Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% rundll32.exe CPU Usage


  • This topic is locked This topic is locked
18 replies to this topic

#1 maximo3491

maximo3491

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 04 September 2010 - 03:00 AM

Hi,

I have recently been getting high CPU usage (loud computer noise as well) on rundll32.exe. I confirmed that it is infact the correct C:\Windows\System32\rundll32.exe and not some malware copy located in a different folder. I ran a quick scan of MalwareBytes AntiMalware and found nothing. I ran a full scan using SpyBot Search and Destroy and found a few registry keys that came up and needed to be fixed (which I did). I am going to run MalwareBytes AntiMalware full scan overnight and see if I find anything.

Can anyone help me please?

Windows 7 Pro 32Bit
Dell Studio XPS 16
Intel Core 2 Duo P8600 2.4 Ghz
4GB RAM

Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:34:08 AM, on 9/4/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Maxim\Documents\Autohotkey\Itunes Helper\Itunes Hardkey Helper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\mobsync.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Maxim\Downloads\HijackThis.exe
C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.105.176.6:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunes Hardkey Helper] C:\Users\Maxim\Documents\Autohotkey\Itunes Helper\Itunes Hardkey Helper.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://iconnect.bbh.com
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://iconnect.bbh.com/vdesk/terminal/InstallerControl.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5syschk.cab
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll acaptuser32.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\STacSV.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 13683 bytes


BC AdBot (Login to Remove)

 


#2 xSMITHX

xSMITHX

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 04 September 2010 - 05:30 AM

It looks as though you have a rootkit; but I need a little more information before we can do anything to fix this problem.




First, please turn on Window's Firewall. To do this click START -> CONTROL PANEL -> WINDOWS FIREWALL -> then on the left hand side click 'Turn Window's Firewall off or on' and choose the ON option; then OK.





Next please Download OTL from the following mirror: MIRROR

Save it to your Desktop


Double click to open and check the Scan All Users checkbox.

Push the Run Scan button.





Two reports will open OTL.txt and Extras.txt. Please copy and paste both logs here.







XSMITHX thumbup2.gif

#3 maximo3491

maximo3491
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 04 September 2010 - 08:17 AM

Hey,

Thanks for all the help. MBAM full scan returned no results. Here are the two files for OTL.

OTL.txt
QUOTE
OTL logfile created on: 9/4/2010 9:07:44 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Maxim\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 120.14 Gb Free Space | 42.45% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.66 Gb Free Space | 37.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAX
Current User Name: Maxim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/04 09:07:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Maxim\Desktop\OTL.exe
PRC - [2010/08/17 21:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/07/09 09:51:24 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/08 03:12:36 | 000,623,984 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010/05/31 16:57:14 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2010/05/31 16:57:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010/05/31 16:57:07 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgfws8.exe
PRC - [2010/05/31 16:18:56 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2010/05/31 16:18:56 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2010/05/31 16:18:55 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2010/05/31 16:18:55 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2010/04/28 01:32:06 | 000,207,246 | ---- | M] () -- C:\Users\Maxim\My Documents\Autohotkey\Itunes Helper\Itunes Hardkey Helper.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/01/21 04:10:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/01/21 04:10:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\stacsv.exe
PRC - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/02 16:22:26 | 002,931,280 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/06/25 18:48:44 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/06/25 18:48:16 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/17 07:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\AEstSrv.exe
PRC - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/11/22 11:49:08 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


========== Modules (SafeList) ==========

MOD - [2010/09/04 09:07:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Maxim\Desktop\OTL.exe
MOD - [2010/05/31 16:19:04 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/08 03:12:36 | 000,623,984 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/05/31 19:03:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/31 16:57:09 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/05/31 16:57:07 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2010/05/31 16:41:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/31 16:18:55 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/01/21 04:10:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\stacsv.exe -- (STacSV)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/07/22 23:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/25 18:48:16 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/03/30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\AEstSrv.exe -- (AESTFilters)
SRV - [2008/07/10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/07/21 03:30:20 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2010/06/08 02:35:28 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010/05/31 19:10:47 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/05/31 16:19:03 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/05/31 16:19:01 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/31 16:18:58 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/31 16:18:57 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/31 16:18:50 | 000,023,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/02/24 09:02:52 | 000,064,032 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2010/01/21 04:10:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/17 18:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/09 17:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/08/06 01:58:52 | 000,222,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/25 19:23:46 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/15 13:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/06/05 08:28:12 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/05/28 10:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/10/26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 8D 3C AA 6F 12 CB 01 [binary data]
IE - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.105.176.6:80

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/31 17:28:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/10 14:33:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/10 14:33:31 | 000,000,000 | ---D | M]

