 22:50:32 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011/03/18 22:50:32 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011/03/18 22:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2011/03/18 22:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/18 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/03/18 20:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/03/15 21:58:59 | 000,238,968 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/03/15 21:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/15 21:38:24 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\WinPatrol
[2011/03/15 20:44:51 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll
[2011/03/15 20:44:51 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offreg.dll
[2011/03/15 18:36:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/03/13 12:39:12 | 000,000,000 | ---D | C] -- C:\Users\zonk\SecurityScans
[2011/03/13 12:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2011/03/11 22:11:16 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/03/09 21:49:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/03/09 21:39:55 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\FixItCenter
[2011/03/09 21:35:45 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2011/03/09 21:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/03/08 21:24:42 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\gtk-2.0
[2011/03/08 21:24:17 | 000,000,000 | ---D | C] -- C:\Users\zonk\.thumbnails
[2011/03/08 21:16:49 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/08 21:16:48 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/08 21:16:48 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/08 21:16:48 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/08 21:16:42 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/08 21:16:42 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/08 21:16:42 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/08 21:16:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/08 21:16:41 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/08 21:16:41 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbeio.dll
[2011/03/08 21:16:41 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/08 21:16:41 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2011/03/08 19:34:30 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\SeriousBit
[2011/03/07 19:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/03/06 18:28:55 | 000,000,000 | ---D | C] -- C:\Users\zonk\Documents\gegl-0.0
[2011/03/06 18:05:02 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/03/06 17:07:22 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Local\Apps
[2011/03/06 12:05:38 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache
[2011/03/06 11:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2011/03/06 11:22:23 | 000,189,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/03/06 11:22:23 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/03/06 11:22:23 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/03/06 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\zonk\AppData\Roaming\CyberLink
[2011/03/02 20:52:56 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/03/02 20:52:56 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/03/02 20:52:55 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/03/02 20:52:55 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/03/02 20:52:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/03/02 20:52:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/03/02 20:52:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/03/02 20:52:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/03/02 20:52:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/03/02 20:52:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/03/02 20:52:54 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/03/02 20:52:54 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/03/02 20:52:54 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/03/02 20:52:54 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/03/02 20:52:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/03/02 20:52:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/03/02 20:52:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/03/02 20:52:53 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/03/02 20:52:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/03/02 20:52:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/03/02 20:52:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/03/02 20:52:53 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/03/02 20:52:53 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/03/02 20:52:52 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/03/02 20:52:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/03/02 20:52:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/03/02 20:52:52 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/03/02 20:52:52 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/03/02 20:52:52 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011/03/02 20:52:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/03/02 20:52:52 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/03/02 20:52:52 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/03/02 20:52:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/03/02 20:52:52 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/03/02 20:52:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/03/02 20:52:51 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/03/02 20:52:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/03/02 20:52:51 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/03/02 20:52:51 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/03/02 20:52:50 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/03/02 20:52:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/03/02 20:52:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/03/02 20:52:49 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/03/02 20:52:49 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/03/02 20:52:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/03/02 20:52:48 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/03/02 20:52:48 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/03/02 20:52:48 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/03/02 20:52:48 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/03/02 20:52:48 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/03/02 20:52:48 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/03/02 20:52:48 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/03/02 20:52:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/03/02 20:52:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/03/02 20:52:47 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/03/02 20:52:47 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/03/02 20:52:47 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/03/02 20:52:47 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/03/02 20:52:47 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/03/02 20:52:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/03/02 20:52:47 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/03/02 20:52:47 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/03/02 20:52:47 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/03/02 20:52:47 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/03/02 20:52:46 | 002,272,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/03/02 20:52:46 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/03/02 20:52:46 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/03/02 20:52:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/03/02 20:52:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/03/02 20:52:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/03/02 20:52:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011/03/02 20:52:46 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/03/02 20:52:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/03/02 20:52:46 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/03/02 20:52:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/03/02 20:52:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/03/02 20:52:45 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/03/02 20:52:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/03/02 20:52:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/03/02 20:52:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2011/03/28 18:13:32 | 000,097,376 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/28 18:13:32 | 000,097,376 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/28 18:13:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/28 18:13:28 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/28 18:13:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/28 18:11:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/28 18:07:33 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/03/22 19:29:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/22 18:55:33 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll
