Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Keeps Redirecting


  • This topic is locked This topic is locked
21 replies to this topic

#1 fabrod

fabrod

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 19 June 2011 - 04:19 PM

OK, so I have Windows 7 64bit. I recently caught a couple of different viruses on my computer. The first one caused what looked like it deleted all my files and programs. I was not able to pull any programs up. I was able to reset my computer to a previous date which brought back my programs but I noticed my folders where transparent looking. My compter seemed to work ok other than that. More recently I caught the windows 7 repair virus. I was able to remove some of the virus using the methods on the Windows 7 Repair Uninstall directions provided on this site but the google redirect seems to still be lindering. I have just followed the steps on the preparation guide. Much appreciated for all your help, below are my logs "attach.txt & DDS.txt" the Gmer log directions said 64bit version of windows would not allow it to work so I didn't bother.

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Fabian at 11:29:53 on 2011-06-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.1838 [GMT -7:00]
.
AV: Trend Micro AntiVirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro AntiVirus *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
c:\programdata\p2pgraph32.exe
C:\ProgramData\dimsroam32.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
c:\programdata\api-ms-win-core-io-l1-1-032.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\HomePipe Networks\HomePipe Agent\HomePipe.AgentUtility.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Cobian Backup 10\Cobian.exe
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Fabian\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Fabian\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: {01f55e0f-12ca-4747-8a82-e320affd17ad} - C:\Windows\SysWow64\api-ms-win-core-io-l1-1-032.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: b4974919: {0c5ff919-a899-200b-56c6-ec044e2e08fc} - C:\ProgramData\gpapi32.dll
BHO: b4974919: {0e61bb30-cee0-c307-0bae-8242fbd1814e} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {1204de82-82d3-3a92-2d3f-37f730c82ab8} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {12ed7ca9-77ab-953e-fc38-1fc825b4fe6b} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {14bf1c22-4588-b371-c86a-96cd268db419} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {168b2b41-0de1-dfd1-1211-3b7af97be7fa} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: b4974919: {190d7e5a-c2b9-3058-cfb0-40a52ca57ce3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {1c987efc-0209-9348-4c82-31e76a1dbe60} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {2564b548-4c65-fe12-70a5-d48f76acb549} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {286ba5aa-fc33-ebd3-3e22-cfed944a1421} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {31b51f76-2736-3609-632f-7f685502497e} - C:\ProgramData\gpapi32.dll
BHO: b4974919: {34d43dd2-1697-6c11-6976-b09036a3b230} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {369c0cb8-b2b8-7ef7-153a-c03dcc7dfead} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {48913c52-c82f-83c0-689b-0d82f49c59f9} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {4e86c4d6-59ba-d246-1f99-7c8b28290e54} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {5117e5c7-66e2-4f60-a238-f5b05cacf2f3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {5f237f03-b4df-076d-96c8-c67cf89aa22f} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {616c676b-e2a4-36c6-c1fd-62d4cf5bec89} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {671a19dd-6141-e723-2f8e-fb842c5e7690} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {6dda110d-4c9b-66b9-343a-0b5cca4e8601} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: b4974919: {93b6996a-3cd2-8679-85c7-357a6a0bc6ef} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {94505469-ded4-6d92-a694-2bad05529b9f} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {976ec527-16a3-3665-7ab8-503c4dd0950c} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {99e2fe97-323b-522b-98c4-b244689d8dc0} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {9bf8a0ee-0edb-fe4d-d501-1ae6699a8730} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {9ee59089-4679-2473-9819-ae93271111cc} - C:\ProgramData\gpapi32.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: b4974919: {b19c0e78-d427-3313-2d61-ce1e575e9f8a} - C:\ProgramData\gpapi32.dll
BHO: b4974919: {b50b4782-8f48-c0a8-c38c-a625b685837a} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {b5f00750-52d7-f7aa-0721-649cdf86b17c} - C:\ProgramData\gpapi32.dll