[2010/08/07 10:01:11 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Mozilla\Extensions
[2010/08/07 10:01:11 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
[2010/08/22 18:18:53 | 000,000,000 | ---D | M] -- C:\Users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\7phosobi.default\extensions
[2010/07/10 14:33:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/07 10:33:04 | 000,001,319 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunes Hardkey Helper] C:\Users\Maxim\My Documents\Autohotkey\Itunes Helper\Itunes Hardkey Helper.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\..Trusted Domains: bbh.com ([iconnect] http in Trusted sites)
O15 - HKU\S-1-5-21-1927525646-3699343071-3442683469-1001\..Trusted Domains: bbh.com ([iconnect] https in Trusted sites)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT AntiViruses Class)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT FireWalls Class)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://iconnect.bbh.com/vdesk/terminal/InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5syschk.cab (F5 Networks OS Policy Agent)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} C:\Users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab (F5 Networks OPSWAT Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/31 16:57:34 | 000,000,000 | ---D | M] - C:\Auto Gametypes -- [ NTFS ]
O32 - AutoRun File - [2010/05/31 16:57:48 | 000,000,000 | ---D | M] - C:\Auto Gametypes Basic -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01dd9554-8f1a-11df-bbb1-002219f68f4e}\Shell - "" = AutoRun
O33 - MountPoints2\{01dd9554-8f1a-11df-bbb1-002219f68f4e}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{01dd9556-8f1a-11df-bbb1-002219f68f4e}\Shell - "" = AutoRun
O33 - MountPoints2\{01dd9556-8f1a-11df-bbb1-002219f68f4e}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{01dd9558-8f1a-11df-bbb1-002219f68f4e}\Shell - "" = AutoRun
O33 - MountPoints2\{01dd9558-8f1a-11df-bbb1-002219f68f4e}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\{788b8646-8948-11df-b4c3-002219f68f4e}\Shell - "" = AutoRun
O33 - MountPoints2\{788b8646-8948-11df-b4c3-002219f68f4e}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{79d36324-8246-11df-a416-002219f68f4e}\Shell - "" = AutoRun
O33 - MountPoints2\{79d36324-8246-11df-a416-002219f68f4e}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/04 09:07:12 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Maxim\Desktop\OTL.exe
[2010/09/03 21:26:54 | 000,000,000 | ---D | C] -- C:\Users\Maxim\AppData\Local\Sunbelt Software
[2010/09/03 21:26:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2010/09/03 21:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/03 20:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/03 20:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/03 00:55:46 | 000,000,000 | ---D | C] -- C:\Users\Maxim\AppData\Local\ElevatedDiagnostics
[2010/09/02 12:59:40 | 000,000,000 | ---D | C] -- C:\Users\Maxim\AppData\Local\Beltronics,_Inc
[2010/09/02 12:35:08 | 000,000,000 | ---D | C] -- C:\Users\Maxim\Documents\Detector Data
[2010/09/02 12:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Beltronics
[2010/09/02 03:52:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/30 01:30:07 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Maxim\Documents\Process Explorer.exe
[2010/08/26 18:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/08/26 18:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/08/26 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/08/26 16:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/25 21:52:31 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/08/24 15:40:09 | 000,274,432 | ---- | C] (Riverdeep Interactive Learning Limited) -- C:\Windows\TLCUninstall.exe
[2010/08/24 15:39:57 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/08/23 13:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2010/08/21 16:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\WriteExpress
[2010/08/16 18:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Winspector
[2010/08/16 13:29:12 | 000,000,000 | ---D | C] -- C:\Users\Maxim\AppData\Roaming\PE Explorer
[2010/08/14 21:01:30 | 000,000,000 | ---D | C] -- C:\Users\Maxim\Desktop\1
[2010/08/13 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010/08/11 13:32:19 | 000,197,632 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/08/11 13:32:19 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 13:32:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 13:32:12 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 13:32:11 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/11 13:32:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/11 13:32:06 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/11 13:32:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/11 13:32:06 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 13:32:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/11 13:32:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/11 13:32:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/11 13:32:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/11 13:31:59 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/07 10:32:09 | 000,127,376 | ---- | C] (Deterministic Networks, Inc.) -- C:\Windows\System32\drivers\dne2000.sys
[2010/08/07 10:32:09 | 000,101,904 | ---- | C] (Deterministic Networks, Inc.) -- C:\Windows\System32\dneinobj.dll
[2010/08/07 10:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2010/08/07 10:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2010/08/07 10:31:23 | 000,000,000 | ---D | C] -- C:\Windows\871DF2BE41D24334AC33839AF16FC8FE.TMP
[2010/08/07 10:23:54 | 000,398,704 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcSmartCardProv.dll
[2010/08/07 10:23:54 | 000,345,456 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcCredProv.dll
[2010/08/07 10:01:07 | 000,000,000 | ---D | C] -- C:\Users\Maxim\AppData\Roaming\OpenVPN Technologies
[2010/08/07 10:01:07 | 000,000,000 | ---D | C] -- C:\Users\Maxim\AppData\Local\OpenVPN Technologies
[2010/08/07 10:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN Technologies
[2010/05/31 18:39:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Maxim\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/04 09:11:59 | 005,767,168 | -HS- | M] () -- C:\Users\Maxim\NTUSER.DAT
[2010/09/04 09:07:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Maxim\Desktop\OTL.exe
[2010/09/04 09:04:37 | 064,281,946 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/04 08:19:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1927525646-3699343071-3442683469-1001UA.job
[2010/09/04 06:29:03 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 06:29:03 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At96.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At93.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At92.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At88.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At78.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At77.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At53.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At458.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At447.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At446.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At444.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At441.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At434.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At429.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At393.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At390.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At371.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At359.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At356.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At354.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At324.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At321.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At317.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At305.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At297.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At262.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At256.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At252.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At249.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At167.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At155.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At141.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At137.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At131.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At119.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At115.job
[2010/09/04 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At110.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At83.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At81.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At79.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At74.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At71.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At59.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At52.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At467.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At456.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At454.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At433.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At409.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At405.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At392.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At380.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At364.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At362.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At355.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At327.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At301.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At285.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At282.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At258.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At189.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At182.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At178.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At175.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At172.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At159.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At142.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At140.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At136.job
[2010/09/04 06:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At100.job
[2010/09/04 02:22:42 | 000,869,986 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/04 02:22:42 | 000,725,130 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/04 02:22:42 | 000,145,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/03 22:10:40 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/03 22:09:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/03 22:09:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/03 22:09:09 | 2388,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/03 21:03:27 | 000,007,591 | ---- | M] () -- C:\Users\Maxim\AppData\Local\Resmon.ResmonCfg
[2010/09/03 16:19:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1927525646-3699343071-3442683469-1001Core.job
[2010/09/02 13:25:58 | 000,012,144 | ---- | M] () -- C:\Users\Maxim\Desktop\1.xlsx
[2010/09/01 14:55:00 | 003,776,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/27 20:47:02 | 000,115,152 | ---- | M] () -- C:\Users\Maxim\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/25 21:54:20 | 000,018,031 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010/08/25 21:52:31 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010/08/25 21:52:31 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2010/08/25 21:47:48 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/25 06:00:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At333.job
[2010/08/24 15:42:23 | 000,000,039 | ---- | M] () -- C:\Windows\WININIT.INI
[2010/08/24 15:39:57 | 000,000,000 | ---- | M] () -- C:\Windows\setup32.INI
[2010/08/12 20:46:51 | 000,015,108 | ---- | M] () -- C:\Users\Maxim\Documents\Money Balance.xlsx
[2010/08/07 10:32:41 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF
[2010/08/07 10:31:55 | 000,002,641 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/03 21:32:31 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/01 20:48:18 | 000,012,144 | ---- | C] () -- C:\Users\Maxim\Desktop\1.xlsx
[2010/08/25 21:52:32 | 000,018,031 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/08/25 21:52:31 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2010/08/25 21:46:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/24 15:42:23 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/08/24 15:39:57 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2010/08/07 10:31:55 | 000,002,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/08/07 10:31:41 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF
[2010/07/31 14:50:57 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/07/31 14:50:57 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/07/31 14:50:57 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/07/20 18:34:19 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/07/20 18:34:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/07/11 23:45:57 | 000,007,591 | ---- | C] () -- C:\Users\Maxim\AppData\Local\Resmon.ResmonCfg
[2010/07/11 23:32:46 | 000,031,905 | ---- | C] () -- C:\Users\Maxim\AppData\Roaming\SQLite3.dll
[2010/06/29 21:17:45 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll
[2010/06/25 19:54:36 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/05/31 18:39:52 | 000,000,671 | ---- | C] () -- C:\Users\Maxim\AppData\Roaming\vso_ts_preview.xml
[2010/05/31 18:39:29 | 000,000,034 | ---- | C] () -- C:\Users\Maxim\AppData\Roaming\pcouffin.log
[2010/05/31 18:39:08 | 000,087,608 | ---- | C] () -- C:\Users\Maxim\AppData\Roaming\inst.exe
[2010/05/31 18:39:08 | 000,007,887 | ---- | C] () -- C:\Users\Maxim\AppData\Roaming\pcouffin.cat
[2010/05/31 18:39:08 | 000,001,144 | ---- | C] () -- C:\Users\Maxim\AppData\Roaming\pcouffin.inf
[2010/05/31 17:41:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/31 17:21:45 | 000,000,808 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll_BAK
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/10/26 14:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2005/08/06 22:16:23 | 000,003,682 | -H-- | C] () -- C:\Users\Maxim\AppData\Roaming\cglogs.dat
< End of report >


