Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
24 replies to this topic

#1 Ukanuka

Ukanuka

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 27 April 2011 - 07:04 PM

I am getting weird popups from hxxp://mrrooter3-px.rtrk.ca/?utm_source=ReachLocal&utm_medium=ReachDisplay&utm_campaign=Display%2BCampaign%2BCanada
And other websites off of Internet Explorer.. even tho I am using Google Chrome. I am not sure which one to be removing or how to remove it! :(

If anyone can help that would be greatly appreciated Thanks!

Here is my Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:51 PM, on 27/04/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Name\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Name\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)

--
End of file - 10840 bytes



I don't know why the (file missing) is there :( IF anyone can help thank you!!

I have been researching and some of the Causes are the nz0.exe, nz1.exe, nz2.exe and I have removed those.. so for now that is what I have done. I am running a few virus scanners.

------------------
After a Day I have managed to get rid of some of the trojan and spyware on my computer using Malwarebytes' Anti-Malware. It removed 8 infected files, but I do not have the log for it anymore.

It seems that the pop ups are now removed, but theres a problem with Windows Security Center Service where it is automatically turned off.
I have went into the control panel and changed its start up to automatic but it seems to still not be working, what can be the cause of this? I know one thing is the trojan turned it off to begin with.

Edited by Ukanuka, 28 April 2011 - 03:16 PM.
Deactivated link. ~ OB


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:24 PM

Posted 05 May 2011 - 04:52 AM

Hi Ukanuka, and welcome to Bleeping Computer.

I need more information - please run the scans below:

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Ukanuka

Ukanuka
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 08 May 2011 - 12:45 AM

Thank you for the reply!

Here are my Scan Results, I used Malwarebytes to remove a few the first time I ran it I will include the log here also
Thank You!

Malware Log From Before:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6462

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

28/04/2011 2:24:59 AM
mbam-log-2011-04-28 (02-24-59).txt

Scan type: Quick scan
Objects scanned: 167200
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\Windows\Ncupoa.exe (Trojan.Downloader) -> 1972 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\GHWAUC6NNZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Ncupoa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

Malware Log NOW:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6529

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

07/05/2011 11:58:45 PM
mbam-log-2011-05-07 (23-58-45).txt

Scan type: Quick scan
Objects scanned: 168572
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Ukanuka, 08 May 2011 - 01:13 AM.


#4 Ukanuka

Ukanuka
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 08 May 2011 - 01:23 AM

OTL.Txt Scan:

OTL logfile created on: 08/05/2011 12:11:37 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jimmy\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 178.81 Gb Free Space | 62.74% Space Free | Partition Type: NTFS

Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 00:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
PRC - [2011/04/18 11:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 11:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/12 21:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 00:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
MOD - [2011/04/18 11:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 05:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/18 11:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/11 17:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 19:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/18 11:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 15:22:45 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/07 17:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/15 11:30:00 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/06/16 14:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 10:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/31 07:07:00 | 001,461,248 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/10 10:43:44 | 000,180,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMC326.sys -- (VMC326)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/01 13:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 13:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 13:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 15:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 16:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA,zh-HK;q=0.7,zh-Hant;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A C1 22 97 7D 00 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/10/11 21:31:59 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 00:00:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
[2011/05/07 23:49:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/07 23:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/07 23:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/07 23:09:40 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{37DBB49C-1626-48FC-998D-CA00F1582794}
[2011/05/07 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{FDA5A912-85E4-491B-9236-DA074EE3C3E2}
[2011/05/06 21:49:45 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{947A5BF2-3AB9-4E6F-A184-44FE3F374EE5}
[2011/05/06 08:56:20 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{5FB500AA-3312-4179-9804-6FAB5709BBDB}
[2011/05/05 18:38:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{33A8FF30-3F0E-4AD8-9161-DBD059941A96}
[2011/05/04 11:55:45 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{858DF12B-CAB8-4848-9EC9-186723C15324}
[2011/05/03 22:45:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{82E5C18A-7113-4C0D-9696-313AC627A6C9}
[2011/05/03 10:45:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{0D7444BE-8235-4338-AD96-268E6D82145E}
[2011/05/02 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{234DBF11-E458-4708-9A43-B31B2BF9C17E}
[2011/05/02 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{B5E251F2-1546-4735-9DAD-34AB62160B45}
[2011/05/01 19:25:39 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\CPSC 413
[2011/05/01 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4BC7DC77-3717-4422-B17A-16F8F34FAC90}
[2011/05/01 00:18:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{06B0E1CA-E61F-4A4A-869D-76AF972F4AE9}
[2011/04/29 19:20:38 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/29 19:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/29 19:20:37 | 000,287,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/29 19:20:34 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/29 19:20:33 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/29 19:20:32 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/29 19:20:26 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/29 19:20:26 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/29 19:20:04 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/29 19:20:04 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/29 19:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/29 19:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/29 18:52:24 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2011/04/29 17:59:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/29 16:51:51 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/04/29 16:51:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/29 16:51:51 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/04/29 16:51:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/04/29 16:51:51 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/04/29 16:51:50 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/04/29 16:51:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/29 16:51:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/04/29 16:51:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/04/29 16:51:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/04/29 16:51:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/04/29 16:51:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/29 16:51:49 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/04/29 16:51:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/04/29 16:51:49 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/29 16:51:49 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/29 16:51:49 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/04/29 16:51:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/04/29 16:51:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/04/29 16:51:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/29 16:51:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/04/29 16:51:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/04/29 16:51:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/04/29 16:51:49 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/04/29 16:51:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/04/29 16:51:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/29 16:51:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/29 16:51:48 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/29 16:51:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/04/29 16:51:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/04/29 16:51:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/04/29 16:51:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/04/29 16:51:48 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/29 16:51:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/04/29 16:51:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/04/29 16:51:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/29 16:51:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/04/29 16:51:48 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/04/29 16:51:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/04/29 16:51:45 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/04/29 16:51:45 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/04/29 16:51:45 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/04/29 16:51:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/04/29 16:51:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/04/29 16:51:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/04/29 16:51:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/04/29 16:51:45 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/04/29 16:51:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/04/29 16:51:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/04/29 16:51:44 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/29 16:51:44 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/29 16:51:44 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/04/29 16:51:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/29 16:51:44 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/04/29 16:51:44 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/29 16:51:44 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/04/29 16:51:44 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/04/29 16:51:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/04/29 16:51:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/04/29 16:51:44 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/04/29 16:51:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/04/29 16:51:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/29 16:51:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/04/29 16:51:43 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/04/29 16:51:43 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/29 16:51:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/29 16:51:43 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/04/29 16:51:43 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/04/29 16:51:43 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/04/29 16:51:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/04/29 16:51:43 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/04/29 16:51:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/29 16:51:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/04/29 16:51:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/04/29 16:51:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/04/29 16:51:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/04/29 16:51:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/29 16:51:42 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/29 14:16:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{453855EE-037C-40A9-9019-E096BB43922E}
[2011/04/29 00:46:22 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{6116CE1C-7CDC-4BEB-9708-D5F4AC9644C8}
[2011/04/28 02:19:41 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Malwarebytes
[2011/04/28 02:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/28 02:19:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/28 02:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Macromedia
[2011/04/28 01:29:26 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{2BDF60B9-2B9B-4EAC-B2C3-4C78C08055FB}
[2011/04/27 09:43:05 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/04/27 09:42:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8E33114D-13E6-4505-A2AC-721BBA0D538F}
[2011/04/27 09:31:43 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 09:31:43 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 09:31:39 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/27 09:31:39 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/27 09:30:51 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/27 09:30:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/27 09:30:49 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/27 09:30:49 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/27 09:30:47 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/27 09:30:45 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/27 09:30:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/27 09:30:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/27 09:30:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/26 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{AD073EC6-1FD9-4770-9CD5-3F62FD743996}
[2011/04/25 23:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{1E0D7D06-89E7-4AFD-B0CE-3C463BBE6691}
[2011/04/25 11:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{597A07EB-5DF4-4DA8-999F-56470C0D89AE}
[2011/04/24 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{DA754C74-AAFF-4240-A56E-F3EC52CA3E1D}
[2011/04/24 13:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/24 13:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Plugins
[2011/04/24 13:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunesHelper.Resources
[2011/04/24 13:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes.Resources
[2011/04/24 13:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/24 13:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\CD Configuration
[2011/04/24 13:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/24 13:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/04/24 10:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\PHP Manager 1.1 for IIS 7
[2011/04/24 10:14:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2011/04/24 10:14:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2011/04/24 10:14:14 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/04/24 10:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2011/04/24 09:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHP
[2011/04/24 09:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/04/24 09:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/04/23 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{060302CD-2233-42B9-ACA1-CB7D76E73009}
[2011/04/22 14:29:34 | 000,000,000 | R--D | C] -- C:\Users\Jimmy\Dropbox
[2011/04/22 14:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/04/22 14:26:56 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Dropbox
[2011/04/21 18:02:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\Mozilla
[2011/04/19 23:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{5EDBF6EB-7085-4CDE-83E9-2C3203776AB3}
[2011/04/19 11:30:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{C543871C-B435-454E-9D3C-0BD38C448CF8}
[2011/04/18 19:22:43 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{1105B970-35ED-4441-A0CA-E1320139D9DE}
[2011/04/18 00:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{3AB2B74A-CFC8-4F33-9E84-11EE126F574B}
[2011/04/17 21:13:01 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\xpce
[2011/04/17 12:01:33 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{62DE52FA-B9F2-4476-9B3A-8F37C8D46E3C}
[2011/04/16 22:46:14 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{9BECED88-E8F7-4B23-ADCB-093E1955DABB}
[2011/04/16 10:45:17 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{7631FCA7-9772-48D0-8AC2-6EB5FA7036F7}
[2011/04/15 19:37:03 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{EFE6AC89-9AAA-45E6-A3FB-2D1EFEA0363A}
[2011/04/14 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{3399090F-4DAA-4BB8-BE14-E29482EAEDC0}