[2011/03/22 12:20:46 | 001,515,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/22 12:20:46 | 000,688,328 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/03/22 12:20:46 | 000,615,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/22 12:20:46 | 000,133,728 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/03/22 12:20:46 | 000,111,616 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/21 19:38:19 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/21 19:13:03 | 000,000,333 | ---- | M] () -- C:\Windows\SysMech.INI
[2011/03/21 16:57:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/03/18 22:50:37 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011/03/18 22:19:23 | 000,712,380 | ---- | M] () -- C:\Users\zonk\AppData\Local\census.cache
[2011/03/18 22:18:11 | 000,162,417 | ---- | M] () -- C:\Users\zonk\AppData\Local\ars.cache
[2011/03/18 21:54:43 | 000,000,036 | ---- | M] () -- C:\Users\zonk\AppData\Local\housecall.guid.cache
[2011/03/18 07:33:16 | 000,000,000 | ---- | M] () -- C:\Users\zonk\defogger_reenable
[2011/03/15 20:45:16 | 000,001,929 | ---- | M] () -- C:\Users\zonk\Desktop\System Mechanic.lnk
[2011/03/14 22:13:53 | 000,000,386 | ---- | M] () -- C:\Windows\SysWow64\ioloBootDefrag.cfg
[2011/03/14 20:27:49 | 000,000,000 | -H-- | M] () -- C:\Users\zonk\Documents\Default.rdp
[2011/03/14 19:30:44 | 000,000,732 | ---- | M] () -- C:\Users\zonk\AppData\Local\d3d9caps64.dat
[2011/03/11 22:11:16 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2011/03/11 20:27:00 | 000,000,949 | ---- | M] () -- C:\Users\zonk\Desktop\Internet Explorer (64-bit).lnk
[2011/03/11 10:54:48 | 000,000,680 | ---- | M] () -- C:\Users\zonk\AppData\Local\d3d9caps.dat
[2011/03/11 01:54:14 | 000,097,928 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\IncContxMenu.dll
[2011/03/11 01:53:32 | 000,014,848 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe
[2011/03/11 01:53:28 | 000,045,568 | ---- | M] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe
[2011/03/08 21:25:04 | 000,001,457 | ---- | M] () -- C:\Users\zonk\.recently-used.xbel
[2011/03/08 19:44:53 | 000,307,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/06 11:22:11 | 000,189,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/03/06 11:22:11 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/03/06 11:22:11 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/03/06 11:22:10 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/03/02 20:53:10 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011/03/02 20:53:10 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011/03/02 20:53:10 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011/03/02 20:53:10 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011/03/02 20:52:56 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/03/02 20:52:56 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/03/02 20:52:55 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/03/02 20:52:55 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/03/02 20:52:55 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/03/02 20:52:55 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/03/02 20:52:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/03/02 20:52:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/03/02 20:52:55 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/03/02 20:52:55 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/03/02 20:52:55 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/03/02 20:52:55 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/03/02 20:52:54 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/03/02 20:52:54 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/03/02 20:52:54 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/03/02 20:52:54 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/03/02 20:52:54 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/03/02 20:52:54 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/03/02 20:52:53 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/03/02 20:52:53 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/03/02 20:52:53 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/03/02 20:52:53 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/03/02 20:52:53 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/03/02 20:52:53 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/03/02 20:52:53 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/03/02 20:52:52 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/03/02 20:52:52 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/03/02 20:52:52 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/03/02 20:52:52 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/03/02 20:52:52 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2011/03/02 20:52:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/03/02 20:52:52 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/03/02 20:52:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/03/02 20:52:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/03/02 20:52:52 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/03/02 20:52:52 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/03/02 20:52:51 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/03/02 20:52:51 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/03/02 20:52:51 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/03/02 20:52:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/03/02 20:52:50 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/03/02 20:52:49 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/03/02 20:52:49 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/03/02 20:52:49 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/03/02 20:52:49 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/03/02 20:52:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/03/02 20:52:48 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/03/02 20:52:48 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/03/02 20:52:48 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/03/02 20:52:48 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/03/02 20:52:48 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/03/02 20:52:48 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/03/02 20:52:48 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/03/02 20:52:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/03/02 20:52:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/03/02 20:52:48 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/03/02 20:52:47 | 001,490,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/03/02 20:52:47 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/03/02 20:52:47 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/03/02 20:52:47 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/03/02 20:52:47 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/03/02 20:52:47 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/03/02 20:52:47 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/03/02 20:52:47 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/03/02 20:52:47 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/03/02 20:52:47 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/03/02 20:52:46 | 002,272,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/03/02 20:52:46 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/03/02 20:52:46 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/03/02 20:52:46 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/03/02 20:52:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/03/02 20:52:46 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/03/02 20:52:46 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/03/02 20:52:46 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2011/03/02 20:52:46 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/03/02 20:52:46 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/03/02 20:52:46 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/03/02 20:52:46 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/03/02 20:52:45 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/03/02 20:52:45 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/03/02 20:52:45 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/03/02 20:52:45 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