Extras.txt
QUOTE
OTL Extras logfile created on: 9/4/2010 9:07:44 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Maxim\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 120.14 Gb Free Space | 42.45% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.66 Gb Free Space | 37.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAX
Current User Name: Maxim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1927525646-3699343071-3442683469-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Maxim\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1 -- [2010/09/02 01:48:09 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1 -- [2010/09/02 01:48:09 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1 -- [2010/09/02 01:48:09 | 000,000,000 | ---D | M]
"EnableFirewall" = 1 -- [2010/09/02 01:48:09 | 000,000,000 | ---D | M]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{32035669-806B-4A6B-95C0-62A54BFE2A6D}" = Detector Tools
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java™ SE Development Kit 6 Update 20
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{720DAF8C-F9FD-4236-8EDD-75219B21E276}" = WriteExpress 3,001 Business & Sales Letters
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.2.153
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4D77A09-10EA-4574-8C09-9B6E1A21C95F}" = Virus Guard - powered by BitDefender
"{A505FBE1-7175-61A6-FFD4-3273998ACBFE}" = ccc-utility
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{EB68307E-4E70-0C63-2CEE-62FA85C88CA6}" = ATI Catalyst Install Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVG8Uninstall" = AVG 8.5
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"Diablo II" = Diablo II
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GenoPro" = GenoPro 2.0.1.6
"Google Calendar Sync" = Google Calendar Sync
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{720DAF8C-F9FD-4236-8EDD-75219B21E276}" = WriteExpress 3,001 Business & Sales Letters
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Office14.EXCEL" = Microsoft Excel 2010
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.PUBLISHER" = Microsoft Publisher 2010
"Office14.WORD" = Microsoft Word 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.12
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.1
"WinRAR archiver" = WinRAR archiver
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1927525646-3699343071-3442683469-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2010 5:44:12 PM | Computer Name = Max | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4181