[2011/04/14 18:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/14 18:25:45 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 18:25:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/14 18:25:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/14 18:25:37 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 18:25:36 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 18:25:36 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/14 18:25:35 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/14 18:25:27 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/14 18:25:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/14 18:23:34 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/14 18:23:33 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/14 18:23:32 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/14 18:23:31 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 18:23:30 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 18:23:30 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 18:23:29 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/14 18:23:09 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 18:23:09 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/14 18:23:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 18:23:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/14 18:22:56 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/14 11:32:34 | 000,425,768 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2011/04/14 11:32:34 | 000,293,152 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2011/04/14 11:32:34 | 000,214,816 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.dll
[2011/04/14 11:32:28 | 000,421,160 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2011/04/14 11:32:28 | 000,165,152 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2011/04/14 11:32:26 | 009,776,936 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2011/04/14 11:32:26 | 000,402,216 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2011/04/14 11:32:20 | 019,778,336 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2011/04/14 11:32:20 | 000,111,904 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2011/04/14 11:32:18 | 002,733,344 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2011/04/14 11:32:18 | 000,754,976 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2011/04/14 11:32:18 | 000,267,552 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2011/04/14 11:32:18 | 000,197,920 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/04/13 18:43:37 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{0D1378C6-FB90-49AD-A586-167EFF58ADC4}
[2011/04/12 20:37:22 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{74B4FD19-C237-49B7-9A71-0A4B0BCAC6D2}
[2011/04/12 20:11:54 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/04/12 20:11:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/04/12 20:11:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/04/12 20:11:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/04/12 20:11:52 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/04/12 20:11:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/04/12 20:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/04/12 20:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trine
[2011/04/11 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{6E0EA89E-9FD8-4662-B516-8DD686F48B71}
[2011/04/10 20:12:27 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2011/04/10 19:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8D1704BB-70FB-4DDE-BB53-82356AB6C000}
[2011/04/09 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{58F6FBD7-6C8F-4C6B-9C48-C8E04AE718BE}
[2011/04/08 19:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/04/08 19:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/04/08 18:34:51 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{1B4339E9-18CF-44AB-AB4B-6828F442707C}
[2011/04/08 12:09:21 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\workspacePHP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 00:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
[2011/05/07 23:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3275692123-652763339-3036236901-1000UA.job
[2011/05/07 23:49:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 23:09:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/07 11:00:27 | 000,002,359 | ---- | M] () -- C:\Users\Jimmy\Desktop\Google Chrome.lnk
[2011/05/07 10:46:40 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 10:46:40 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/07 10:39:26 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\EIKORNYQY.job
[2011/05/07 10:39:05 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 12:16:19 | 000,032,100 | ---- | M] () -- C:\Users\Jimmy\Documents\log.reg
[2011/04/29 19:20:38 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 19:20:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/04/29 19:18:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/29 19:18:32 | 000,705,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/29 19:18:32 | 000,138,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/29 19:17:49 | 000,860,758 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/29 17:20:43 | 000,001,437 | ---- | M] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/29 16:51:51 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/04/29 16:51:51 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/29 16:51:51 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/04/29 16:51:51 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/04/29 16:51:51 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/04/29 16:51:50 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/04/29 16:51:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/29 16:51:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/04/29 16:51:50 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/04/29 16:51:50 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/04/29 16:51:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/04/29 16:51:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/29 16:51:49 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/04/29 16:51:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/04/29 16:51:49 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/29 16:51:49 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/29 16:51:49 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/04/29 16:51:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/04/29 16:51:49 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/04/29 16:51:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/29 16:51:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/04/29 16:51:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/04/29 16:51:49 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/29 16:51:49 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/04/29 16:51:49 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/04/29 16:51:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/04/29 16:51:49 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/29 16:51:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/29 16:51:48 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/29 16:51:48 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/04/29 16:51:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/04/29 16:51:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/04/29 16:51:48 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/04/29 16:51:48 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/29 16:51:48 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/04/29 16:51:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/04/29 16:51:48 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/29 16:51:48 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/04/29 16:51:48 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/04/29 16:51:46 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/04/29 16:51:45 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/04/29 16:51:45 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/04/29 16:51:45 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/04/29 16:51:45 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/04/29 16:51:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/04/29 16:51:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/04/29 16:51:45 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/04/29 16:51:45 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/04/29 16:51:45 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/04/29 16:51:45 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/04/29 16:51:44 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/29 16:51:44 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/29 16:51:44 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/04/29 16:51:44 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/29 16:51:44 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/04/29 16:51:44 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/29 16:51:44 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/04/29 16:51:44 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/04/29 16:51:44 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/04/29 16:51:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/04/29 16:51:44 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/04/29 16:51:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/04/29 16:51:44 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/29 16:51:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/04/29 16:51:43 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/04/29 16:51:43 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/29 16:51:43 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/29 16:51:43 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/04/29 16:51:43 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/04/29 16:51:43 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/04/29 16:51:43 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/04/29 16:51:43 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/04/29 16:51:43 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/29 16:51:43 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/04/29 16:51:43 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/04/29 16:51:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/04/29 16:51:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/29 16:51:43 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/04/29 16:51:43 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/29 16:51:42 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/28 15:40:22 | 000,851,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/27 09:41:11 | 000,000,036 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\housecall.guid.cache
[2011/04/24 13:19:32 | 000,001,652 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/22 14:29:34 | 000,001,001 | ---- | M] () -- C:\Users\Jimmy\Desktop\Dropbox.lnk
[2011/04/21 18:05:40 | 000,175,558 | ---- | M] () -- C:\Users\Jimmy\Documents\2010 T4 School.pdf
[2011/04/21 07:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3275692123-652763339-3036236901-1000Core.job
[2011/04/18 11:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 11:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/18 11:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/18 11:18:01 | 000,287,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/18 11:17:59 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/18 11:16:23 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/18 11:13:24 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/18 11:13:13 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/18 11:13:01 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/15 11:33:21 | 000,416,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/14 11:32:34 | 000,425,768 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2011/04/14 11:32:34 | 000,293,152 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2011/04/14 11:32:34 | 000,214,816 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.dll
[2011/04/14 11:32:28 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2011/04/14 11:32:28 | 000,165,152 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2011/04/14 11:32:26 | 009,776,936 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2011/04/14 11:32:26 | 000,402,216 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2011/04/14 11:32:20 | 019,778,336 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2011/04/14 11:32:20 | 000,111,904 | ---- | M] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2011/04/14 11:32:18 | 002,733,344 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2011/04/14 11:32:18 | 000,754,976 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2011/04/14 11:32:18 | 000,267,552 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2011/04/14 11:32:18 | 000,197,920 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/04/14 11:32:00 | 000,064,083 | ---- | M] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/12 20:13:33 | 000,001,012 | ---- | M] () -- C:\Users\Jimmy\Desktop\Trine.lnk
[2011/04/10 23:56:37 | 000,001,739 | ---- | M] () -- C:\Users\Jimmy\Desktop\Prolog.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/07 23:49:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/29 19:20:38 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 19:20:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/04/29 17:41:49 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/29 16:51:49 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/29 16:51:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/27 19:18:01 | 000,032,100 | ---- | C] () -- C:\Users\Jimmy\Documents\log.reg
[2011/04/27 17:36:04 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\EIKORNYQY.job
[2011/04/27 09:41:11 | 000,000,036 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\housecall.guid.cache
[2011/04/24 13:19:32 | 000,001,652 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/24 10:00:30 | 000,860,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/24 09:50:50 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2011/04/22 14:29:34 | 000,001,001 | ---- | C] () -- C:\Users\Jimmy\Desktop\Dropbox.lnk
[2011/04/21 18:05:40 | 000,175,558 | ---- | C] () -- C:\Users\Jimmy\Documents\2010 T4 School.pdf
[2011/04/14 11:32:00 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/12 20:13:33 | 000,001,012 | ---- | C] () -- C:\Users\Jimmy\Desktop\Trine.lnk
[2011/01/19 01:25:12 | 000,008,704 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 01:11:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/04 14:20:03 | 000,007,605 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\Resmon.ResmonCfg
[2010/09/14 20:04:05 | 000,000,600 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\winscp.rnd
[2010/09/12 14:26:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/05/07 10:39:05 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 10:39:08 | 4257,861,632 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