========== Files Created - No Company Name ==========

[2011/03/28 18:07:32 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/03/22 19:15:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/22 19:15:32 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/22 19:15:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/22 19:15:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/22 18:55:33 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/03/21 19:38:19 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/03/21 19:38:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/20 11:23:38 | 000,032,648 | ---- | C] () -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2011/03/20 11:23:35 | 000,018,232 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2011/03/18 22:50:37 | 000,000,735 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2011/03/18 22:19:23 | 000,712,380 | ---- | C] () -- C:\Users\zonk\AppData\Local\census.cache
[2011/03/18 22:18:11 | 000,162,417 | ---- | C] () -- C:\Users\zonk\AppData\Local\ars.cache
[2011/03/18 21:54:43 | 000,000,036 | ---- | C] () -- C:\Users\zonk\AppData\Local\housecall.guid.cache
[2011/03/18 07:33:16 | 000,000,000 | ---- | C] () -- C:\Users\zonk\defogger_reenable
[2011/03/15 21:58:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/03/14 20:27:49 | 000,000,000 | -H-- | C] () -- C:\Users\zonk\Documents\Default.rdp
[2011/03/11 20:27:00 | 000,000,949 | ---- | C] () -- C:\Users\zonk\Desktop\Internet Explorer (64-bit).lnk
[2011/03/11 10:54:48 | 000,000,680 | ---- | C] () -- C:\Users\zonk\AppData\Local\d3d9caps.dat
[2011/03/09 21:35:46 | 000,000,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2011/03/08 21:25:04 | 000,001,457 | ---- | C] () -- C:\Users\zonk\.recently-used.xbel
[2011/03/08 12:25:37 | 000,000,732 | ---- | C] () -- C:\Users\zonk\AppData\Local\d3d9caps64.dat
[2011/03/02 20:52:55 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/03/02 20:52:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/01/18 20:47:32 | 000,000,173 | ---- | C] () -- C:\Users\zonk\AppData\Local\msmathematics.qat.zonk
[2010/12/17 18:34:35 | 001,528,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/15 21:27:55 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010/12/04 13:02:28 | 000,004,608 | ---- | C] () -- C:\Users\zonk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 06:45:50 | 000,000,333 | ---- | C] () -- C:\Windows\SysMech.INI
[2010/07/30 12:30:23 | 000,000,022 | -HS- | C] () -- C:\Users\zonk\AppData\Roaming\Sys6925.Config Collection.sys
[2010/07/30 12:30:23 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin
[2010/07/19 21:32:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/07/19 21:31:58 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/07/19 21:31:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/07/19 01:41:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/07/19 00:07:26 | 000,097,376 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/19 00:07:00 | 000,097,376 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/18 23:23:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/07/02 16:07:50 | 000,101,632 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/01/20 23:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 12:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 09:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 09:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 09:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 06:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/02/15 19:30:14 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\.anomos
[2010/09/21 06:28:12 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\.minecraft
[2010/12/17 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Auslogics
[2011/03/22 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\AVG10
[2011/03/06 12:24:12 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\BatteryCare
[2010/07/21 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\GARMIN
[2010/12/17 20:31:39 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\GlarySoft
[2011/03/08 21:25:04 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\gtk-2.0
[2011/03/20 11:23:48 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\IObit
[2011/03/28 01:44:59 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\iolo
[2011/03/26 08:37:43 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\QuickScan
[2011/03/08 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\SeriousBit
[2010/07/29 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Thunderbird
[2010/10/09 08:12:14 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Tific
[2010/07/23 17:52:50 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\WinBatch
[2011/01/05 15:45:18 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\Windows Live Writer
[2011/03/15 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\zonk\AppData\Roaming\WinPatrol
[2011/03/28 18:11:26 | 000,032,614 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#11 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 28 March 2011 - 04:51 PM