Error - 9/3/2010 9:26:41 PM | Computer Name = Max | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/3/2010 9:31:03 PM | Computer Name = Max | Source = VSS | ID = 13
Description =

Error - 9/3/2010 9:31:03 PM | Computer Name = Max | Source = VSS | ID = 8193
Description =

Error - 9/3/2010 9:31:03 PM | Computer Name = Max | Source = VSS | ID = 13
Description =

Error - 9/3/2010 9:31:03 PM | Computer Name = Max | Source = VSS | ID = 8193
Description =

Error - 9/3/2010 9:49:09 PM | Computer Name = Max | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 9/3/2010 10:12:39 PM | Computer Name = Max | Source = Windows Search Service | ID = 1019
Description =

Error - 9/4/2010 2:50:01 AM | Computer Name = Max | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 9/4/2010 4:13:06 AM | Computer Name = Max | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

[ System Events ]
Error - 9/3/2010 9:32:18 PM | Computer Name = Max | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/3/2010 9:32:18 PM | Computer Name = Max | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/3/2010 9:32:18 PM | Computer Name = Max | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/3/2010 9:32:18 PM | Computer Name = Max | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/3/2010 9:32:18 PM | Computer Name = Max | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/3/2010 9:32:18 PM | Computer Name = Max | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/3/2010 9:32:28 PM | Computer Name = Max | Source = DCOM | ID = 10005
Description =

Error - 9/3/2010 9:32:28 PM | Computer Name = Max | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/3/2010 9:32:29 PM | Computer Name = Max | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/3/2010 9:49:09 PM | Computer Name = Max | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.


< End of report >


#4 maximo3491

maximo3491
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 04 September 2010 - 09:34 AM

Also, here is a RKUnhookerLE report for drivers and stealth only.