-----------------------------------------------------------------------------------------------------

Extras.Txt Log:

OTL Extras logfile created on: 08/05/2011 12:11:37 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jimmy\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 178.81 Gb Free Space | 62.74% Space Free | Partition Type: NTFS

Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21 (64-bit)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{F0E9EB45-3FA6-41BE-BA8B-62E03601F629}" = PHP Manager 1.1 for IIS 7
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Notepad++" = Notepad++
"RealAlt_is1" = Real Alternative 2.0.2
"ST6UNST #1" = Magic Berry
"SWI-Prolog" = SWI-Prolog (remove only)
"Trine_is1" = Trine 1.09
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.8
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinHugs" = WinHugs
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/04/2011 8:29:14 PM | Computer Name = Jimmy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 1.1.7.0, time stamp:
0x4d45d7ae Faulting module name: vlc.exe, version: 1.1.7.0, time stamp: 0x4d45d7ae
Exception
code: 0xc0000005 Fault offset: 0x000016e8 Faulting process id: 0x478 Faulting application
start time: 0x01cbfb03bac4be07 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 63970bc3-66f7-11e0-acf2-00242cd5e035

Error - 17/04/2011 1:20:07 PM | Computer Name = Jimmy-PC | Source = McLogEvent | ID = 259
Description =

Error - 17/04/2011 5:55:24 PM | Computer Name = Jimmy-PC | Source = McLogEvent | ID = 259
Description =

Error - 21/04/2011 5:12:46 PM | Computer Name = Jimmy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.210.7, time stamp:
0x4c417380 Faulting module name: awt.dll, version: 6.0.210.7, time stamp: 0x4c418ba0
Exception
code: 0xc0000005 Fault offset: 0x00000000000f9dfd Faulting process id: 0x93c Faulting
application start time: 0x01cc0066951f42a3 Faulting application path: C:\Program
Files\Java\jre6\bin\javaw.exe Faulting module path: C:\Program Files\Java\jre6\bin\awt.dll
Report
Id: 1a046abd-6c5c-11e0-9b17-00242cd5e035

Error - 21/04/2011 7:15:03 PM | Computer Name = Jimmy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.210.7, time stamp:
0x4c417380 Faulting module name: awt.dll, version: 6.0.210.7, time stamp: 0x4c418ba0
Exception
code: 0xc0000005 Fault offset: 0x00000000000f9dfd Faulting process id: 0x12ac Faulting
application start time: 0x01cc006a2a2e2ee8 Faulting application path: C:\Program
Files\Java\jre6\bin\javaw.exe Faulting module path: C:\Program Files\Java\jre6\bin\awt.dll
Report
Id: 2f8542f0-6c6d-11e0-9b17-00242cd5e035

Error - 21/04/2011 7:15:06 PM | Computer Name = Jimmy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.210.7, time stamp:
0x4c417380 Faulting module name: awt.dll, version: 6.0.210.7, time stamp: 0x4c418ba0
Exception
code: 0xc000041d Fault offset: 0x00000000000f9dfd Faulting process id: 0x12ac Faulting
application start time: 0x01cc006a2a2e2ee8 Faulting application path: C:\Program
Files\Java\jre6\bin\javaw.exe Faulting module path: C:\Program Files\Java\jre6\bin\awt.dll
Report
Id: 314e4b25-6c6d-11e0-9b17-00242cd5e035

Error - 29/04/2011 7:42:39 PM | Computer Name = Jimmy-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 29/04/2011 7:56:02 PM | Computer Name = Jimmy-PC | Source = MsiInstaller | ID = 1013
Description =

Error - 29/04/2011 9:15:53 PM | Computer Name = Jimmy-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Security Essentials is still installed
on your computer.. Security Essentials was not removed from your computer. It will
continue to monitor your computer and help protect it from potential threats. Error
code:0x8004FF0A.

Error - 29/04/2011 9:15:58 PM | Computer Name = Jimmy-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF0A Description:Security Essentials is still installed
on your computer.. Security Essentials was not removed from your computer. It will
continue to monitor your computer and help protect it from potential threats. Error
code:0x8004FF0A.

[ System Events ]
Error - 19/01/2011 8:57:54 PM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 19/01/2011 10:49:19 PM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 19/01/2011 10:49:19 PM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 19/01/2011 10:49:19 PM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 20/01/2011 2:52:17 AM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 20/01/2011 12:27:28 PM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 20/01/2011 12:27:28 PM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 20/01/2011 12:27:57 PM | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 20/01/2011 3:31:58 PM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 20/01/2011 9:28:13 PM | Computer Name = Jimmy-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >


Here they Are! Thanks for helping :)

Edited by Ukanuka, 08 May 2011 - 01:25 AM.