BHO: b4974919: {b8f09270-2e28-d10c-d67e-4db8605f6c52} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {c85a9635-ccfe-b341-9b16-3a81441f55d4} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {c9526d6a-711b-543f-c5d2-3c4195ddefec} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: b4974919: {d580ef37-d72b-87bb-29e6-b17625d19715} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {d9ed874a-8271-22f3-c24e-937664c94443} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {db9ed81d-1b29-1be4-6d86-3d7e3d6fbd95} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {dd8fa737-6cd6-0596-dd17-93555f80cf7b} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: b4974919: {e652dd9a-1f40-be2b-d160-d2d0c73c3fc3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {e93a3ded-4698-c03d-ae6e-c378e8dd5e2b} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {ef36b0d9-1198-3d78-ae10-fd6f1ef00a7f} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {efa62b57-1fd3-e6c4-3a42-9029be0d6b25} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {f43907b1-8803-a190-26df-8af69d52e506} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: b4974919: {f67889b1-d48a-5e56-8e5c-48315f45ace0} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: b4974919: {f8aee6a0-abe6-28e0-48ed-2577457d1ed1} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [HomePipeAgentUtility] C:\Program Files (x86)\HomePipe Networks\HomePipe Agent\HomePipe.AgentUtility.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
StartupFolder: C:\Users\Fabian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Fabian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Microsoft Office Groove.lnk - C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
StartupFolder: C:\Users\Fabian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Device Detector 3.lnk - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D500C10C-12EE-4F27-817F-8D695B8B929D} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{F65D4F09-7977-459A-9B92-B7A75DF4F7A6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F65D4F09-7977-459A-9B92-B7A75DF4F7A6}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{F65D4F09-7977-459A-9B92-B7A75DF4F7A6}\336303F53586F62747F53516C656 : DhcpNameServer = 66.180.96.12 64.238.96.12
TCP: Interfaces\{F65D4F09-7977-459A-9B92-B7A75DF4F7A6}\643525336303 : DhcpNameServer = 192.168.2.254
TCP: Interfaces\{F65D4F09-7977-459A-9B92-B7A75DF4F7A6}\96C69716E65647 : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL, acaptuser32.dll, C:\ProgramData\gpapi32.dll,C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
C:\Windows\SysWow64\api-ms-win-core-io-l1-1-032.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: b4974919: {0C5FF919-A899-200B-56C6-EC044E2E08FC} - C:\ProgramData\gpapi32.dll
BHO-X64: b4974919: {0E61BB30-CEE0-C307-0BAE-8242FBD1814E} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {1204DE82-82D3-3A92-2D3F-37F730C82AB8} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {12ED7CA9-77AB-953E-FC38-1FC825B4FE6B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {14BF1C22-4588-B371-C86A-96CD268DB419} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {168B2B41-0DE1-DFD1-1211-3B7AF97BE7FA} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: b4974919: {190D7E5A-C2B9-3058-CFB0-40A52CA57CE3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {1C987EFC-0209-9348-4C82-31E76A1DBE60} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {2564B548-4C65-FE12-70A5-D48F76ACB549} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {286BA5AA-FC33-EBD3-3E22-CFED944A1421} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {31B51F76-2736-3609-632F-7F685502497E} - C:\ProgramData\gpapi32.dll
BHO-X64: b4974919: {34D43DD2-1697-6C11-6976-B09036A3B230} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {369C0CB8-B2B8-7EF7-153A-C03DCC7DFEAD} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {48913C52-C82F-83C0-689B-0D82F49C59F9} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {4E86C4D6-59BA-D246-1F99-7C8B28290E54} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {5117E5C7-66E2-4F60-A238-F5B05CACF2F3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {5F237F03-B4DF-076D-96C8-C67CF89AA22F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {616C676B-E2A4-36C6-C1FD-62D4CF5BEC89} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {671A19DD-6141-E723-2F8E-FB842C5E7690} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {6DDA110D-4C9B-66B9-343A-0B5CCA4E8601} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: b4974919: {93B6996A-3CD2-8679-85C7-357A6A0BC6EF} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {94505469-DED4-6D92-A694-2BAD05529B9F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {976EC527-16A3-3665-7AB8-503C4DD0950C} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {99E2FE97-323B-522B-98C4-B244689D8DC0} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {9BF8A0EE-0EDB-FE4D-D501-1AE6699A8730} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {9EE59089-4679-2473-9819-AE93271111CC} - C:\ProgramData\gpapi32.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: b4974919: {B19C0E78-D427-3313-2D61-CE1E575E9F8A} - C:\ProgramData\gpapi32.dll
BHO-X64: b4974919: {B50B4782-8F48-C0A8-C38C-A625B685837A} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {B5F00750-52D7-F7AA-0721-649CDF86B17C} - C:\ProgramData\gpapi32.dll