QUOTE
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x90604000 C:\Windows\system32\DRIVERS\atikmdag.sys 5324800 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x90C1B000 C:\Windows\system32\DRIVERS\netw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x82C43000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C43000 PnpManager 4259840 bytes
0x82C43000 RAW 4259840 bytes
0x82C43000 WMIxWDM 4259840 bytes
0x95910000 Win32k 2400256 bytes
0x95910000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B435000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x83A27000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90B18000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B231000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x832F6000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9F6CD000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9F63D000 C:\Windows\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0x99A6A000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83223000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x83824000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x91A19000 C:\Windows\system32\DRIVERS\stwrt.sys 442368 bytes (IDT, Inc., IDT PC Audio)
0x8FE0A000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x83B94000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E6B9000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x91126000 C:\Windows\system32\DRIVERS\itecir.sys 364544 bytes (ITE Tech. Inc. , ITE Consumer IR Driver for eHome)
0x910D4000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0x8FE9A000 C:\Windows\System32\Drivers\avgldx86.sys 331776 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x99BAB000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9F79C000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x95800000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8FF45000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83965000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x838A3000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x99A01000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9150C000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832B4000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8E79F000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B5B8000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B2E8000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9102E000 C:\Windows\system32\DRIVERS\k57nd60x.sys 245760 bytes (Broadcom Corporation, Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver.)
0x99B3D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FF0C000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82C0C000 ACPI_HAL 225280 bytes
0x82C0C000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x911A4000 C:\Windows\system32\DRIVERS\SynTP.sys 217088 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8E75A000 C:\Windows\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x833A1000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x914BC000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B35B000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E687000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B57E000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x91BBC000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x9157D000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B400000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9106A000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x83B56000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x915C5000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x838FC000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91494000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8B39E000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B326000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9F600000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x91B0B000 C:\Windows\system32\DRIVERS\CtClsFlt.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0xBA2BC000 C:\Windows\system32\DRIVERS\Dot4.sys 147456 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x91AE7000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x839CF000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x99B1A000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9140B000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9F76E000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8FEEB000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x83200000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8B200000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x90BCF000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E71A000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x95BA0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8FF9F000 C:\Windows\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0x91561000 C:\Windows\system32\drivers\AtiHdmi.sys 114688 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0x91B77000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x99B78000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91B92000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8E66E000 C:\Windows\System32\Drivers\avgtdix.sys 102400 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x99AEF000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x915AC000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x91096000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8FE6E000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9117F000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8FFCF000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9142D000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x91445000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9145C000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E64C000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x91AD0000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x839B0000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x910C0000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x91A94000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x83B81000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x99A57000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E747000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8FFBD000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x911EE000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x99B08000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B38D000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91B51000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x833D5000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91550000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83931000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8329B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x910AF000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x91BAC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B34B000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x99A47000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E78F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83955000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91A85000 C:\Windows\system32\DRIVERS\hidir.sys 61440 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x833E6000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes
0x8FF90000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8FE86000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x914F0000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8E739000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E635000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83800000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x83BF1000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x914FE000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xBA296000 C:\Windows\system32\DRIVERS\usbscan.sys 57344 bytes (Microsoft Corporation, USB Scanner Driver)
0x83895000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x90C0D000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x91B2F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0xBA2AF000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x91197000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x911DB000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9F78F000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x9F62F000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x83A15000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8E600000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x91AAE000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x91473000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x83A09000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8394A000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x91B3C000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0xBA28B000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xBA3A8000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x91ABA000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8E62A000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FFE7000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E663000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xBA2A4000 C:\Windows\system32\DRIVERS\usbprint.sys 45056 bytes (Microsoft Corporation, USB Printer driver)
0x90BEE000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x91489000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x83926000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x91B47000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x91B62000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x839F2000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E7EA000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E7E0000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9147F000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9F764000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9F625000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x8380E000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xBA282000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x839C6000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8E643000 C:\Windows\system32\DRIVERS\avgfwd6x.sys 36864 bytes (AVG Technologies CZ, s.r.o., AVG Filter Driver)
0xBA2E0000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x83A00000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA3B3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x83817000 C:\Windows\system32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x95B70000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B5AF000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x90C00000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x838EB000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832AC000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83942000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8B42D000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA1000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x838F4000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8B3F8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x833F5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8E622000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B5F7000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8B226000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91AA7000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8B21F000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E713000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8FE94000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x911E8000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8E7F4000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x90C09000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9F7EB000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA3A6000 C:\Windows\system32\5EAF.tmp 8192 bytes
0x8B3C3000 C:\Windows\System32\Drivers\avgrkx86.sys 8192 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x914BA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x911D9000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00640000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 102400 bytes
0x057F0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 102400 bytes
0x07600000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 102400 bytes
0x03F70000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 110592 bytes
0x00690000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x86F43D40 ] PID: 4800, 118784 bytes
0x00950000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 118784 bytes
0x07390000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 1224704 bytes
0x07900000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 126976 bytes
0x071E0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 1740800 bytes
0x07180000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 208896 bytes
0x05970000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 217088 bytes
0x075B0000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 282624 bytes
0x007B0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x86F43D40 ] PID: 4800, 28672 bytes
0x007E0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x86F43D40 ] PID: 4800, 28672 bytes
0x00630000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x00660000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x00A60000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x00C10000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x00C40000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x03DC0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x03D70000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x03D60000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x03DD0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x04110000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x042A0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x042B0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x042D0000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x04400000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x04470000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x04630000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x04600000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x04620000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x04610000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x050B0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x05200000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x052C0000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x05540000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x05760000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x05770000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x057C0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x057B0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x05810000 Hidden Image-->atixclib.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x05960000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x065F0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x06740000 Hidden Image-->Branding.dll [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x06770000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 28672 bytes
0x05880000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Wizard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 315392 bytes
0x07690000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 323584 bytes
0x07740000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 339968 bytes
0x04240000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 348160 bytes
0x00340000 Hidden Image-->MemeoRemoteCore.dll [ EPROCESS 0x89F37D40 ] PID: 2400, 36864 bytes
0x03C10000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x86F43D40 ] PID: 4800, 36864 bytes
0x00990000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x00C00000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x04490000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x047A0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x04750000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x04B00000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x052A0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x05940000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x065E0000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 36864 bytes
0x076E0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 372736 bytes
0x07620000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 405504 bytes
0x058D0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 413696 bytes
0x06560000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 421888 bytes
0x006C0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x86F43D40 ] PID: 4800, 45056 bytes
0x006D0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x86F43D40 ] PID: 4800, 45056 bytes
0x03B00000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x86F43D40 ] PID: 4800, 45056 bytes
0x003D0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 45056 bytes
0x00620000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 45056 bytes
0x007C0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 45056 bytes
0x00BC0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x85872030 ] PID: 5424, 45056 bytes
0x04760000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 45056 bytes
0x04790000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 45056 bytes
0x04AF0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 45056 bytes
0x05040000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 45056 bytes
0x063E0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 503808 bytes
0x00A40000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x00A50000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x00BF0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x00C30000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x03DB0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x04480000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x04640000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x048C0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x05290000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x057A0000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x057D0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x05950000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x06F40000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 53248 bytes
0x077A0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 585728 bytes
0xBA350F2E Unknown thread object [ ETHREAD 0x88F5D790 ] , 600 bytes
0xBA35BF2E Unknown thread object [ ETHREAD 0x85FD3D48 ] , 600 bytes
0xBA22AF2E Unknown thread object [ ETHREAD 0x8A407538 ] , 600 bytes
0xBA23FF2E Unknown thread object [ ETHREAD 0x85EA4550 ] , 600 bytes
0x048D0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 61440 bytes
0x05060000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 61440 bytes
0x05070000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 61440 bytes
0x05260000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 61440 bytes
0x00970000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x85872030 ] PID: 5424, 69632 bytes
0x00A20000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 69632 bytes
0x00BD0000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x85872030 ] PID: 5424, 69632 bytes
0x04B10000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 69632 bytes
0x05080000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 69632 bytes
0x054F0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x85872030 ] PID: 5424, 69632 bytes
0x00790000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x86F43D40 ] PID: 4800, 77824 bytes
0x007A0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x85872030 ] PID: 5424, 77824 bytes
0x04450000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 77824 bytes
0x045E0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x85872030 ] PID: 5424, 77824 bytes
0x07D90000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 790528 bytes
0x045C0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 86016 bytes
0x06750000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 86016 bytes
0x05220000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x85872030 ] PID: 5424, 94208 bytes
0x074C0000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL [ EPROCESS 0x85872030 ] PID: 5424, 962560 bytes


