Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Rootkit-gen (hijack this log)


  • This topic is locked This topic is locked
20 replies to this topic

#1 burnedfaceless

burnedfaceless

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 07 June 2010 - 08:59 AM

Thank you for the analysis/help
---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:05 PM, on 6/3/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Brian\Documents\System32\rcex.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...buy&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...buy&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...buy&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: VirtualCamera IEMenu Class - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [System] C:\Users\Brian\Documents\System32\rcex.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: rcex.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12019 bytes

EDIT: Moved from Win 7 to more appropriate Malware Removal Logs forum ~ Hamluis.

Edited by hamluis, 07 June 2010 - 09:57 AM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:24 PM

Posted 10 June 2010 - 06:22 AM

Hi burnedfaceless, and welcome to Bleeping Computer.

Firstly,
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Secondly,
Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 10 June 2010 - 07:33 AM

Thanks for the reply. I already have run ant malware, but I will give old timer a try as soon as I get home.

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:24 PM

Posted 11 June 2010 - 06:59 AM

Hi burnedfaceless!!..

QUOTE(burnedfaceless @ Jun 10 2010, 02:33 PM) View Post
I will give old timer a try as soon as I get home.

Post when ready... smile.gif
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 13 June 2010 - 09:08 PM

Dude you are awesome.

I should provide more details.

AVG found a ton of stuff on my external harddrive, which is not here and is not included in the scans I am about to post.

The exe file in question was not picked up on by AVG, anti malware, spybot, adaware, or advanced system care. This file automatically places itself in the startup category. The name of the file is rcex.exe

I scanned the file at Jotti's malware scan - two scanners identified it as a rootkit. From what I've read these are very difficult to remove. I don't have a system restore disc, so I really appreciate the help.

Edited by burnedfaceless, 13 June 2010 - 09:18 PM.


#6 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 13 June 2010 - 09:11 PM

Here is the AVG log...there was a hidden directory on my external hard drive. Once again you don't know how much I appreciate this. I'm taking an arranging class next fall and need my right click for finale.


"Scan ""Scan whole computer"" was finished."
"Infections;""119"";""117"";""2"""
"Folders selected for scanning:;""Scan whole computer"""
"Scan started:;""Thursday, June 03, 2010, 7:24:54 PM"""
"Scan finished:;""Thursday, June 03, 2010, 8:08:11 PM (43 minute(s) 17 second(s))"""
"Total object scanned:;""525938"""
"User who launched the scan:;""Brian"""

Infections
"File;""Infection"";""Result"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP99\A0032512.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP99\A0032511.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP98\A0032389.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP98\A0032388.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP97\A0032385.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP97\A0032384.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP96\A0032362.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP96\A0032361.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP96\A0031327.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP96\A0031326.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP95\A0031323.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP95\A0031322.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP90\A0030923.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP90\A0030922.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP90\A0030836.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP90\A0030835.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP89\A0030832.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP89\A0030831.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP89\A0030812.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP89\A0030811.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP88\A0030808.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP88\A0030807.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP88\A0030723.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP88\A0030722.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP87\A0030709.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP87\A0030708.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP86\A0030621.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP86\A0030620.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP85\A0030617.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP85\A0030616.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP85\A0030590.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP85\A0030589.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP84\A0030459.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP84\A0030458.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP82\A0029447.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP82\A0029446.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP82\A0029361.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP82\A0029360.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP81\A0029352.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP81\A0029351.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP81\A0028399.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP81\A0028398.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP80\A0028395.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP80\A0028394.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP79\A0028391.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP79\A0028390.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP79\A0028359.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP59\A0019903.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP59\A0019902.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP58\A0018875.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP58\A0018874.CMD;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP58\A0017926.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP58\A0017925.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP57\A0017879.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP57\A0017878.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP56\A0017875.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP56\A0017874.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP55\A0016839.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP55\A0016838.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP54\A0016823.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP54\A0016822.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP54\A0016801.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP54\A0016800.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP53\A0016794.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP53\A0016793.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP52\A0016790.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP52\A0016789.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP52\A0016757.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP52\A0016756.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP51\A0016678.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP51\A0016677.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP50\A0016662.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP50\A0016661.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP49\A0016655.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP49\A0016654.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP49\A0016652.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP49\A0016651.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP44\A0015537.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP44\A0015536.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP33\A0010416.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP33\A0010415.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP32\A0010410.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP32\A0010409.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP32\A0010394.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP32\A0010393.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP31\A0010389.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP31\A0010388.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP30\A0010380.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP30\A0010379.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP24\A0008339.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP24\A0008338.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP108\A0036403.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP108\A0036402.CMD;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP108\A0036379.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP108\A0036378.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP107\A0036369.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP107\A0036352.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP107\A0036351.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP106\A0034955.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP106\A0034954.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP105\A0034879.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP105\A0034878.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP105\A0034866.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP105\A0034865.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP104\A0034851.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP104\A0034850.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP102\A0034721.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP102\A0034720.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP101\A0034708.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP101\A0034707.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP101\A0034688.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{B167DB97-9C16-49F9-8AD7-B377CD0AA8A6}\RP101\A0034687.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"F:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP31\A0015395.inf;""Virus found Worm/AutoRun"";""Moved to Virus Vault"""
"F:\software\MagicISO Maker v5.4 - (WinAll) Crack Incl\MagicISO Maker v5.4.EXE:\16.6251.exe;""Trojan horse Generic11.NDN"";""Moved to Virus Vault"""
"F:\software\MagicISO Maker v5.4 - (WinAll) Crack Incl\MagicISO Maker v5.4.EXE;""Trojan horse Generic11.NDN"";""Moved to Virus Vault"""
"F:\h.cmd;""Virus identified Worm/AutoRun.Y"";""Moved to Virus Vault"""
"C:\Users\Brian\Documents\software\Adaware Pro Internet Security 8 1 0\Ad-AwareInstallation.exe:\regfix.exe;""Trojan horse Dropper.Small.CCT"";""Infected"""
"C:\Users\Brian\Documents\software\Adaware Pro Internet Security 8 1 0\Ad-AwareInstallation.exe;""Trojan horse Dropper.Small.CCT"";""Infected"""
"C:\Users\Brian\AppData\Roaming\install\hpwindows;""Trojan horse Crypt.VYG"";""Moved to Virus Vault"""