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:24 PM

Posted 08 May 2011 - 06:40 PM

Hi again Ukanuka!!.. :)

Here they Are! Thanks for helping :)

No problem!.. :)

Firstly,
I highly recommend you uninstall these toolbars - they're potentially unwanted applications, not needed on your computer:
DAEMON Tools Toolbar - adware toolbar
uTorrentBar Toolbar - it modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality...

They're not needed for Daemon Tools and uTorrent programs to work...
Use: Start -> Control Panel -> Programs and Features...

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Thirdly,
Run a fresh scan with OTL.exe --> Run Scan - only OTL.txt report will be generated - paste it into your next reply...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#6 Ukanuka

Ukanuka
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 08 May 2011 - 10:12 PM

I Removed Both Toolbars.

When I ran the ESET Online Scanner
It finished and there was no bug or threat, but I couldn't find the log that you speak of anywhere on my computer :(.

Here is the OTL.txt Report:

OTL logfile created on: 08/05/2011 9:00:12 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jimmy\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 45.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 170.16 Gb Free Space | 59.71% Space Free | Partition Type: NTFS

Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/08 00:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
PRC - [2011/04/18 11:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 11:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/12 21:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe


========== Modules (SafeList) ==========

MOD - [2011/05/08 00:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
MOD - [2011/04/18 11:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/20 05:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/18 11:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/11 17:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 19:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/18 11:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/11 15:22:45 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/07 17:03:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/15 11:30:00 | 000,394,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/06/16 14:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 10:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/31 07:07:00 | 001,461,248 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/10 10:43:44 | 000,180,096 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMC326.sys -- (VMC326)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/01 13:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 13:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 13:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 15:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 16:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA,zh-HK;q=0.7,zh-Hant;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 06 30 41 E8 0D CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/10/11 21:31:59 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/08 19:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/05/08 15:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/08 15:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/08 15:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/08 15:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/08 15:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/08 15:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/08 15:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/08 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/08 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/08 11:10:28 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{A7C401A8-CDFC-46C9-B6D9-B5EA89BEC562}
[2011/05/08 00:00:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
[2011/05/07 23:49:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/07 23:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/07 23:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/07 23:09:40 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{37DBB49C-1626-48FC-998D-CA00F1582794}
[2011/05/07 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{FDA5A912-85E4-491B-9236-DA074EE3C3E2}
[2011/05/06 21:49:45 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{947A5BF2-3AB9-4E6F-A184-44FE3F374EE5}
[2011/05/06 08:56:20 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{5FB500AA-3312-4179-9804-6FAB5709BBDB}
[2011/05/05 18:38:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{33A8FF30-3F0E-4AD8-9161-DBD059941A96}
[2011/05/04 11:55:45 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{858DF12B-CAB8-4848-9EC9-186723C15324}
[2011/05/03 22:45:42 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{82E5C18A-7113-4C0D-9696-313AC627A6C9}
[2011/05/03 10:45:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{0D7444BE-8235-4338-AD96-268E6D82145E}
[2011/05/02 12:20:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{234DBF11-E458-4708-9A43-B31B2BF9C17E}
[2011/05/02 00:20:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{B5E251F2-1546-4735-9DAD-34AB62160B45}
[2011/05/01 19:25:39 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\CPSC 413
[2011/05/01 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{4BC7DC77-3717-4422-B17A-16F8F34FAC90}
[2011/05/01 00:18:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{06B0E1CA-E61F-4A4A-869D-76AF972F4AE9}
[2011/04/29 19:20:38 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/29 19:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/29 19:20:37 | 000,287,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/29 19:20:34 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/29 19:20:33 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/29 19:20:32 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/29 19:20:26 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/29 19:20:26 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/29 19:20:04 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/29 19:20:04 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/29 19:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/29 19:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/29 18:52:24 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2011/04/29 17:59:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/29 16:51:51 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/04/29 16:51:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/29 16:51:51 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/04/29 16:51:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/04/29 16:51:51 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/04/29 16:51:50 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/04/29 16:51:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/29 16:51:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/04/29 16:51:50 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/04/29 16:51:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/04/29 16:51:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/04/29 16:51:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/29 16:51:49 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/04/29 16:51:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/04/29 16:51:49 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/29 16:51:49 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/29 16:51:49 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/04/29 16:51:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/04/29 16:51:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/04/29 16:51:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/29 16:51:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/04/29 16:51:49 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/04/29 16:51:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/04/29 16:51:49 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/04/29 16:51:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/04/29 16:51:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/29 16:51:48 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/29 16:51:48 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/29 16:51:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/04/29 16:51:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/04/29 16:51:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/04/29 16:51:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/04/29 16:51:48 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/29 16:51:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/04/29 16:51:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/04/29 16:51:48 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/29 16:51:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/04/29 16:51:48 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/04/29 16:51:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/04/29 16:51:45 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/04/29 16:51:45 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/04/29 16:51:45 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/04/29 16:51:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/04/29 16:51:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/04/29 16:51:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/04/29 16:51:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/04/29 16:51:45 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/04/29 16:51:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/04/29 16:51:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/04/29 16:51:44 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/29 16:51:44 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/29 16:51:44 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/04/29 16:51:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/29 16:51:44 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/04/29 16:51:44 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/29 16:51:44 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/04/29 16:51:44 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/04/29 16:51:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/04/29 16:51:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/04/29 16:51:44 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/04/29 16:51:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/04/29 16:51:44 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/29 16:51:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/04/29 16:51:43 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/04/29 16:51:43 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/29 16:51:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/29 16:51:43 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/04/29 16:51:43 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/04/29 16:51:43 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/04/29 16:51:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/04/29 16:51:43 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/04/29 16:51:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/29 16:51:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/04/29 16:51:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/04/29 16:51:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/04/29 16:51:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/04/29 16:51:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/29 16:51:42 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/29 14:16:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{453855EE-037C-40A9-9019-E096BB43922E}
[2011/04/29 00:46:22 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{6116CE1C-7CDC-4BEB-9708-D5F4AC9644C8}
[2011/04/28 02:19:41 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Malwarebytes
[2011/04/28 02:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/28 02:19:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/28 02:16:01 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Macromedia
[2011/04/28 01:29:26 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{2BDF60B9-2B9B-4EAC-B2C3-4C78C08055FB}
[2011/04/27 09:43:05 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/04/27 09:42:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8E33114D-13E6-4505-A2AC-721BBA0D538F}
[2011/04/27 09:31:43 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 09:31:43 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 09:31:39 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/27 09:31:39 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/27 09:30:51 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/27 09:30:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/27 09:30:49 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/27 09:30:49 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/27 09:30:47 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/27 09:30:45 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/27 09:30:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/27 09:30:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/27 09:30:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/26 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{AD073EC6-1FD9-4770-9CD5-3F62FD743996}
[2011/04/25 23:26:58 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{1E0D7D06-89E7-4AFD-B0CE-3C463BBE6691}
[2011/04/25 11:26:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{597A07EB-5DF4-4DA8-999F-56470C0D89AE}
[2011/04/24 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{DA754C74-AAFF-4240-A56E-F3EC52CA3E1D}
[2011/04/24 10:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\PHP Manager 1.1 for IIS 7
[2011/04/24 10:14:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2011/04/24 10:14:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2011/04/24 10:14:14 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/04/24 10:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2011/04/24 09:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PHP
[2011/04/24 09:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/04/24 09:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/04/23 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{060302CD-2233-42B9-ACA1-CB7D76E73009}
[2011/04/22 14:29:34 | 000,000,000 | R--D | C] -- C:\Users\Jimmy\Dropbox
[2011/04/22 14:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011/04/22 14:26:56 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Dropbox
[2011/04/21 18:02:46 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\Mozilla
[2011/04/19 23:30:11 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{5EDBF6EB-7085-4CDE-83E9-2C3203776AB3}
[2011/04/19 11:30:00 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{C543871C-B435-454E-9D3C-0BD38C448CF8}
[2011/04/18 19:22:43 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{1105B970-35ED-4441-A0CA-E1320139D9DE}
[2011/04/18 00:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{3AB2B74A-CFC8-4F33-9E84-11EE126F574B}
[2011/04/17 21:13:01 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\xpce
[2011/04/17 12:01:33 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{62DE52FA-B9F2-4476-9B3A-8F37C8D46E3C}
[2011/04/16 22:46:14 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{9BECED88-E8F7-4B23-ADCB-093E1955DABB}
[2011/04/16 10:45:17 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{7631FCA7-9772-48D0-8AC2-6EB5FA7036F7}
[2011/04/15 19:37:03 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{EFE6AC89-9AAA-45E6-A3FB-2D1EFEA0363A}
[2011/04/14 23:51:29 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{3399090F-4DAA-4BB8-BE14-E29482EAEDC0}
[2011/04/14 18:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/14 18:25:45 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 18:25:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/14 18:25:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/14 18:25:37 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 18:25:36 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 18:25:36 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/14 18:25:35 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/14 18:25:27 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/14 18:25:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/14 18:23:34 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/14 18:23:33 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/14 18:23:32 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/14 18:23:31 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 18:23:30 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 18:23:30 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 18:23:29 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/14 18:23:09 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 18:23:09 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/14 18:23:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 18:23:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/14 18:22:56 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/13 18:43:37 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{0D1378C6-FB90-49AD-A586-167EFF58ADC4}
[2011/04/12 20:37:22 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{74B4FD19-C237-49B7-9A71-0A4B0BCAC6D2}
[2011/04/12 20:11:54 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/04/12 20:11:54 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/04/12 20:11:54 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/04/12 20:11:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/04/12 20:11:52 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/04/12 20:11:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/04/12 20:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trine
[2011/04/12 20:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trine
[2011/04/11 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{6E0EA89E-9FD8-4662-B516-8DD686F48B71}
[2011/04/10 20:12:27 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2011/04/10 19:48:11 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{8D1704BB-70FB-4DDE-BB53-82356AB6C000}
[2011/04/09 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\{58F6FBD7-6C8F-4C6B-9C48-C8E04AE718BE}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/08 20:59:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3275692123-652763339-3036236901-1000UA.job
[2011/05/08 15:18:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/08 14:40:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 14:40:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 14:21:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 10:37:00 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\EIKORNYQY.job
[2011/05/08 10:36:40 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 00:00:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
[2011/05/07 23:49:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 11:00:27 | 000,002,359 | ---- | M] () -- C:\Users\Jimmy\Desktop\Google Chrome.lnk
[2011/05/02 12:16:19 | 000,032,100 | ---- | M] () -- C:\Users\Jimmy\Documents\log.reg
[2011/04/29 19:20:38 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 19:20:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/04/29 19:18:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/29 19:18:32 | 000,705,888 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/29 19:18:32 | 000,138,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/29 19:17:49 | 000,860,758 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/29 17:20:43 | 000,001,437 | ---- | M] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/29 16:51:51 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/04/29 16:51:51 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/29 16:51:51 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/04/29 16:51:51 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/04/29 16:51:51 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/04/29 16:51:50 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/04/29 16:51:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/29 16:51:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/04/29 16:51:50 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/04/29 16:51:50 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/04/29 16:51:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/04/29 16:51:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/29 16:51:49 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/04/29 16:51:49 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/04/29 16:51:49 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/29 16:51:49 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/29 16:51:49 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/04/29 16:51:49 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/04/29 16:51:49 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/04/29 16:51:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/29 16:51:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/04/29 16:51:49 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/04/29 16:51:49 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/29 16:51:49 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/04/29 16:51:49 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/04/29 16:51:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/04/29 16:51:49 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/29 16:51:48 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/29 16:51:48 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/29 16:51:48 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/04/29 16:51:48 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/04/29 16:51:48 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/04/29 16:51:48 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/04/29 16:51:48 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/29 16:51:48 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/04/29 16:51:48 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/04/29 16:51:48 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/29 16:51:48 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/04/29 16:51:48 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/04/29 16:51:46 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/04/29 16:51:45 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/04/29 16:51:45 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/04/29 16:51:45 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/04/29 16:51:45 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/04/29 16:51:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/04/29 16:51:45 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/04/29 16:51:45 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/04/29 16:51:45 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/04/29 16:51:45 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/04/29 16:51:45 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/04/29 16:51:44 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/29 16:51:44 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/29 16:51:44 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/04/29 16:51:44 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/29 16:51:44 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/04/29 16:51:44 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/29 16:51:44 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/04/29 16:51:44 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/04/29 16:51:44 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/04/29 16:51:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/04/29 16:51:44 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/04/29 16:51:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/04/29 16:51:44 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/29 16:51:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/04/29 16:51:43 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/04/29 16:51:43 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/29 16:51:43 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/29 16:51:43 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/04/29 16:51:43 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/04/29 16:51:43 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/04/29 16:51:43 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/04/29 16:51:43 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/04/29 16:51:43 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/29 16:51:43 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/04/29 16:51:43 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/04/29 16:51:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/04/29 16:51:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/29 16:51:43 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/04/29 16:51:43 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/29 16:51:42 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/28 15:40:22 | 000,851,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/27 09:41:11 | 000,000,036 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\housecall.guid.cache
[2011/04/22 14:29:34 | 000,001,001 | ---- | M] () -- C:\Users\Jimmy\Desktop\Dropbox.lnk
[2011/04/21 18:05:40 | 000,175,558 | ---- | M] () -- C:\Users\Jimmy\Documents\2010 T4 School.pdf
[2011/04/21 07:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3275692123-652763339-3036236901-1000Core.job
[2011/04/18 11:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 11:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/04/18 11:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/04/18 11:18:01 | 000,287,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/04/18 11:17:59 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/18 11:16:23 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/04/18 11:13:24 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/04/18 11:13:13 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/04/18 11:13:01 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/04/15 11:33:21 | 000,416,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/12 20:13:33 | 000,001,012 | ---- | M] () -- C:\Users\Jimmy\Desktop\Trine.lnk
[2011/04/10 23:56:37 | 000,001,739 | ---- | M] () -- C:\Users\Jimmy\Desktop\Prolog.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/08 15:18:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/05/08 15:16:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/07 23:49:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/29 19:20:38 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/29 19:20:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/04/29 17:41:49 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/29 16:51:49 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/29 16:51:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/27 19:18:01 | 000,032,100 | ---- | C] () -- C:\Users\Jimmy\Documents\log.reg
[2011/04/27 17:36:04 | 000,000,302 | -HS- | C] () -- C:\Windows\tasks\EIKORNYQY.job
[2011/04/27 09:41:11 | 000,000,036 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\housecall.guid.cache
[2011/04/24 10:00:30 | 000,860,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/24 09:50:50 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2011/04/22 14:29:34 | 000,001,001 | ---- | C] () -- C:\Users\Jimmy\Desktop\Dropbox.lnk
[2011/04/21 18:05:40 | 000,175,558 | ---- | C] () -- C:\Users\Jimmy\Documents\2010 T4 School.pdf
[2011/04/12 20:13:33 | 000,001,012 | ---- | C] () -- C:\Users\Jimmy\Desktop\Trine.lnk
[2011/01/19 01:25:12 | 000,008,704 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 01:11:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/04 14:20:03 | 000,007,605 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\Resmon.ResmonCfg
[2010/09/14 20:04:05 | 000,000,600 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\winscp.rnd
[2010/09/12 14:26:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

< End of report >


Thank You Very Much :)

#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:24 PM

Posted 09 May 2011 - 08:39 AM

Hi again Ukanuka!!.. :)

When I ran the ESET Online Scanner
It finished and there was no bug or threat, but I couldn't find the log that you speak of anywhere on my computer :(.