#5 xSMITHX

xSMITHX

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 04 September 2010 - 11:57 AM

Click and save both of the following files to your Desktop



Also, download ComboFix.exe, however when you save it rename it to Fix.exe




Disconnect from the internet.
START -> CONTROL PANEL -> NETWORK AND SHARING CENTER and click on 'Disconnect'




Please uninstall all cracked software that you have on your computer (this is why you are infected):

CONTROL PANEL -> ADD/REMOVE PROGRAMS uninstall All Adobe products, Java and all old updates, and all other cracked software you have. It seems there are multiple rootkits, due to the cracked software. Please remove all you have installed.




Disable all active malware protection; it is very important that all malware protection is disabled.



Close all programs down and shut all windows. Double click FIX.exe on your desktop. Click yes to the terms and let it run.
It may take a while, so just let it run uninterrupted. It may flash the desktop several times, that is normal. At the end it will give you a report/log. Please post that here.



thumbup.gif xSMITHX

#6 maximo3491

maximo3491
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 04 September 2010 - 01:33 PM

Thanks for the quick reply.

It's strange because most cracked software I use are for one small thing and then I immediately uninstall them. Not to mention, I double scan every one of them before I install. I removed the cracked software, Java and Adobe products.

In addition, What would you like me to do with the Java and TFC files?