OTL Extras logfile created on: 3/28/2011 6:36:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Program Files (x86)\OLT
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.67 Gb Total Space | 192.06 Gb Free Space | 66.76% Space Free | Partition Type: NTFS
Drive D: | 10.41 Gb Total Space | 1.26 Gb Free Space | 12.13% Space Free | Partition Type: NTFS

Computer Name: DOD019-PC | User Name: zonk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 62 97 CD EA 4F 28 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EA36C9-5F96-4B7E-BCA2-559E2E700B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{2DE8B9C1-B69E-4930-B779-9EEADF2D0576}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{44C97B3B-B4E9-4255-B4FF-A71EBC9AFC42}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{66C95822-51FC-45DB-BE2E-51598B288770}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{8EAE5A0A-7DA4-4041-A06A-DDBFC4AE8F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{C733BD3A-5A35-4963-AEDF-B5A90A18CB1C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java™ SE Development Kit 6 Update 22 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24 (64-bit)
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"CCleaner" = CCleaner
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"NIS" = Norton Internet Security
"Revo Uninstaller" = Revo Uninstaller 1.91
"Smart Defrag 2_is1" = Smart Defrag 2
"StarCraft II" = StarCraft II

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome SxS" = Google Chrome Canary Build

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/27/2011 8:23:34 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8080.16413, time stamp
0x4d4ce896, faulting module jscript9.dll, version 9.0.8080.16413, time stamp 0x4d4ce9fb,
exception code 0xc0000005, fault offset 0x000000000004e964, process id 0x1258, application
start time 0x01cbec79b1ebff51.

Error - 3/27/2011 11:08:32 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000
Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7,
faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception
code 0xc0000005, fault offset 0x0057088e, process id 0xc18, application start time
0x01cbec90cda2afe0.

Error - 3/27/2011 11:08:57 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000
Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7,
faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception
code 0xc0000005, fault offset 0x0057088e, process id 0x13e4, application start time
0x01cbec90e296ea10.

Error - 3/27/2011 11:09:23 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000
Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7,
faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception
code 0xc0000005, fault offset 0x0057088e, process id 0x139c, application start time
0x01cbec90f154b7d0.

Error - 3/27/2011 11:10:03 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000
Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7,
faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception
code 0xc0000005, fault offset 0x0057088e, process id 0x13e4, application start time
0x01cbec9109f83e60.

Error - 3/27/2011 11:11:27 AM | Computer Name = dod019-PC | Source = Application Error | ID = 1000
Description = Faulting application SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7,
faulting module SC2.exe, version 1.3.0.18092, time stamp 0x4d7edbe7, exception
code 0xc0000005, fault offset 0x0057088e, process id 0x700, application start time
0x01cbec913bb65040.

Error - 3/27/2011 7:48:59 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/27/2011 7:59:21 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/27/2011 8:30:23 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/27/2011 9:20:27 PM | Computer Name = dod019-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 11/17/2010 9:48:56 AM | Computer Name = dod019-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 867
seconds with 600 seconds of active time. This session ended with a crash.