BHO-X64: b4974919: {B8F09270-2E28-D10C-D67E-4DB8605F6C52} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {C85A9635-CCFE-B341-9B16-3A81441F55D4} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {C9526D6A-711B-543F-C5D2-3C4195DDEFEC} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: b4974919: {D580EF37-D72B-87BB-29E6-B17625D19715} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {D9ED874A-8271-22F3-C24E-937664C94443} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {DB9ED81D-1B29-1BE4-6D86-3D7E3D6FBD95} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {DD8FA737-6CD6-0596-DD17-93555F80CF7B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: b4974919: {E652DD9A-1F40-BE2B-D160-D2D0C73C3FC3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {E93A3DED-4698-C03D-AE6E-C378E8DD5E2B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {EF36B0D9-1198-3D78-AE10-FD6F1EF00A7F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {EFA62B57-1FD3-E6C4-3A42-9029BE0D6B25} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {F43907B1-8803-A190-26DF-8AF69D52E506} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: b4974919: {F67889B1-D48A-5E56-8E5C-48315F45ACE0} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: b4974919: {F8AEE6A0-ABE6-28E0-48ED-2577457D1ED1} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [HomePipeAgentUtility] C:\Program Files (x86)\HomePipe Networks\HomePipe Agent\HomePipe.AgentUtility.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL, acaptuser32.dll, C:\ProgramData\gpapi32.dll,C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Fabian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-8-25 89600]
R2 AudioSrv32;Windows Audio ;C:\ProgramData\P2PGraph32.exe [2011-6-12 785920]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-6-18 67584]
R2 CertPropSvc32;Certificate Propagation ;C:\ProgramData\api-ms-win-core-io-l1-1-032.exe [2011-6-12 785920]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-18 399416]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-9 228408]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 QuickBooksDB19;QuickBooksDB19;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-6-7 917768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-25 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-25 30192]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-25 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 PolicyAgent32;IPsec Policy Agent ;c:\windows\system32\setupcln32.exe --> c:\windows\system32\setupcln32.exe [?]
.
=============== Created Last 30 ================
.
2011-06-19 06:36:09 -------- d-----w- C:\Users\Fabian\AppData\Local\Safe mirror
2011-06-19 06:34:15 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2011-06-18 20:40:42 -------- d-----w- C:\ProgramData\kinoma
2011-06-18 20:40:38 -------- d-----w- C:\Users\Fabian\AppData\Local\kinoma
2011-06-18 20:39:59 -------- d-----w- C:\Users\Fabian\AppData\Local\Sony Corporation
2011-06-18 20:39:59 -------- d-----w- C:\Program Files (x86)\Sony
2011-06-18 20:39:59 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2011-06-18 00:46:02 168960 ------w- C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
2011-06-18 00:34:50 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-18 00:32:24 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-06-18 00:28:07 -------- d-----w- C:\Users\Fabian\AppData\Local\Secunia PSI
2011-06-18 00:27:57 -------- d-----w- C:\Program Files (x86)\Secunia
2011-06-17 23:14:12 -------- d-----w- C:\Users\Fabian\AppData\Roaming\Malwarebytes
2011-06-17 23:14:06 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-17 23:14:05 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-17 23:14:02 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-17 23:14:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-16 21:50:02 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-16 21:50:00 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 21:50:00 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-13 02:39:35 785920 ----a-w- C:\ProgramData\P2PGraph32.exe
2011-06-13 01:24:42 785920 ----a-w- C:\ProgramData\dimsroam32.exe
2011-06-12 23:56:45 785920 ----a-w- C:\ProgramData\api-ms-win-core-io-l1-1-032.exe
2011-06-12 23:42:20 785920 ----a-w- C:\ProgramData\sqlwid32.exe
2011-06-12 03:15:25 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-06-12 03:13:32 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2011-06-12 02:43:35 151552 --sha-r- C:\Windows\SysWow64\chkdsk5.dll
2011-06-10 03:28:50 785920 ----a-w- C:\ProgramData\gpapi32.exe
2011-06-09 20:13:06 -------- d-----w- C:\Program Files\Babylon
2011-06-09 20:13:06 -------- d-----w- C:\Program Files (x86)\Babylon
2011-06-08 01:25:50 -------- d-----w- C:\ProgramData\Skype Extras
2011-05-25 16:34:08 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
.
==================== Find3M ====================
.
2011-06-18 00:38:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-08 01:07:03 72080 ----a-w- C:\Users\Fabian\g2mdlhlpx.exe
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 11:30:52.50 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2009 3:11:35 PM
System Uptime: 6/19/2011 3:48:22 AM (8 hours ago)
.
Motherboard: Quanta | | 3627
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 79.762 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.127 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: ENE CIR Receiver