No problem if there were no threats found!.. :)

Ok, please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]
    [RESETHOSTS]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

Thirdly,
Open Notepad and copy and paste next present in the quotebox:

@echo off
REG QUERY "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" /v Start > look.txt
echo. >> look.txt
type "C:\Windows\tasks\EIKORNYQY.job" >> look.txt
notepad look.txt
del look.txt
del %0

Save this as look.bat , choose to save as *all files and place it on your Desktop.
It should look like this: Posted Image
Right-click on it, and choose: Run as administrator... A Notepad should open.
Copy and paste the contents of it in your next reply.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 Ukanuka

Ukanuka
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 09 May 2011 - 12:16 PM

Hey Again :D, Thanks for helping again! :D

So.. I did the OTL Run Fix with this:
:OTL
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
:Commands
[EmptyTemp]
[EMPTYFLASH]
[RESETHOSTS]

But then... my computer went to just my wallpaper, and after a few mins, it restarted.. is that suppose to happen?. Thats what happened and then on my desktop there was 2 new hidden files, both named desktop.ini.

--------------

I ran it one more time and this time it ran, so I am not sure if I did something wrong before so it restarted?.
And This time it asked The system requires a reboot to finish removing files. Click Ok to reboot now.
So I clicked OK. And then it restarted and heres the Log:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jimmy
->Temp folder emptied: 10349196 bytes
->Temporary Internet Files folder emptied: 10367259 bytes
->Java cache emptied: 14427588 bytes
->Google Chrome cache emptied: 354130020 bytes
->Flash cache emptied: 7570 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 371.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: Jimmy
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_111748

Files\Folders moved on Reboot...
C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e7b not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e7c not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e7d not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e7f not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e80 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e81 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e82 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e83 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006e84 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f34 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f36 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f37 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f38 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f39 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f3a not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f3b not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f3c not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f3d not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f3e not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f3f not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f40 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f41 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f42 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f43 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f44 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f45 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f46 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f47 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f48 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f49 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f4a not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f4b not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f4c not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f4d not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f4e not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f4f not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f50 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f51 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f52 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f53 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f54 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f55 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f56 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f57 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_006f58 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b1 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b2 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b3 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b4 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b5 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b6 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b7 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b8 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071b9 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071ba not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071bb not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071bc not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071bd not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071be not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071bf not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c0 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c1 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c2 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c3 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c5 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c6 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c7 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c8 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071c9 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071ca not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071cb not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071cc not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071cd not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071ce not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071cf not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071d0 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071d1 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071d2 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071d3 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071d4 not found!
File\Folder C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0071d5 not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