Error - 3/11/2011 9:42:44 AM | Computer Name = dod019-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/28/2011 4:59:57 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/28/2011 4:59:59 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/28/2011 4:59:59 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/28/2011 5:00:10 PM | Computer Name = dod019-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/28/2011 5:14:19 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/28/2011 5:15:20 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/28/2011 5:15:22 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/28/2011 5:15:22 PM | Computer Name = dod019-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/28/2011 5:15:33 PM | Computer Name = dod019-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 3/28/2011 5:29:29 PM | Computer Name = dod019-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =


< End of report >

#12 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 28 March 2011 - 06:13 PM

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-28 20:07:40
Windows 6.0.6002 Service Pack 2
Running: s26b1wi0.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186c8cf2b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186c8cf2b (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#13 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,103
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 28 March 2011 - 07:13 PM

Thanks for redoing those, zonk59.

Gmer is fine, just one thing to tidy up on OTL (as shown below), as yet nothing to worry about. I see you have been using Combofix

You should not run ComboFix unless you are specifically asked to by a helper.

Particularly in light of what you said at the start of the topic

Quote

I'm...not particularly good with computers


Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I would like to see what that found though.

Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.


Next open OTL again

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#14 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 29 March 2011 - 06:52 PM

Here's the results from combofix, usin the run cmd 2011-03-29 23:14:08 . 2011-03-29 23:14:08 566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-SolutoService.reg.dat 2011-03-29 23:12:27 . 2011-03-29 23:19:31 6,142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-03-29 23:03:25 . 2011-03-29 23:16:46 102 ----a-w- C:\Qoobox\Quarantine\catchme.log This log was also produced.... ComboFix 11-03-28.05 - zonk 03/29/2011 20:17:24.2.2 - x64 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.4062.2973 [GMT -3:00] Running from: C:\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 ))))))))))))))))))))))))))))))) . . 2011-03-29 23:20 . 2011-03-29 23:20 -------- d-----w- c:\users\zonk\AppData\Local\temp 2011-03-29 23:20 . 2011-03-29 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-29 20:31 . 2011-03-15 01:17 8424784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01862F09-F25A-42A1-8D82-FA6F2F000D39}\mpengine.dll 2011-03-29 00:28 . 2010-12-17 21:42 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52CB0828-5E58-4663-981A-D00B2DB39B51}\gapaengine.dll 2011-03-28 23:46 . 2011-03-28 23:46 -------- dc-h--w- c:\programdata\{8790345A-AF70-4319-B9E7-AAA25C6DCD42} 2011-03-28 23:46 . 2011-03-28 23:47 -------- d-----w- c:\programdata\Lavasoft 2011-03-28 23:46 . 2011-03-28 23:46 -------- d-----w- c:\program files (x86)\Lavasoft 2011-03-28 00:30 . 2011-03-28 00:30 -------- d-----w- C:\VritualRoot 2011-03-27 19:05 . 2011-03-28 21:41 -------- d-----w- c:\program files (x86)\OLT 2011-03-26 19:40 . 2011-03-26 19:40 -------- d-----w- c:\programdata\InstallMate 2011-03-26 19:40 . 2011-03-26 19:40 -------- d-----w- c:\program files (x86)\BillP Studios 2011-03-25 11:19 . 2010-12-17 21:42 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2011-03-23 23:55 . 2011-03-29 05:07 -------- d-----w- c:\users\zonk\SecurityScans 2011-03-23 21:43 . 2010-12-20 21:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-03-23 21:05 . 2011-03-23 21:01 1006764 ----a-w- C:\rkill.exe 2011-03-23 20:01 . 