Device ID: ACPI\ENE0100\4&2C6106F3&0
Manufacturer: ENE
Name: ENE CIR Receiver
PNP Device ID: ACPI\ENE0100\4&2C6106F3&0
Service: enecir
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Sun Microsystems, Inc.
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: LogMeIn Mirror Driver
Device ID: ROOT\DISPLAY\0000
Manufacturer: LogMeIn, Inc.
Name: LogMeIn Mirror Driver
PNP Device ID: ROOT\DISPLAY\0000
Service: lmimirr
.
Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}
Description: LSI HDA Modem
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C137E&REV_1002\4&19D1A30F&0&0101
Manufacturer: LSI
Name: LSI HDA Modem
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C137E&REV_1002\4&19D1A30F&0&0101
Service: Modem
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2 MUI
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 2010 Advanced
Ashampoo Home Designer1.0.0
Ashampoo Photo Commander 7.60
Ashampoo Snap 3.50
Ashampoo WinOptimizer 6.60
BitTorrent
BitZipper 2010
Canon MF Toolbox 4.9.1.1.mf09
Cobian Backup 10
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
DivX Setup
doubleTwist
Dropbox
erLT
FileZilla Client 3.3.3
Folder Iconizer
Foxit Reader
Foxit Toolbar
Google Chrome
Google Desktop
Google Earth Plug-in
Google Gears
Google Talk Plugin
Google Update Helper
GoToMeeting 4.8.0.723
Homepage Protection
HomePipe Agent
Hotfix for Microsoft Document Explorer 2008 (KB953196)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0154
HP Wireless Assistant
HPAsset component for HP Active Support Library
HTC Driver Installer
IDT Audio
Java Auto Updater
Java™ 6 Update 26
Jing
LabelPrint
LightScribe System Software
Logitech SetPoint
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Microsoft Document Explorer 2008
Microsoft Live Search Toolbar
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Mindjet MindManager 9
Mindjet MindManager Viewer 7
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Octoshape add-in for Adobe Flash Player
Olympus Digital Wave Player
Orca
Palm webOS® Doctor™ Build Sprint.148.194, webOS 1.3.1
Picasa 3
Power2Go
PowerDirector
PowerRecover
Presto! PageManager 7.15.35
QLBCASL
QuickBooks Premier Edition 2009
QuickTime
Reader Library by Sony
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
RoboForm 7-3-2 (All Users)
Secunia PSI (2.0.0.3003)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.3
SlingBoxWatchYourTVAnyWhere
SupportSoft Assisted Service
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2536413)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows SDK Intellidocs
.
==== Event Viewer Messages From Past Week ========
.
6/18/2011 11:55:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/17/2011 9:25:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/17/2011 9:25:01 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/17/2011 3:59:29 PM, Error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
6/17/2011 3:59:29 PM, Error: Service Control Manager [7034] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s).
6/17/2011 3:59:29 PM, Error: Service Control Manager [7034] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s).
6/17/2011 3:59:24 PM, Error: Service Control Manager [7034] - The QuickBooksDB19 service terminated unexpectedly. It has done this 1 time(s).
6/16/2011 7:46:19 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer VANESSA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F65D4F09-7977-459A-9B92-B7A75DF4F7A6}. The master browser is stopping or an election is being forced.
6/16/2011 3:33:08 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.4 with the system having network hardware address 00-03-78-AB-54-D8. Network operations on this system may be disrupted as a result.
6/13/2011 9:15:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
6/13/2011 9:14:49 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi VBoxDrv VBoxUSBMon vwififlt Wanarpv6 WfpLwf
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 7:33:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/12/2011 4:51:00 PM, Error: Service Control Manager [7034] - The IPsec Policy Agent service terminated unexpectedly. It has done this 6 time(s).
6/12/2011 4:43:49 PM, Error: Service Control Manager [7034] - The IPsec Policy Agent service terminated unexpectedly. It has done this 5 time(s).
6/12/2011 4:42:19 PM, Error: Service Control Manager [7034] - The IPsec Policy Agent service terminated unexpectedly. It has done this 4 time(s).
6/12/2011 4:39:30 PM, Error: Service Control Manager [7034] - The IPsec Policy Agent service terminated unexpectedly. It has done this 3 time(s).
6/12/2011 4:38:55 PM, Error: Service Control Manager [7034] - The IPsec Policy Agent service terminated unexpectedly. It has done this 2 time(s).
6/12/2011 10:41:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Trend Micro Unauthorized Change Prevention Service service to connect.
6/12/2011 10:41:37 PM, Error: Service Control Manager [7000] - The Trend Micro Unauthorized Change Prevention Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Attached Files