#7 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 13 June 2010 - 09:13 PM

Some of these are pirated software, but most of them are not.

#8 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 13 June 2010 - 09:16 PM

OTL logfile created on: 6/13/2010 9:56:08 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Brian\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.68 Gb Total Space | 122.78 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.18 Gb Free Space | 16.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/13 21:55:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Downloads\OTL.exe
PRC - [2010/06/04 09:42:14 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/06/04 09:41:45 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/03 19:08:32 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/06/03 19:08:27 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/02 01:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/05/26 11:03:40 | 002,346,192 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/05/20 17:51:06 | 000,235,520 | ---- | M] () -- C:\Users\Brian\My Documents\System32\rcex.exe
PRC - [2010/05/19 19:24:19 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/19 19:24:18 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/04/09 19:05:06 | 000,408,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/08/29 02:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/23 23:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 14:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/13 21:55:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Downloads\OTL.exe
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/24 02:05:59 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 14:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2010/06/03 19:08:32 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/03 19:08:27 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/19 19:24:18 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/04 09:42:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/06/04 09:42:09 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/06/03 19:10:04 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/01/20 08:57:58 | 000,651,392 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/01/20 08:57:08 | 000,634,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/22 03:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009/07/13 20:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 14:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/19 14:41:18 | 000,185,864 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/09 09:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/03/13 03:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/09/05 13:04:48 | 000,077,872 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...buy&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...buy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...buy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...buy&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...buy&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 C2 80 18 E0 FF CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/15 03:26:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/06/04 13:12:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/03 19:09:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/02 10:09:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/30 04:09:20 | 000,000,000 | ---D | M]