2011-03-23 20:01 -------- d-----w- c:\program files\COMODO 2011-03-22 22:45 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll 2011-03-22 22:45 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-03-22 22:45 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-03-22 22:45 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll 2011-03-22 22:45 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-03-22 21:55 . 2011-03-22 21:55 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2011-03-22 19:11 . 2011-03-22 19:11 -------- d-----w- c:\users\zonk\AppData\Roaming\AVG10 2011-03-22 19:08 . 2011-03-22 19:08 -------- d--h--w- c:\programdata\Common Files 2011-03-22 18:51 . 2011-03-29 05:09 -------- d-----w- c:\programdata\MFAData 2011-03-21 22:37 . 2011-03-21 22:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-03-20 14:23 . 2011-03-20 14:23 -------- d-----w- c:\users\zonk\AppData\Roaming\IObit 2011-03-20 14:23 . 2011-02-23 19:50 32648 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2011-03-20 14:23 . 2011-02-23 20:04 18232 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2011-03-20 14:23 . 2011-03-20 14:23 -------- d-----w- c:\program files (x86)\IObit 2011-03-19 01:50 . 2011-02-22 16:57 74824 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2011-03-19 01:50 . 2011-02-22 16:57 41888 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2011-03-19 01:50 . 2011-02-22 16:57 65072 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2011-03-19 01:50 . 2011-03-19 01:50 -------- d-----w- c:\program files (x86)\ThreatFire 2011-03-19 01:50 . 2011-03-19 01:50 -------- d-----w- c:\programdata\PC Tools 2011-03-18 23:42 . 2011-03-29 05:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-03-18 23:21 . 2011-03-18 23:21 -------- d-----w- c:\program files (x86)\ESET 2011-03-16 00:58 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe 2011-03-16 00:38 . 2011-03-16 00:38 -------- d-----w- c:\users\zonk\AppData\Roaming\WinPatrol 2011-03-15 23:44 . 2010-02-09 01:36 69000 ----a-w- c:\windows\system32\offreg.dll 2011-03-15 23:44 . 2010-02-09 00:59 56200 ----a-w- c:\windows\SysWow64\offreg.dll 2011-03-15 21:36 . 2011-03-15 21:36 -------- d-----w- c:\windows\system32\Macromed 2011-03-13 15:38 . 2011-03-13 15:38 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2 2011-03-12 01:11 . 2011-03-12 01:11 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2011-03-10 00:39 . 2011-03-10 00:39 -------- d-----w- c:\users\zonk\AppData\Local\FixItCenter 2011-03-10 00:35 . 2011-03-10 00:37 -------- d-----w- c:\windows\MATS 2011-03-10 00:35 . 2011-03-10 00:37 -------- d-----w- c:\program files\Microsoft Fix it Center 2011-03-09 00:24 . 2011-03-09 00:25 -------- d-----w- c:\users\zonk\AppData\Roaming\gtk-2.0 2011-03-09 00:24 . 2011-03-09 00:24 -------- d-----w- c:\users\zonk\.thumbnails 2011-03-09 00:16 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll 2011-03-09 00:16 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll 2011-03-09 00:16 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe 2011-03-09 00:16 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe 2011-03-09 00:16 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll 2011-03-09 00:16 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll 2011-03-09 00:16 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax 2011-03-09 00:16 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-03-09 00:16 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll 2011-03-09 00:16 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll 2011-03-09 00:16 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll 2011-03-09 00:16 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2011-03-08 22:34 . 2011-03-08 22:34 -------- d-----w- c:\users\zonk\AppData\Roaming\SeriousBit 2011-03-07 22:21 . 2011-03-29 05:09 -------- d-----w- c:\programdata\Comodo 2011-03-07 21:44 . 2011-03-06 20:47 35227976 ----a-w- c:\program files (x86)\Windows Defender\cispremium_installer_x86.exe 2011-03-06 20:13 . 2011-02-05 06:20 94208 ----a-w- c:\program files (x86)\Internet Explorer\fr\iediag.resources.dll 2011-03-06 20:07 . 2011-03-06 20:07 -------- d-----w- c:\users\zonk\AppData\Local\Apps 2011-03-06 15:05 . 2011-03-06 15:26 -------- d-----w- c:\windows\Driver Cache 2011-03-06 14:17 . 2011-03-06 14:17 -------- d-----w- c:\users\zonk\AppData\Roaming\CyberLink 2011-03-06 14:17 . 2011-03-06 14:17 -------- d-----w- c:\users\Public\CyberLink . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-11 04:54 . 2010-07-25 14:03 97928 ----a-w- c:\windows\system32\IncContxMenu.dll 2011-03-11 04:53 . 2010-07-25 14:03 14848 ----a-w- c:\windows\system32\smrgdf.exe 2011-03-11 04:53 . 2010-07-25 14:03 45568 ----a-w- c:\windows\system32\iolobtdfg.exe 2011-03-06 14:22 . 2010-10-09 20:04 521448 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-20 16:46 . 2011-02-09 23:24 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-01-20 16:17 . 2011-02-09 23:25 366592 ----a-w- c:\windows\system32\winspool.drv 2011-01-20 16:17 . 2011-02-09 23:24 625152 ----a-w- c:\windows\system32\dxgi.dll 2011-01-20 16:16 . 2011-02-09 23:24 287232 ----a-w- c:\windows\system32\d3d10core.dll 2011-01-20 16:16 . 2011-02-09 23:24 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-20 16:16 . 2011-02-09 23:24 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-20 16:16 . 2011-02-09 23:24 1268224 ----a-w- c:\windows\system32\d3d10.dll 2011-01-20 16:16 . 2011-02-09 23:24 748544 ----a-w- c:\windows\system32\stobject.dll 2011-01-20 16:16 . 2011-02-09 23:24 47104 ----a-w- c:\windows\system32\cdd.dll 2011-01-20 16:16 . 2011-02-09 23:24 3548672 ----a-w- c:\windows\system32\mf.dll 2011-01-20 16:16 . 2011-02-09 23:24 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 16:14 . 2011-02-09 23:24 278528 ----a-w- c:\windows\system32\mfplat.dll 2011-01-20 16:14 . 2011-02-09 23:24 195072 ----a-w- c:\windows\system32\mfps.dll 2011-01-20 16:08 . 2011-02-09 23:25 478720 ----a-w- c:\windows\SysWow64\dxgi.dll 2011-01-20 16:08 . 2011-02-09 23:24 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll 2011-01-20 16:08 . 2011-02-09 23:24 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll 2011-01-20 16:08 . 2011-02-09 23:24 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-01-20 16:08 . 2011-02-09 23:24 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2011-01-20 16:07 . 2011-02-09 23:24 258048 ----a-w- c:\windows\SysWow64\winspool.drv 2011-01-20 16:07 . 2011-02-09 23:24 586240 ----a-w- c:\windows\SysWow64\stobject.dll 2011-01-20 16:06 . 2011-02-09 23:24 2873344 ----a-w- c:\windows\SysWow64\mf.dll 2011-01-20 16:04 . 2011-02-09 23:24 209920 ----a-w- c:\windows\SysWow64\mfplat.dll 2011-01-20 16:04 . 2011-02-09 23:24 98816 ----a-w- c:\windows\SysWow64\mfps.dll 2011-01-20 15:01 . 2011-02-09 23:25 3068416 ----a-w- c:\windows\system32\xpsservices.dll 2011-01-20 15:01 . 2011-02-09 23:25 1653760 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-20 14:59 . 2011-02-09 23:24 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 14:58 . 2011-02-09 23:24 1461760 ----a-w- c:\windows\system32\OpcServices.dll 2011-01-20 14:57 . 2011-02-09 23:24 231936 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-20 14:42 . 2011-02-09 23:24 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-01-20 14:41 . 2011-02-09 23:24 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-01-20 14:40 . 2011-02-09 23:24 345088 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-20 14:40 . 2011-02-09 23:24 34304 ----a-w- c:\windows\system32\mfpmp.exe 2011-01-20 14:40 . 2011-02-09 23:24 377344 ----a-w- c:\windows\system32\mfmp4src.dll 2011-01-20 14:37 . 2011-02-09 23:25 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-20 14:35 . 2011-02-09 23:24 566272 ----a-w- c:\windows\system32\d3d10level9.dll 2011-01-20 14:28 . 2011-02-09 23:25 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll 2011-01-20 14:27 . 2011-02-09 23:25 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-01-20 14:25 . 2011-02-09 23:25 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll 2011-01-20 14:24 . 2011-02-09 23:24 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll 2011-01-20 14:15 . 2011-02-09 23:24 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll 2011-01-20 14:14 . 2011-02-09 23:24 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll 2011-01-20 14:14 . 2011-02-09 23:24 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll 2011-01-20 14:14 . 2011-02-09 23:24 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-01-20 14:12 . 2011-02-09 23:25 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2011-01-20 14:11 . 2011-02-09 23:24 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2011-01-20 14:06 . 