Edited by hamluis, 25 June 2011 - 01:11 PM.
PM sent.


BC AdBot (Login to Remove)

 


#2 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 25 June 2011 - 11:39 AM

Is there anyone out there who can help me with my google redirect issue? It would be much appreciated!

#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:55 AM

Posted 26 June 2011 - 04:24 PM

Hi fabrod, and welcome to Bleeping Computer.

Firstly,
  • Please launch Malwarebytes' Anti-Malware, click the Update tab, and then Check for Updates.
  • Then choose the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#4 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 26 June 2011 - 05:10 PM

Hi snemelk, thank you so much for your help! below is the results of the malwarebytes scan.. I will be sending the results in a follow-up post as soon as I have the results.


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6955

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

6/26/2011 3:06:04 PM
mbam-log-2011-06-26 (15-06-04).txt

Scan type: Quick scan
Objects scanned: 193500
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\programdata\api-ms-win-core-io-l1-1-032.dll (Trojan.Tracur.Gen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0E61BB30-CEE0-C307-0BAE-8242FBD1814E} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E61BB30-CEE0-C307-0BAE-8242FBD1814E} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E61BB30-CEE0-C307-0BAE-8242FBD1814E} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E61BB30-CEE0-C307-0BAE-8242FBD1814E} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.Gen) -> Bad: (C:\ProgramData\api-ms-win-core-io-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\api-ms-win-core-io-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.

#5 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 26 June 2011 - 06:01 PM

Here's the OTL.txt Log, I will send one more post with the extras.txt log:

OTL logfile created on: 6/26/2011 3:22:23 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Fabian\Desktop\Virus Uninstall Tools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.92% Memory free
7.81 Gb Paging File | 5.96 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 77.13 Gb Free Space | 35.06% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
Drive F: | 3.79 Gb Total Space | 1.92 Gb Free Space | 50.72% Space Free | Partition Type: FAT32

Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/26 15:19:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\Virus Uninstall Tools\OTL.exe
PRC - [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () -- c:\ProgramData\P2PGraph32.exe
PRC - [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () -- C:\ProgramData\dimsroam32.exe
PRC - [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () -- c:\ProgramData\api-ms-win-core-io-l1-1-032.exe
PRC - [2011/06/06 10:33:34 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/18 23:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/12/09 12:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 14:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2009/07/24 18:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008/10/17 16:04:28 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/07/10 00:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 15:19:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\Virus Uninstall Tools\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/08 09:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/06/07 00:08:36 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2010/06/07 00:08:36 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/07/21 18:33:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () [Auto | Running] -- c:\ProgramData\api-ms-win-core-io-l1-1-032.exe -- (CertPropSvc32)
SRV - [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () [Auto | Running] -- c:\ProgramData\P2PGraph32.exe -- (AudioSrv32)
SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/17 16:04:28 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/10 00:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB19)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/17 09:30:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/30 10:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 10:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 10:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/06/07 00:08:36 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/11/30 12:49:04 | 000,146,384 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/08/25 01:43:55 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/21 18:33:00 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 16:16:00 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 17:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 15:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/24 12:00:00 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 09:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 09:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/26 05:13:00 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0F 5E F5 01 CA 12 47 47 8A 82 E3 20 AF FD 17 AD [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 01:53:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/04/25 00:17:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/08 23:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/08 23:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/06/20 12:12:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/25 14:52:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/11 20:12:12 | 000,000,000 | ---D | M]