The TDSSKiller Log:
2011/05/09 11:27:20.0476 1712 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/09 11:27:21.0255 1712 ================================================================================
2011/05/09 11:27:21.0255 1712 SystemInfo:
2011/05/09 11:27:21.0255 1712
2011/05/09 11:27:21.0255 1712 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/09 11:27:21.0255 1712 Product type: Workstation
2011/05/09 11:27:21.0255 1712 ComputerName: JIMMY-PC
2011/05/09 11:27:21.0256 1712 UserName: Jimmy
2011/05/09 11:27:21.0256 1712 Windows directory: C:\Windows
2011/05/09 11:27:21.0256 1712 System windows directory: C:\Windows
2011/05/09 11:27:21.0256 1712 Running under WOW64
2011/05/09 11:27:21.0256 1712 Processor architecture: Intel x64
2011/05/09 11:27:21.0256 1712 Number of processors: 2
2011/05/09 11:27:21.0256 1712 Page size: 0x1000
2011/05/09 11:27:21.0256 1712 Boot type: Normal boot
2011/05/09 11:27:21.0256 1712 ================================================================================
2011/05/09 11:27:21.0634 1712 Initialize success
2011/05/09 11:27:25.0239 2552 ================================================================================
2011/05/09 11:27:25.0240 2552 Scan started
2011/05/09 11:27:25.0240 2552 Mode: Manual;
2011/05/09 11:27:25.0240 2552 ================================================================================
2011/05/09 11:27:25.0837 2552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/05/09 11:27:25.0953 2552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/09 11:27:26.0018 2552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/09 11:27:26.0116 2552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/09 11:27:26.0199 2552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/09 11:27:26.0279 2552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/09 11:27:26.0437 2552 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/09 11:27:26.0572 2552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/09 11:27:26.0700 2552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/09 11:27:26.0807 2552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/09 11:27:26.0924 2552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/09 11:27:26.0948 2552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/09 11:27:27.0060 2552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/05/09 11:27:27.0112 2552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/09 11:27:27.0164 2552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/05/09 11:27:27.0270 2552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/09 11:27:27.0438 2552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/09 11:27:27.0486 2552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/09 11:27:27.0653 2552 aswFsBlk (499af6f57cf093642d647cafc006deaa) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/09 11:27:27.0737 2552 aswMonFlt (54edf58577868baf01d25d8359f9e84f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/09 11:27:27.0795 2552 aswRdr (e69cdc2d04a0a4b338a933c44bdb0fd4) C:\Windows\system32\drivers\aswRdr.sys
2011/05/09 11:27:27.0905 2552 aswSnx (22f7ed60f9fa6272af7f35813ca548d6) C:\Windows\system32\drivers\aswSnx.sys
2011/05/09 11:27:27.0983 2552 aswSP (be84efcd3cdd11ddcc79f3ecab47e827) C:\Windows\system32\drivers\aswSP.sys
2011/05/09 11:27:28.0060 2552 aswTdi (0bf5483e5fb88d85638708e7d56300d8) C:\Windows\system32\drivers\aswTdi.sys
2011/05/09 11:27:28.0110 2552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/09 11:27:28.0193 2552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/09 11:27:28.0298 2552 athr (622b96bbc02274c98c67e0ae5b383dc6) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/09 11:27:28.0536 2552 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/09 11:27:28.0804 2552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/09 11:27:28.0868 2552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/09 11:27:28.0925 2552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/09 11:27:29.0006 2552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/09 11:27:29.0103 2552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/09 11:27:29.0145 2552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/09 11:27:29.0168 2552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/09 11:27:29.0224 2552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/09 11:27:29.0268 2552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/09 11:27:29.0293 2552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/09 11:27:29.0321 2552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/09 11:27:29.0409 2552 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/05/09 11:27:29.0463 2552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/09 11:27:29.0517 2552 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/09 11:27:29.0576 2552 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys
2011/05/09 11:27:29.0638 2552 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys
2011/05/09 11:27:29.0692 2552 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
2011/05/09 11:27:29.0767 2552 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
2011/05/09 11:27:29.0840 2552 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/05/09 11:27:29.0935 2552 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/05/09 11:27:29.0981 2552 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/09 11:27:30.0028 2552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/09 11:27:30.0115 2552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/09 11:27:30.0174 2552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/09 11:27:30.0234 2552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/09 11:27:30.0324 2552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/09 11:27:30.0386 2552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/09 11:27:30.0471 2552 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/09 11:27:30.0528 2552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/09 11:27:30.0599 2552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/09 11:27:30.0771 2552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/09 11:27:30.0889 2552 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/05/09 11:27:30.0999 2552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/09 11:27:31.0055 2552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/09 11:27:31.0126 2552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/09 11:27:31.0196 2552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/09 11:27:31.0273 2552 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/05/09 11:27:31.0363 2552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/09 11:27:31.0506 2552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/09 11:27:31.0650 2552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/09 11:27:31.0722 2552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/09 11:27:31.0797 2552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/09 11:27:31.0846 2552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/09 11:27:31.0901 2552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/09 11:27:31.0962 2552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/09 11:27:31.0987 2552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/09 11:27:32.0020 2552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/09 11:27:32.0094 2552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/09 11:27:32.0142 2552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/09 11:27:32.0183 2552 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/09 11:27:32.0265 2552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/09 11:27:32.0315 2552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/09 11:27:32.0377 2552 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/09 11:27:32.0419 2552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/09 11:27:32.0517 2552 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/09 11:27:32.0609 2552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/09 11:27:32.0643 2552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/09 11:27:32.0683 2552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/09 11:27:32.0717 2552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/09 11:27:32.0781 2552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/09 11:27:32.0875 2552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/09 11:27:32.0981 2552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/09 11:27:33.0055 2552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/09 11:27:33.0107 2552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/09 11:27:33.0181 2552 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/09 11:27:33.0316 2552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/05/09 11:27:33.0402 2552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/09 11:27:33.0534 2552 IntcAzAudAddService (9c1d5314d42b7f1bd6ad6fb1ba8870a8) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/09 11:27:33.0605 2552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/09 11:27:33.0651 2552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/09 11:27:33.0721 2552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/09 11:27:33.0793 2552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/09 11:27:33.0839 2552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/09 11:27:33.0909 2552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/09 11:27:33.0950 2552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/09 11:27:33.0995 2552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/09 11:27:34.0077 2552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/09 11:27:34.0155 2552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/09 11:27:34.0220 2552 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/09 11:27:34.0282 2552 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/09 11:27:34.0321 2552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/09 11:27:34.0422 2552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/09 11:27:34.0493 2552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/09 11:27:34.0534 2552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/09 11:27:34.0573 2552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/09 11:27:34.0600 2552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/09 11:27:34.0652 2552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/09 11:27:34.0699 2552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/09 11:27:34.0746 2552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/09 11:27:34.0805 2552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/09 11:27:34.0897 2552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/09 11:27:34.0964 2552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/09 11:27:35.0028 2552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/09 11:27:35.0095 2552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/09 11:27:35.0157 2552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/09 11:27:35.0234 2552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/09 11:27:35.0307 2552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/09 11:27:35.0373 2552 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/09 11:27:35.0411 2552 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/09 11:27:35.0451 2552 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/09 11:27:35.0531 2552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/09 11:27:35.0580 2552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/09 11:27:35.0654 2552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/09 11:27:35.0696 2552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/09 11:27:35.0765 2552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/09 11:27:35.0824 2552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/09 11:27:35.0847 2552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/09 11:27:35.0876 2552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/09 11:27:35.0948 2552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/09 11:27:35.0998 2552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/09 11:27:36.0035 2552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/09 11:27:36.0066 2552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/09 11:27:36.0116 2552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/09 11:27:36.0179 2552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/09 11:27:36.0278 2552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/09 11:27:36.0335 2552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/09 11:27:36.0384 2552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/09 11:27:36.0452 2552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/09 11:27:36.0512 2552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/09 11:27:36.0577 2552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/09 11:27:36.0628 2552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/09 11:27:36.0696 2552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/09 11:27:36.0816 2552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/09 11:27:36.0877 2552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/09 11:27:36.0927 2552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/09 11:27:37.0039 2552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/05/09 11:27:37.0107 2552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/09 11:27:37.0168 2552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/05/09 11:27:37.0218 2552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/05/09 11:27:37.0293 2552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/09 11:27:37.0348 2552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/09 11:27:37.0443 2552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/09 11:27:37.0509 2552 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/09 11:27:37.0576 2552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/09 11:27:37.0633 2552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/09 11:27:37.0670 2552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/09 11:27:37.0721 2552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/09 11:27:37.0775 2552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/09 11:27:37.0947 2552 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
2011/05/09 11:27:38.0055 2552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/09 11:27:38.0090 2552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/09 11:27:38.0197 2552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/09 11:27:38.0266 2552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/09 11:27:38.0331 2552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/09 11:27:38.0371 2552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/09 11:27:38.0404 2552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/09 11:27:38.0471 2552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/09 11:27:38.0549 2552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/09 11:27:38.0598 2552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/09 11:27:38.0642 2552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/09 11:27:38.0711 2552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/09 11:27:38.0750 2552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/09 11:27:38.0786 2552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/09 11:27:38.0863 2552 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/05/09 11:27:38.0928 2552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/09 11:27:38.0973 2552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/09 11:27:39.0036 2552 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/09 11:27:39.0110 2552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/09 11:27:39.0191 2552 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/09 11:27:39.0263 2552 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/05/09 11:27:39.0341 2552 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/05/09 11:27:39.0406 2552 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/05/09 11:27:39.0486 2552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/09 11:27:39.0554 2552 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/05/09 11:27:39.0636 2552 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
2011/05/09 11:27:39.0704 2552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/09 11:27:39.0781 2552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/09 11:27:39.0845 2552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/09 11:27:39.0917 2552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/09 11:27:39.0951 2552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/09 11:27:39.0990 2552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/09 11:27:40.0093 2552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/09 11:27:40.0134 2552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/09 11:27:40.0169 2552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/09 11:27:40.0209 2552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/09 11:27:40.0258 2552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/09 11:27:40.0293 2552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/09 11:27:40.0349 2552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/09 11:27:40.0430 2552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/09 11:27:40.0560 2552 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/09 11:27:40.0623 2552 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/09 11:27:40.0664 2552 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/09 11:27:40.0717 2552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/09 11:27:40.0828 2552 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/09 11:27:40.0885 2552 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/05/09 11:27:40.0922 2552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/09 11:27:40.0999 2552 SynTP (3c80203c725c28cea5713d1ab242880a) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/09 11:27:41.0141 2552 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/09 11:27:41.0247 2552 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/09 11:27:41.0341 2552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/09 11:27:41.0389 2552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/09 11:27:41.0414 2552 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/09 11:27:41.0495 2552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/09 11:27:41.0561 2552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/05/09 11:27:41.0672 2552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/09 11:27:41.0751 2552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/09 11:27:41.0839 2552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/09 11:27:41.0887 2552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/09 11:27:41.0965 2552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/09 11:27:42.0060 2552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/09 11:27:42.0115 2552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/05/09 11:27:42.0154 2552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/09 11:27:42.0228 2552 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/09 11:27:42.0268 2552 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/09 11:27:42.0334 2552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/09 11:27:42.0375 2552 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/09 11:27:42.0434 2552 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/05/09 11:27:42.0472 2552 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/09 11:27:42.0505 2552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/09 11:27:42.0573 2552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/09 11:27:42.0616 2552 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/09 11:27:42.0665 2552 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/09 11:27:42.0742 2552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/09 11:27:42.0787 2552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/09 11:27:42.0828 2552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/09 11:27:42.0893 2552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/09 11:27:42.0963 2552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/09 11:27:43.0031 2552 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/05/09 11:27:43.0068 2552 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/09 11:27:43.0140 2552 VMC326 (43d92bf1df2f65ef2de2d02de4573c54) C:\Windows\system32\Drivers\VMC326.sys
2011/05/09 11:27:43.0184 2552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/09 11:27:43.0264 2552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/09 11:27:43.0321 2552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/09 11:27:43.0398 2552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/09 11:27:43.0451 2552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/09 11:27:43.0504 2552 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/09 11:27:43.0560 2552 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/09 11:27:43.0622 2552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/09 11:27:43.0725 2552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 11:27:43.0747 2552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 11:27:43.0870 2552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/09 11:27:43.0919 2552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/09 11:27:44.0027 2552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/09 11:27:44.0068 2552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/09 11:27:44.0222 2552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/09 11:27:44.0319 2552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/09 11:27:44.0423 2552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/09 11:27:44.0485 2552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/09 11:27:44.0577 2552 yukonw7 (e793283bdec1af93e00ca71767b9934c) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/09 11:27:44.0965 2552 ================================================================================
2011/05/09 11:27:44.0965 2552 Scan finished
2011/05/09 11:27:44.0966 2552 ================================================================================
2011/05/09 11:27:49.0806 2968 Deinitialize success