2011-02-09 23:24 834048 ----a-w- c:\windows\system32\d2d1.dll 2011-01-20 13:47 . 2011-02-09 23:24 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-01-13 10:20 . 2010-10-10 01:10 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-01-08 09:03 . 2011-02-09 21:11 48128 ----a-w- c:\windows\system32\atmlib.dll 2011-01-08 08:47 . 2011-02-09 21:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-01-08 06:45 . 2011-02-09 21:11 367104 ----a-w- c:\windows\system32\atmfd.dll 2011-01-08 06:28 . 2011-02-09 21:11 292352 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-01-06 20:36 . 2011-01-06 20:36 89840 ----a-w- c:\windows\system32\drivers\inspect.sys 2011-01-06 20:36 . 2011-01-06 20:36 38864 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-01-06 20:36 . 2011-01-06 20:36 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-01-06 20:36 . 2011-01-06 20:36 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-12-31 14:16 . 2011-02-09 21:12 2757632 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-03-11 434360] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFileSharing"= 1 (0x1) "NoPrintSharing"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx64.sys [2011-02-25 1124472] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110303.001\IDSvia64.sys [2010-11-09 476792] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1205000.07D\Ironx64.SYS [x] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1205000.07D\SYMTDIV.SYS [x] R2 aswFsBlk;aswFsBlk; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152] R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328] R2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1205000.07D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1205000.07D\SYMEFA64.SYS [x] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . Contents of the 'Scheduled Tasks' folder . 2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753171281-177551788-2684807853-1001UA.job - c:\users\zonk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 19:01] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 2096424] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 8866120] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-03-16 325000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://exclusive.bellaliant.net/home.jsp uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb TCP: {46853A1B-FC8F-43E8-A257-60855A16501B} = 156.154.70.22,156.154.71.22 TCP: {B0F0C11A-5B88-4E53-B7A7-2818C42E62D8} = 156.154.70.22,156.154.71.22 FF - ProfilePath - c:\users\zonk\AppData\Roaming\Mozilla\Firefox\Profiles\zvfc4oju.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.livestrong.com/ FF - prefs.js: network.proxy.ftp - 127.0.0.1 FF - prefs.js: network.proxy.ftp_port - 8118 FF - prefs.js: network.proxy.gopher - 127.0.0.1 FF - prefs.js: network.proxy.gopher_port - 8118 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 8118 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 8118 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 8118 FF - prefs.js: network.proxy.type - 0 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-RunOnce- - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire] "AlternateImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_3_162_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_NameSpace_Catalog"="NameSpace_Catalog5" "Current_Protocol_Catalog"="Protocol_Catalog9" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-03-29 20:22:08 ComboFix-quarantined-files.txt 2011-03-29 23:22 ComboFix2.txt 2011-03-29 23:15 . Pre-Run: 206,079,225,856 bytes free Post-Run: 206,013,550,592 bytes free . - - End Of File - - CD0C92AB9D10475FC1A27FCC100C5870

#15 User is offline   zonk59 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 14
  • Joined: 18-March 11

Posted 29 March 2011 - 07:00 PM

2011-03-29 23:14:08 . 2011-03-29 23:14:08 566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-SolutoService.reg.dat 2011-03-29 23:12:27 . 2011-03-29 23:19:31 6,142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-03-29 23:03:25 . 2011-03-29 23:16:46 102 ----a-w- C:\Qoobox\Quarantine\catchme.log

========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully! OTL by OldTimer - Version 3.2.22.3 log created on 03292011_205745

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users