[2010/08/22 12:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Extensions
[2010/08/22 12:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/17 11:33:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Extensions\propstream@equimine.com
[2011/06/11 17:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions
[2011/05/16 11:15:50 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2011/06/12 16:11:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{55de4b02-ccaa-4029-aa13-257af8f8999a}
[2011/05/16 11:15:50 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/05/16 11:15:50 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/05/16 11:15:50 | 000,000,000 | ---D | M] (New Tab JumpStart) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\jumpstart@mihailo.lalevic
[2011/05/16 11:15:50 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\LogMeInClient@logmein.com
[2011/06/25 14:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/17 17:38:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/15 21:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/06/17 17:38:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/26 14:36:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 01:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/06/09 12:59:43 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 01:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 01:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {01F55E0F-12CA-4747-8A82-E320AFFD17Ad} - File not found
O2 - BHO: (b4974919) - {033CF3A6-8F3D-EC8B-3AAB-3D0B8033D9D8} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {0C5FF919-A899-200B-56C6-EC044E2E08FC} - File not found
O2 - BHO: (b4974919) - {1204DE82-82D3-3A92-2D3F-37F730C82AB8} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {123DAC5F-7D2D-5A56-D252-CC60CB841DF4} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {12ED7CA9-77AB-953E-FC38-1FC825B4FE6B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {14BF1C22-4588-B371-C86A-96CD268DB419} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {168B2B41-0DE1-DFD1-1211-3B7AF97BE7FA} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {190D7E5A-C2B9-3058-CFB0-40A52CA57CE3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {1C987EFC-0209-9348-4C82-31E76A1DBE60} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {2564B548-4C65-FE12-70A5-D48F76ACB549} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {286BA5AA-FC33-EBD3-3E22-CFED944A1421} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {31B51F76-2736-3609-632F-7F685502497E} - File not found
O2 - BHO: (b4974919) - {34D43DD2-1697-6C11-6976-B09036A3B230} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {369C0CB8-B2B8-7EF7-153A-C03DCC7DFEAD} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {48913C52-C82F-83C0-689B-0D82F49C59F9} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {4E86C4D6-59BA-D246-1F99-7C8B28290E54} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {5117E5C7-66E2-4F60-A238-F5B05CACF2F3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {5F237F03-B4DF-076D-96C8-C67CF89AA22F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {616C676B-E2A4-36C6-C1FD-62D4CF5BEC89} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {671A19DD-6141-E723-2F8E-FB842C5E7690} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {6DDA110D-4C9B-66B9-343A-0B5CCA4E8601} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {93B6996A-3CD2-8679-85C7-357A6A0BC6EF} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {94505469-DED4-6D92-A694-2BAD05529B9F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {976EC527-16A3-3665-7AB8-503C4DD0950C} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {99E2FE97-323B-522B-98C4-B244689D8DC0} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {9BF8A0EE-0EDB-FE4D-D501-1AE6699A8730} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {9EE59089-4679-2473-9819-AE93271111CC} - File not found
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (b4974919) - {AE897279-34B4-2833-209F-1934FC5081D7} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {B19C0E78-D427-3313-2D61-CE1E575E9F8A} - File not found
O2 - BHO: (b4974919) - {B50B4782-8F48-C0A8-C38C-A625B685837A} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {B5F00750-52D7-F7AA-0721-649CDF86B17C} - File not found
O2 - BHO: (b4974919) - {B8F09270-2E28-D10C-D67E-4DB8605F6C52} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {C85A9635-CCFE-B341-9B16-3A81441F55D4} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {C9526D6A-711B-543F-C5D2-3C4195DDEFEC} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (b4974919) - {D580EF37-D72B-87BB-29E6-B17625D19715} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {D9ED874A-8271-22F3-C24E-937664C94443} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {DB9ED81D-1B29-1BE4-6D86-3D7E3D6FBD95} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {DD8FA737-6CD6-0596-DD17-93555F80CF7B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (b4974919) - {E652DD9A-1F40-BE2B-D160-D2D0C73C3FC3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {E93A3DED-4698-C03D-AE6E-C378E8DD5E2B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {EF36B0D9-1198-3D78-AE10-FD6F1EF00A7F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {EFA62B57-1FD3-E6C4-3A42-9029BE0D6B25} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {F43907B1-8803-A190-26DF-8AF69D52E506} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (b4974919) - {F67889B1-D48A-5E56-8E5C-48315F45ACE0} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O2 - BHO: (b4974919) - {F8AEE6A0-ABE6-28E0-48ED-2577457D1ED1} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] File not found
O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HomePipeAgentUtility] C:\Program Files (x86)\HomePipe Networks\HomePipe Agent\HomePipe.AgentUtility.exe (HomePipe Networks Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (C:\ProgramData\gpapi32.dll) - File not found
O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-io-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17c7f16d-cfae-11de-96d4-94ef31159b12}\Shell - "" = AutoRun
O33 - MountPoints2\{17c7f16d-cfae-11de-96d4-94ef31159b12}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{48f50b7e-9155-11de-8f83-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48f50b7e-9155-11de-8f83-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MInst.exe
O33 - MountPoints2\{761428bb-4878-11df-aa22-08002700bc3b}\Shell - "" = AutoRun
O33 - MountPoints2\{761428bb-4878-11df-aa22-08002700bc3b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/06/20 12:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/06/20 11:20:23 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Collective Genius
[2011/06/20 11:02:45 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Virus Uninstall Tools
[2011/06/18 23:36:09 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Safe mirror
[2011/06/18 23:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 10
[2011/06/18 23:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2011/06/18 13:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma
[2011/06/18 13:40:38 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\My Books
[2011/06/18 13:40:38 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\kinoma
[2011/06/18 13:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reader
[2011/06/18 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2011/06/18 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Sony Corporation