[2009/12/25 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2010/06/04 04:16:02 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sbdy43o5.default\extensions
[2010/02/28 15:19:07 | 000,004,554 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sbdy43o5.default\searchplugins\aim-search-1.xml
[2010/01/05 10:22:27 | 000,004,554 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sbdy43o5.default\searchplugins\aim-search.xml
[2010/04/05 16:09:11 | 000,001,819 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\sbdy43o5.default\searchplugins\bing.xml
[2010/04/28 17:35:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/28 17:35:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (VirtualCamera IEMenu Class) - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - Reg Error: Value error. File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [System] C:\Users\Brian\My Documents\System32\rcex.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcex.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 166.102.165.11 166.102.165.13
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7dbe31f2-5015-11df-ba97-00269e7b5075}\Shell - "" = AutoRun
O33 - MountPoints2\{7dbe31f2-5015-11df-ba97-00269e7b5075}\Shell\AutoRun\command - "" = F:\LapNetWizard.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/10 23:37:00 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/10 23:36:59 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/10 23:36:59 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/10 23:36:58 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/10 23:36:58 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/10 23:36:57 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/10 23:36:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/10 23:36:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/10 23:36:56 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/10 23:36:56 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/10 23:36:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/10 23:36:52 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/10 23:36:23 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/10 23:36:23 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/10 23:36:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/10 23:36:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/04 09:41:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/06/04 04:15:38 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\AVG Security Toolbar
[2010/06/03 21:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/03 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\RegRun2
[2010/06/03 20:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2010/06/03 20:26:53 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\System32
[2010/06/03 20:14:25 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\AVG
[2010/06/03 19:57:37 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/03 19:31:20 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\IObit
[2010/06/03 19:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/06/03 19:10:12 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/06/03 19:10:10 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/06/03 19:10:03 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/06/03 19:10:01 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/06/03 19:10:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/06/03 19:09:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/06/03 19:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/06/03 19:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/06/03 19:04:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2010/06/03 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010/05/30 10:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/05/30 09:17:45 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\OneNote Notebooks
[2010/05/29 18:47:26 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/28 16:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame
[2010/05/21 19:35:22 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\install
[2010/05/20 21:23:39 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\ManyCam
[2010/05/20 18:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2010/05/20 17:52:58 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\ManyCam
[2010/05/19 19:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/05/19 19:47:10 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes
[2010/05/19 19:47:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/19 19:47:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/19 19:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/19 19:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/19 19:19:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/05/19 19:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/19 19:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/05/19 19:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/19 19:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/05/16 10:49:14 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\foobar2000
[2010/05/16 10:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/13 21:58:38 | 003,145,728 | -HS- | M] () -- C:\Users\Brian\ntuser.dat
[2010/06/13 21:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-657422210-1250072993-1257344210-1001UA.job
[2010/06/13 17:48:19 | 061,032,436 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/06/13 01:07:07 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-657422210-1250072993-1257344210-1001Core.job
[2010/06/12 18:50:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 18:50:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 13:41:10 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/12 13:41:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/12 13:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/12 13:40:50 | 332,550,143 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/12 13:38:40 | 005,485,295 | -H-- | M] () -- C:\Users\Brian\AppData\Local\IconCache.db
[2010/06/11 03:21:33 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrian.job
[2010/06/11 03:21:25 | 000,367,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/11 01:58:59 | 000,002,397 | ---- | M] () -- C:\Users\Brian\Desktop\Google Chrome.lnk
[2010/06/08 13:02:06 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/05 17:27:55 | 000,011,338 | ---- | M] () -- C:\Users\Brian\Documents\Four.docx
[2010/06/04 09:42:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/06/04 09:42:09 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/06/03 21:13:42 | 000,002,053 | ---- | M] () -- C:\Users\Brian\Desktop\HijackThis.lnk