Here is the log file for ComboFix.
QUOTE
ComboFix 10-09-03.02 - Maxim 09/04/2010 14:21:10.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.2060 [GMT -4:00]
Running from: c:\users\Maxim\Desktop\Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1927525646-3699343071-3442683469-1001\$R15CG9G\WMM2CLIP.dll.mui
c:\users\Maxim\AppData\Roaming\cglogs.dat
c:\users\Maxim\AppData\Roaming\inst.exe
c:\users\Maxim\AppData\Roaming\SQLite3.dll
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-04 18:25 . 2010-09-04 18:25 -------- d-----w- c:\users\Maxim\AppData\Local\temp
2010-09-04 18:25 . 2010-09-04 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-04 17:44 . 2010-09-04 17:44 -------- d-----w- C:\Temp
2010-09-04 13:20 . 2010-09-04 13:20 -------- d-----w- c:\program files\Sophos
2010-09-04 01:26 . 2010-09-04 01:26 -------- d-----w- c:\users\Maxim\AppData\Local\Sunbelt Software
2010-09-04 01:25 . 2010-09-04 02:13 -------- d-----w- c:\programdata\Lavasoft
2010-09-04 00:59 . 2010-09-04 02:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-04 00:59 . 2010-09-04 00:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 04:55 . 2010-09-03 04:55 -------- d-----w- c:\users\Maxim\AppData\Local\ElevatedDiagnostics
2010-09-02 16:59 . 2010-09-02 16:59 -------- d-----w- c:\users\Maxim\AppData\Local\Beltronics,_Inc
2010-09-02 16:35 . 2010-09-02 16:35 -------- d-----w- c:\program files\Beltronics
2010-08-26 22:27 . 2010-08-26 22:27 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-08-26 22:08 . 2010-08-26 22:08 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-08-26 22:07 . 2010-08-26 22:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-08-26 01:52 . 2010-08-26 01:54 18031 ----a-w- c:\windows\DIIUnin.dat
2010-08-26 01:52 . 2010-08-26 01:52 94208 ----a-w- c:\windows\DIIUnin.exe
2010-08-26 01:52 . 2010-08-26 01:52 2829 ----a-w- c:\windows\DIIUnin.pif
2010-08-26 01:46 . 2010-08-26 01:47 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-08-25 02:23 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-24 19:40 . 2002-05-08 09:09 274432 ----a-w- c:\windows\TLCUninstall.exe
2010-08-24 19:39 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-08-23 17:40 . 2010-09-04 05:53 -------- d-----w- c:\program files\Diablo II
2010-08-16 22:08 . 2010-08-16 22:10 -------- d-----w- c:\program files\Winspector
2010-08-16 17:29 . 2010-08-16 17:29 -------- d-----w- c:\users\Maxim\AppData\Roaming\PE Explorer
2010-08-14 00:42 . 2010-09-01 18:54 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-11 17:31 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-07 14:32 . 2007-01-31 17:45 101904 ----a-w- c:\windows\system32\dneinobj.dll
2010-08-07 14:32 . 2007-01-31 17:45 127376 ----a-w- c:\windows\system32\drivers\dne2000.sys
2010-08-07 14:31 . 2010-08-07 14:31 -------- d-----w- c:\program files\Cisco Systems
2010-08-07 14:01 . 2010-08-07 14:01 -------- d-----w- c:\users\Maxim\AppData\Roaming\OpenVPN Technologies
2010-08-07 14:01 . 2010-08-07 14:01 -------- d-----w- c:\users\Maxim\AppData\Local\OpenVPN Technologies
2010-08-07 14:00 . 2010-08-07 14:00 -------- d-----w- c:\program files\OpenVPN Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-04 18:09 . 2010-05-31 20:09 113936 ----a-w- c:\users\Maxim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-04 18:01 . 2010-05-31 21:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-04 17:47 . 2010-05-31 22:39 47360 ----a-w- c:\users\Maxim\AppData\Roaming\pcouffin.sys
2010-09-04 17:47 . 2010-05-31 22:39 47360 ----a-w- c:\users\Maxim\AppData\Roaming\pcouffin.sys
2010-09-04 17:47 . 2010-05-31 22:39 -------- d-----w- c:\users\Maxim\AppData\Roaming\Vso
2010-09-04 17:47 . 2010-06-14 23:45 -------- d-----w- c:\users\Maxim\AppData\Roaming\Xilisoft
2010-09-04 17:45 . 2010-06-27 15:46 -------- d-----w- c:\program files\AviSynth 2.5
2010-09-04 17:41 . 2010-05-31 21:06 -------- d-----w- c:\users\Maxim\AppData\Roaming\TeraCopy
2010-09-04 01:31 . 2010-08-01 20:42 -------- d-----w- c:\program files\Pando Networks
2010-09-04 01:30 . 2010-05-31 21:25 -------- d-----w- c:\users\Maxim\AppData\Roaming\uTorrent
2010-09-04 01:28 . 2010-06-05 04:43 -------- d-----w- c:\users\Maxim\AppData\Roaming\Juniper Networks
2010-09-04 01:20 . 2010-05-31 20:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-04 01:15 . 2010-05-31 21:29 -------- d-----w- c:\program files\Yahoo!
2010-08-27 07:01 . 2010-05-31 21:08 -------- d-----w- c:\programdata\Microsoft Help
2010-08-27 03:04 . 2010-07-24 04:07 -------- d-----w- c:\users\Maxim\AppData\Roaming\vlc
2010-08-25 01:51 . 2010-05-31 21:32 -------- d-----w- c:\users\Maxim\AppData\Roaming\Skype
2010-08-25 01:51 . 2010-05-31 21:41 -------- d-----w- c:\users\Maxim\AppData\Roaming\skypePM
2010-08-22 22:16 . 2010-05-31 21:25 -------- d-----w- c:\program files\uTorrent
2010-08-07 13:45 . 2010-06-05 04:44 -------- d-----w- c:\program files\Juniper Networks
2010-08-01 20:58 . 2010-08-01 20:58 -------- d-----w- c:\programdata\Nexon
2010-08-01 20:58 . 2010-08-01 20:53 -------- d-----w- c:\programdata\NexonUS
2010-08-01 20:56 . 2010-08-01 20:53 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-08-01 20:53 . 2010-08-01 20:53 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-08-01 20:53 . 2010-08-01 20:53 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-08-01 20:53 . 2010-08-01 20:53 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-08-01 20:53 . 2010-08-01 20:53 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-08-01 20:53 . 2010-08-01 20:53 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-08-01 17:16 . 2010-07-31 18:50 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-08-01 17:16 . 2010-07-31 18:50 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-08-01 17:16 . 2010-07-31 18:50 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-07-29 06:30 . 2010-08-11 17:32 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 17:32 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-22 00:34 . 2010-07-22 00:33 -------- d-----w- c:\program files\CyberLink
2010-07-22 00:32 . 2010-06-14 23:25 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2010-07-21 07:30 . 2010-07-21 07:30 26112 ----a-w- c:\windows\system32\drivers\tapoas.sys
2010-07-21 00:28 . 2010-07-20 22:44 -------- d-----w- c:\program files\MagicDVDRipper
2010-07-20 22:41 . 2010-07-20 22:39 -------- d-----w- c:\program files\iSkysoft
2010-07-20 04:05 . 2010-06-27 23:54 -------- d-----w- c:\program files\iTunes
2010-07-20 04:04 . 2010-07-20 04:04 -------- d-----w- c:\program files\iPod
2010-07-20 04:04 . 2010-05-31 21:56 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 04:00 . 2010-07-20 04:00 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-20 03:51 . 2010-05-31 21:29 -------- d-----w- c:\users\Maxim\AppData\Roaming\HpUpdate
2010-07-18 16:26 . 2010-06-26 16:17 -------- d-----w- c:\users\Maxim\AppData\Roaming\dvdcss
2010-07-17 01:42 . 2010-05-31 23:05 -------- d-----w- c:\program files\AutoHotkey
2010-07-14 02:05 . 2010-07-12 04:08 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-07-14 01:59 . 2010-06-14 23:44 -------- d-----w- c:\program files\Xilisoft
2010-07-14 01:44 . 2010-07-14 01:43 -------- d-----w- c:\users\Maxim\AppData\Roaming\HandBrake
2010-07-13 03:05 . 2010-05-31 21:22 -------- d-----w- c:\program files\HP
2010-07-12 04:09 . 2010-07-12 04:09 -------- d-----w- c:\users\Maxim\AppData\Roaming\AVS4YOU
2010-07-12 04:09 . 2010-07-12 04:07 -------- d-----w- c:\programdata\AVS4YOU
2010-07-08 22:26 . 2010-07-08 22:26 -------- d-----w- c:\users\Maxim\AppData\Roaming\Western Digital
2010-07-08 22:26 . 2010-07-08 22:26 -------- d-----w- c:\programdata\Western Digital
2010-07-08 22:25 . 2010-06-25 23:54 -------- d-----w- c:\program files\Western Digital
2010-06-30 06:25 . 2010-08-11 17:32 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-11 17:32 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 17:32 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 17:32 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 17:32 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 17:32 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 17:32 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-16 05:48 . 2010-08-11 17:32 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-11 17:32 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-13 17:06 . 2010-06-13 17:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2010-06-13 17:06 . 2010-06-13 17:06 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-06-13 17:06 . 2010-06-13 17:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-13 17:06 . 2010-06-13 17:06 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-10 02:50 . 2010-06-10 02:50 75 --sh--r- c:\windows\CT4CET.bin
2010-06-09 00:46 . 2010-06-30 01:17 290816 ----a-w- c:\windows\system32\vp8decoder.dll
2010-06-08 06:02 . 2010-08-11 17:32 1233920 ----a-w- c:\windows\system32\msxml3.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-21 495708]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-06 1549608]
"iTunes Hardkey Helper"="c:\users\Maxim\Documents\Autohotkey\Itunes Helper\Itunes Hardkey Helper.exe" [2010-04-28 207246]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