The look.bat File:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
Start REG_DWORD 0x4


Thanks again :D

Edited by Ukanuka, 09 May 2011 - 12:31 PM.


#9 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:24 PM

Posted 09 May 2011 - 04:39 PM

Hi again Ukanuka!!.. :)

Thanks for helping again! :D

:)

But then... my computer went to just my wallpaper, and after a few mins, it restarted.. is that suppose to happen?. Thats what happened and then on my desktop there was 2 new hidden files, both named desktop.ini.

Looks like a hiccup of some sort... Anyway, you did good by running it one more time...

Ok, your logs look clean to me... However, I cannot determine if this is a legit file: C:\Windows\tasks\EIKORNYQY.job - the batch file (the last post) was supposed to show more information on it, no luck, though... It looks suspicious, so the script below will remove it (if you notice something doesn't run as it should afterwards, we can always put that file back)... The script below will also turn the Windows Security Service back on (you'll need to reboot to notice the change)...
If you still see those 2 desktop.ini files on your Desktop, you need to re-configure Windows to hide hidden files - refer to this tutorial: How to show hidden files in Windows 7 - place a checkmark next to: Hide extensions for known file types and Hide protected operating system files (Recommended). Save the changes...

Please tell me if any problem remains!..

Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :processes
    killallprocesses
    :OTL
    [2011/05/08 10:37:00 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\EIKORNYQY.job
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
    "Start"=dword:00000002

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#10 Ukanuka

Ukanuka
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 10 May 2011 - 01:07 AM

Thanks Very Much Again :D

So when I ran OTL, it seems have automatically restarted again... and said that there was a problem and the computer will reboot please save your work.
But it went through and Heres the Log:

========== PROCESSES ==========
All processes killed
========== OTL ==========
File C:\Windows\tasks\EIKORNYQY.job not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\\"Start"|dword:00000002 /E : value set successfully!

OTL by OldTimer - Version 3.2.22.3 log created on 05102011_000304

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


------------

So I am not sure how to check if Windows Security Service is officially back on?

Thanks for the help :D

Edited by Ukanuka, 10 May 2011 - 01:08 AM.


#11 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:24 PM

Posted 10 May 2011 - 05:51 AM

Hi again Ukanuka!!.. :)

Logs look clean to me... Is your computer running smoothly now?.. All problems with it gone now?..

So I am not sure how to check if Windows Security Service is officially back on?

Refer to this tutorial: How to Start or Disable Services in Windows 7 - follow the steps 1 to 4, right-click the Security Center Service, choose: Properties:
- Startup type - should be: Automatic (that's what the previous script did)
- Service status - should be: Running

Ok, if everything is running smoothly, you're good to go!.. Some final steps to perform:

Firstly,
Your 64bit version of Java is outdated!
Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 21 (64-bit)

Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 6 Update 25".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, check the box that says: "Accept License Agreement".
  • Click on the link: jre-6u25-windows-x64.exe to download an offline installer for Windows x64. Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your Desktop double-click on the file that you've downloaded to install the newest version.

Secondly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Thirdly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#12 Ukanuka

Ukanuka
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 10 May 2011 - 12:37 PM

Hello Again :D

Thank you Very much for the help the past few days!.

I went to services, to check on the Security Center, the Status said: Started, it didn't say Running, not sure if that is the same thing.

I have done everything else you have told me and it looks like my computer is running fine now and if not better :D

A Few Last Questions:
What is a Good Free Antivirus Program?
I am using Avast and it seems like it is pretty good :D so I am not sure.

How do I keep my drivers and stuff up to date? Is there a free program that will do this for me?


Thank you So much for the help!, Greatly Appreciate it :)

Ukanuka

#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:24 PM

Posted 10 May 2011 - 01:27 PM

Hi again!.. :)

Thank you Very much for the help the past few days!.

You're welcome!.. :)

I went to services, to check on the Security Center, the Status said: Started, it didn't say Running, not sure if that is the same thing.

Yes, sorry, it should say Started, actually - I have a Polish version of Windows and did not check it thoroughly first... So "Started" is good...

What is a Good Free Antivirus Program?
I am using Avast and it seems like it is pretty good :D so I am not sure.

How do I keep my drivers and stuff up to date? Is there a free program that will do this for me?

Yes, Avast! is a pretty good antivirus and recommended by many experts here as a good free security product... I do also recommend it...
The most important Drivers updates (eg. video Drivers) should be offered to you by Windows Update itself - as an optional install...
When it comes to keeping all your other programs updated, I recommend Secunia Personal Software Inspector - I link to this program and the tutorial on using it on my protection site I gave you a link to in my previous post: A few steps to make your web browsing safer (see point #3) :)
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 Ukanuka

Ukanuka
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 11 May 2011 - 04:36 PM

Alright Thanks sooo much!!! :D

Doesn't Secunia Personal Software Inspector only scan for programs that are out of date?, What about Drivers?, such as video cards drivers and the other internal stuff on my computer?

Oh I have another problem with my computer that happened after I upgraded from Windows Vista to Windows 7 is a Pixel Problem for watching videos? It seems that my graphics for any video has become very pixely and its hard to see anything :( What could be the cause of this?

Thank You So Much!, Sorry for being annoying and asking so many questions :(

Edited by Ukanuka, 11 May 2011 - 09:45 PM.


#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:05:24 PM

Posted 12 May 2011 - 12:47 PM

Hi again Ukanuka!!.. :)

Sorry for being annoying and asking so many questions :(

No problem at all!..

Doesn't Secunia Personal Software Inspector only scan for programs that are out of date?, What about Drivers?, such as video cards drivers and the other internal stuff on my computer?

As I said, Windows itself (through Windows Update) checks for Drivers updates, see here for more information: Automatically get recommended drivers and updates for your hardware - be sure to click on Show all below the main part of the article, to read the whole text... To sum it up, Windows can either install all the Drivers updates automatically, check for Drivers updates and notify you when they're ready to be installed or never check/install them...
If you still want to take a look at third-party products, see for example here: The All New PC Matic, but I do not guarantee all their products are free...

Oh I have another problem with my computer that happened after I upgraded from Windows Vista to Windows 7 is a Pixel Problem for watching videos? It seems that my graphics for any video has become very pixely and its hard to see anything :( What could be the cause of this?

Well, I need to know if the problem occurs for YouTube videos only, for films you play on your computer or for any video being played...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users