[2010/06/03 20:59:50 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/06/03 20:59:50 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/06/03 20:59:50 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/06/03 20:26:23 | 000,093,424 | ---- | M] () -- C:\Users\Brian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/03 20:21:59 | 000,727,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/03 20:21:59 | 000,624,128 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/03 20:21:59 | 000,107,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/03 20:18:28 | 000,001,238 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2010/06/03 19:31:26 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/06/03 19:10:13 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/06/03 19:10:13 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/06/03 19:10:04 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/06/03 19:10:01 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/05/31 16:35:26 | 000,009,912 | ---- | M] () -- C:\Users\Brian\Documents\Songs.docx
[2010/05/31 14:05:45 | 004,122,775 | ---- | M] () -- C:\Users\Brian\Desktop\acousticjam.mp3
[2010/05/31 12:33:23 | 004,962,037 | ---- | M] () -- C:\Users\Brian\Desktop\mixture.mp3
[2010/05/30 17:14:47 | 000,005,632 | ---- | M] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/30 09:17:45 | 000,001,266 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/05/30 04:14:36 | 000,524,288 | -HS- | M] () -- C:\Users\Brian\ntuser.dat{3fceb682-6bc1-11df-98cb-00269e7b5075}.TMContainer00000000000000000002.regtrans-ms
[2010/05/30 04:14:36 | 000,524,288 | -HS- | M] () -- C:\Users\Brian\ntuser.dat{3fceb682-6bc1-11df-98cb-00269e7b5075}.TMContainer00000000000000000001.regtrans-ms
[2010/05/30 04:14:36 | 000,065,536 | -HS- | M] () -- C:\Users\Brian\ntuser.dat{3fceb682-6bc1-11df-98cb-00269e7b5075}.TM.blf
[2010/05/30 04:09:21 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/27 03:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/27 02:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/27 00:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 23:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/05/21 04:04:27 | 000,000,992 | ---- | M] () -- C:\Users\Brian\Desktop\Exact Audio Copy.lnk
[2010/05/21 01:52:30 | 001,192,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/05/21 01:47:27 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/05/21 01:18:06 | 000,977,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/05/21 01:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/05/20 17:51:06 | 000,235,520 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcex.exe
[2010/05/19 19:51:00 | 000,001,069 | ---- | M] () -- C:\Users\Brian\Desktop\ProcessScanner.lnk
[2010/05/19 19:47:05 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 19:25:35 | 000,015,688 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/19 19:19:35 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/19 19:15:01 | 000,001,218 | ---- | M] () -- C:\Users\Brian\Desktop\Spybot - Search & Destroy.lnk
[2010/05/16 10:49:10 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/10 21:02:30 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBrian.job
[2010/06/05 17:27:55 | 000,011,338 | ---- | C] () -- C:\Users\Brian\Documents\Four.docx
[2010/06/03 21:13:42 | 000,002,053 | ---- | C] () -- C:\Users\Brian\Desktop\HijackThis.lnk
[2010/06/03 20:59:50 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/06/03 20:59:50 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2010/06/03 20:59:50 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2010/06/03 19:31:29 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/03 19:31:26 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/06/03 19:10:13 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/06/03 19:10:01 | 061,032,436 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/06/03 19:10:01 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/05/31 16:35:25 | 000,009,912 | ---- | C] () -- C:\Users\Brian\Documents\Songs.docx
[2010/05/31 14:33:57 | 057,307,428 | ---- | C] () -- C:\Users\Brian\Desktop\7anniedon'twear.mp4
[2010/05/31 14:33:50 | 055,952,954 | ---- | C] () -- C:\Users\Brian\Desktop\6don'tstopthemusic.mp4
[2010/05/31 14:33:45 | 047,372,185 | ---- | C] () -- C:\Users\Brian\Desktop\5killingmesoftly.mp4
[2010/05/31 14:33:41 | 059,232,069 | ---- | C] () -- C:\Users\Brian\Desktop\4im in love with another man.mp4
[2010/05/31 14:33:36 | 052,293,274 | ---- | C] () -- C:\Users\Brian\Desktop\3waterfalls.mp4
[2010/05/31 14:33:30 | 055,802,059 | ---- | C] () -- C:\Users\Brian\Desktop\2prototype.mp4
[2010/05/31 14:33:26 | 037,664,297 | ---- | C] () -- C:\Users\Brian\Desktop\1smiley faces.mp4
[2010/05/31 12:23:55 | 004,122,775 | ---- | C] () -- C:\Users\Brian\Desktop\acousticjam.mp3
[2010/05/31 11:59:48 | 004,962,037 | ---- | C] () -- C:\Users\Brian\Desktop\mixture.mp3
[2010/05/30 09:17:45 | 000,001,266 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/05/30 04:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\Brian\ntuser.dat{3fceb682-6bc1-11df-98cb-00269e7b5075}.TMContainer00000000000000000002.regtrans-ms
[2010/05/30 04:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\Brian\ntuser.dat{3fceb682-6bc1-11df-98cb-00269e7b5075}.TMContainer00000000000000000001.regtrans-ms
[2010/05/30 04:06:56 | 000,065,536 | -HS- | C] () -- C:\Users\Brian\ntuser.dat{3fceb682-6bc1-11df-98cb-00269e7b5075}.TM.blf
[2010/05/21 04:04:27 | 000,000,992 | ---- | C] () -- C:\Users\Brian\Desktop\Exact Audio Copy.lnk
[2010/05/20 17:53:11 | 000,235,520 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcex.exe
[2010/05/19 22:25:08 | 000,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/05/19 19:51:00 | 000,001,069 | ---- | C] () -- C:\Users\Brian\Desktop\ProcessScanner.lnk
[2010/05/19 19:47:05 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 19:25:50 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/05/19 19:19:35 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/19 19:15:01 | 000,001,218 | ---- | C] () -- C:\Users\Brian\Desktop\Spybot - Search & Destroy.lnk
[2010/05/16 10:49:10 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010/04/01 22:49:59 | 000,002,091 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2010/03/21 00:46:05 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/17 23:10:22 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/02/17 23:07:04 | 001,053,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\V2WCDRV.sys
[2010/01/13 16:02:53 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI
[2010/01/07 13:42:39 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/12 13:40:49 | 000,004,700 | ---- | M] () -- C:\aaw7boot.log
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/06/12 13:40:50 | 332,550,143 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 19:09:13 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2010/02/27 03:11:17 | 000,000,696 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/06/12 13:40:49 | 1875,058,687 | -HS- | M] () -- C:\pagefile.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/29 02:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C8B8CEBD
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:C980DA7D
< End of report >