c:\users\Maxim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-6-14 385024]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
backup=c:\windows\pss\Google Calendar Sync.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2009-06-24 20:21 409744 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-05-31 20:09 136176 ----atw- c:\users\Maxim\AppData\Local\Google\Update\GoogleUpdate.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5EAF.tmp [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-07-21 26112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-31 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 ZM;ZM;c:\users\Maxim\AppData\Local\Temp\ZM.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-31 12552]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-05-31 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-05-31 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-05-31 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\aestsrv.exe [2009-03-03 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 176128]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2010-05-31 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-05-31 297752]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2010-05-31 1370488]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-02-24 64032]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-07 19160]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1927525646-3699343071-3442683469-1001Core.job
- c:\users\Maxim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31 20:09]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1927525646-3699343071-3442683469-1001UA.job
- c:\users\Maxim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31 20:09]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 213.105.176.6:80
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: bbh.com\iconnect
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - c:\users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - c:\users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - c:\users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - c:\users\Maxim\AppData\Local\Temp\f5tmp\f5opswati.cab
FF - ProfilePath - c:\users\Maxim\AppData\Roaming\Mozilla\Firefox\Profiles\7phosobi.default\
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\users\Maxim\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5EAF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-04 14:27:32
ComboFix-quarantined-files.txt 2010-09-04 18:27

Pre-Run: 130,928,467,968 bytes free
Post-Run: 130,974,605,312 bytes free

- - End Of File - - D2AD58EFE7702E5F6E156EEFB089A94B

Edited by maximo3491, 04 September 2010 - 01:40 PM.


#7 maximo3491

maximo3491
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 05 September 2010 - 01:12 AM

bump, seems like no one looks on the second page sad.gif

sorry if this is not allowed

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:26 PM

Posted 05 September 2010 - 06:58 AM

Hello maximo3491,

Since regular members are not allowed to reply to and/or request logs like OTL, HJT or Combofix, I moved this topic to the malware removal forum.

Your log shows you are using a proxy; can you confirm this?

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
AtJob::

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 maximo3491

maximo3491
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 05 September 2010 - 11:07 AM

Hi, Thanks for looking into this for me.

A proxy. No my internet settings has the a proxy writing in it, buts its grayed outand not selected. Tracert confirmed packets never go to that address. The IP thats grayed out is 213.105.176.6.

The log is too long to post here, so I attached it.

Attached Files


Edited by maximo3491, 05 September 2010 - 11:20 AM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:26 PM

Posted 05 September 2010 - 11:51 AM

Hi, can you please let me know how things are running now?

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 maximo3491

maximo3491
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 05 September 2010 - 01:47 PM

I finished the MBAM scan and it is below. I also noticed that my computer has no longer been working so hard today. Since last night, I uninstalled Diablo since I don't play that anymore. Could that be the reason? If so, can we still check to make sure my computer is at 100%.

QUOTE
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/5/2010 2:46:15 PM
mbam-log-2010-09-05 (14-46-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 247080
Time elapsed: 55 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:26 PM

Posted 05 September 2010 - 02:56 PM

Please update MBAM, then scan again. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 maximo3491

maximo3491
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 06 September 2010 - 06:54 PM

I just updated MBAM and performed a full scan but a log never appeared. A popup said it would appear, but didn't. There were no detections found. I'll run a new scan again tonight and hopefully a log will appear this time.

#14 maximo3491

maximo3491
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 07 September 2010 - 05:05 AM

Here's the MBAM log

QUOTE
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4552

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/7/2010 12:46:33 AM
mbam-log-2010-09-07 (00-46-33).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 261246
Time elapsed: 58 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:26 PM

Posted 07 September 2010 - 09:05 AM

Looks good! Do you have any problems left?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users