#9 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 13 June 2010 - 09:17 PM

OTL Extras logfile created on: 6/13/2010 9:56:08 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Brian\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.68 Gb Total Space | 122.78 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
Drive D: | 13.11 Gb Total Space | 2.18 Gb Free Space | 16.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"ARIA Engine_is1" = ARIA Engine v1.0.7.3
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"LSI Soft Modem" = LSI HDA Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0E26E09B-6687-4A99-BD08-A9E705373029}_is1" = Vyzex Pocket POD 1.10
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"BB_is1" = Band-in-a-Box 2006
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Finale 2010" = Finale 2010
"foobar2000" = foobar2000 v1.0.3
"Guitar Pro 5_is1" = Guitar Pro 5.1
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KWorld Editing Device Driver_is1" = KWorld Editing Device Driver
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"ProcessScanner_is1" = Uniblue ProcessScanner
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2010 2:09:32 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4bd40a55 Faulting module name: YCWebCameraSource.ax, version: 2.0.7487.3018, time
stamp: 0x4a39b2d6 Exception code: 0xc0000005 Fault offset: 0x0000422a Faulting process
id: 0x21ec Faulting application start time: 0x01caf06bcb338408 Faulting application
path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCWebCameraSource.ax
Report
Id: 2e4f08d3-5c5f-11df-b775-00269e7b5075

Error - 5/11/2010 5:30:45 PM | Computer Name = Brian-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/13/2010 12:30:25 AM | Computer Name = Brian-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/14/2010 5:21:27 PM | Computer Name = Brian-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/15/2010 5:39:12 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4bd40a55 Faulting module name: YCWebCameraSource.ax, version: 2.0.7487.3018, time
stamp: 0x4a39b2d6 Exception code: 0xc0000005 Fault offset: 0x0000422a Faulting process
id: 0x1420 Faulting application start time: 0x01caf475f626a2e7 Faulting application
path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCWebCameraSource.ax
Report
Id: 4ca3f6ff-606a-11df-b775-00269e7b5075

Error - 5/15/2010 5:39:56 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3743, time
stamp: 0x4bb4be02 Faulting module name: YCWebCameraSource.ax, version: 2.0.7487.3018,
time stamp: 0x4a39b2d6 Exception code: 0xc0000005 Fault offset: 0x0000422a Faulting
process id: 0x75c Faulting application start time: 0x01caf477191ae087 Faulting application
path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: c:\Program
Files (x86)\Hewlett-Packard\Media\Webcam\YCWebCameraSource.ax Report Id: 66e1e0dd-606a-11df-b775-00269e7b5075

Error - 5/16/2010 12:30:23 AM | Computer Name = Brian-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/17/2010 11:22:23 PM | Computer Name = Brian-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/19/2010 7:20:09 PM | Computer Name = Brian-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/19/2010 7:25:51 PM | Computer Name = Brian-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Hewlett-Packard Events ]
Error - 1/3/2010 2:26:15 PM | Computer Name = Brian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 1/3/2010 2:26:53 PM | Computer Name = Brian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Exception has been thrown by the target of an invocation. mscorlib

at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Object
reference not set to an instance of an object.

[ System Events ]
Error - 5/29/2010 2:38:07 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:38:07 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:38:07 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:38:12 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:38:12 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:39:27 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:39:27 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:39:27 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:39:27 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.

Error - 5/29/2010 2:39:27 PM | Computer Name = Brian-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 10.


< End of report >


#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:24 PM

Posted 14 June 2010 - 05:01 PM

Hi burnedfaceless!!.. smile.gif

I've had a busy day (almost a midnight here) - I'll review your logs later and reply tomorrow... Thank you for your patience...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 14 June 2010 - 07:13 PM

Thank you.

You are helping me for free. And you are actually helping me fix the problem. If I took my computer to a shop those clowns would format it, and I'd lose everything.

I don't know why you are doing this, but I appreciate it very much.

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:24 PM

Posted 15 June 2010 - 02:17 PM

Hi again burnedfaceless!!.. smile.gif

QUOTE(burnedfaceless @ Jun 14 2010, 04:11 AM) View Post
Here is the AVG log...there was a hidden directory on my external hard drive.

Yep, a hidden System Volume Information folder - it's related to the System Restore function...

It looks like there is/was a flash drive infection present on that external drive... We'll take care of that later...

QUOTE(burnedfaceless @ Jun 14 2010, 04:13 AM) View Post
Some of these are pirated software, but most of them are not.

Ok - lesson learned - using pirated software/cracks/keygens may lead to getting infected!!..

QUOTE(burnedfaceless @ Jun 15 2010, 02:13 AM) View Post
You are helping me for free. And you are actually helping me fix the problem. If I took my computer to a shop those clowns would format it, and I'd lose everything.

Yep, format is the easiest solution - but if they take money for it, they're real clowns - as you described them!.. laugh.gif

QUOTE
I don't know why you are doing this, but I appreciate it very much.

Wow, I'm not sure as well tongue.gif I got helped many years ago - I just learned then how to help others - and here I am - spending some of my free time on this... smile.gif

Ok, let's get rid of the infection (note: rootkit infections, at this moment, are not possible on 64bit machines):

Firstly,
I suggest you uninstall IObit's Advanced SystemCare 3 - that company stole Malwarebytes’ Intellectual Property...

If you decide, use: Start -> Control Panel -> Programs and Features

Secondly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (VirtualCamera IEMenu Class) - {0246A1A7-820A-469A-85A7-7B7F01EB808C} - Reg Error: Value error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKCU..\Run: [System] C:\Users\Brian\My Documents\System32\rcex.exe ()
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] File not found
    O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcex.exe ()
    O34 - HKLM BootExecute: (ootExecute settings...) - File not found
    O34 - HKLM BootExecute: (ount) - File not found
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Thirdly,
If you don't recognise this folder in bold:
C:\Users\Brian\Documents\System32 - delete it...

Then,
One of the other computers you plug your external drive into has a so called flash drive infection... I suggest you use Panda USB Vaccine (described on my page: link) to secure it - so that it doesn't spread the infection... Use USB Vaccination option in the program...

If you know what computer might be infected, we may need to clean it as well...

Finally,
After running a fix with OTL, this folder should appear: c:\_OTL
Could you add it to archive (for example by right-clicking it and choosing: "Send to" --> "Compressed (zipped) Folder") and send it to my site?
Go to this site, click on Browse, and choose the zipped file...

In the text box paste a link to this thread and/or add any useful information, if you want to.
Then, click Upload. Allow the file to be uploaded - wait till: The file has been uploaded! appears.
Please let me know once you do this.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 18 June 2010 - 05:08 PM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0246A1A7-820A-469A-85A7-7B7F01EB808C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0246A1A7-820A-469A-85A7-7B7F01EB808C}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\System deleted successfully.
C:\Users\Brian\My Documents\System32\rcex.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Flags deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\Title deleted successfully.
C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rcex.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:ootExecute settings... deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:ount deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 767245789 bytes
->Temporary Internet Files folder emptied: 14605252 bytes
->Java cache emptied: 45736508 bytes
->FireFox cache emptied: 43593573 bytes
->Google Chrome cache emptied: 67783078 bytes
->Flash cache emptied: 2464 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2093390 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 898.00 mb


[EMPTYFLASH]

User: All Users

User: Brian
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06182010_180248

Files\Folders moved on Reboot...
C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


#14 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 18 June 2010 - 05:12 PM

My right click still does not work. Any ideas?

edit: that is why I haven't been able to add to your archive.

edit 2:rcex.exe seems to be gone. i deleted system 32. about to restart and looking foward to your analysis of txt document, and ideas.

it's def. running faster!

Edited by burnedfaceless, 18 June 2010 - 05:14 PM.


#15 burnedfaceless

burnedfaceless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 20 June 2010 - 11:05 AM

The right click was a hardware issue. My computer is running faster than ever. I bought a wireless mouse and it is right clicking. I will post the file to your site. I'm by my external, so I'm about to fix it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users