[2011/06/18 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/06/17 17:41:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/06/17 17:41:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/06/17 17:41:28 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/17 17:41:28 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/17 17:41:28 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/17 17:41:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/17 17:41:28 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/17 17:41:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/17 17:41:28 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/17 17:41:28 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/17 17:41:28 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/17 17:41:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/17 17:41:28 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/06/17 17:41:28 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/17 17:41:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/17 17:41:28 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/17 17:41:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/06/17 17:41:28 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/06/17 17:41:28 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/06/17 17:41:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/17 17:41:28 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/17 17:41:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/17 17:41:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/06/17 17:41:28 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/06/17 17:41:28 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/06/17 17:41:28 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/06/17 17:41:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/17 17:41:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/17 17:41:28 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/06/17 17:41:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/06/17 17:41:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/06/17 17:41:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/06/17 17:41:28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/06/17 17:41:28 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/06/17 17:41:28 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/06/17 17:41:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/06/17 17:41:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/06/17 17:41:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/06/17 17:41:28 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/17 17:41:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/17 17:41:28 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/06/17 17:41:28 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/06/17 17:41:28 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/17 17:41:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/17 17:41:28 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/06/17 17:41:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/06/17 17:41:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/06/17 17:41:28 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/06/17 17:41:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/06/17 17:41:28 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/17 17:41:28 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/06/17 17:41:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/06/17 17:41:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/17 17:41:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/17 17:41:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/06/17 17:41:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/06/17 17:41:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/06/17 17:41:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/06/17 17:41:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/06/17 17:41:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/06/17 17:41:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/17 17:41:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/17 17:41:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/17 17:41:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/06/17 17:41:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/06/17 17:41:28 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/06/17 17:41:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/06/17 17:41:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/06/17 17:41:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/06/17 17:41:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/06/17 17:41:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/06/17 17:41:28 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/06/17 17:41:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/17 17:41:28 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/17 17:41:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/17 17:41:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/06/17 17:41:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/17 17:41:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/17 17:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/17 17:38:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/17 17:38:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/17 17:38:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/17 17:34:50 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/17 17:32:24 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/06/17 17:32:24 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/06/17 17:32:24 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/06/17 17:32:24 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/06/17 17:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/17 17:28:07 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Secunia PSI
[2011/06/17 17:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2011/06/17 16:14:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2011/06/17 16:14:06 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/17 16:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/17 16:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/17 16:14:02 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/17 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/16 14:49:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/06/16 14:49:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/06/16 14:49:16 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/11 20:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/06/11 20:13:32 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011/06/09 20:28:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/09 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/06/09 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2011/06/09 12:48:29 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\DownVision
[2011/06/07 18:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/06/06 16:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/06 16:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/06/06 12:38:29 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Fax
[2011/06/05 17:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/05 17:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/06/05 17:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/06/05 17:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/26 15:20:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 15:20:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/26 15:12:16 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/26 15:11:54 | 000,168,960 | ---- | M] () -- C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
[2011/06/26 15:11:54 | 000,000,105 | ---- | M] () -- C:\Windows\SysWow64\1045040699
[2011/06/26 15:11:53 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\oreuc.job
[2011/06/26 15:11:51 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFabian.job
[2011/06/26 15:11:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/26 15:11:39 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/26 14:57:06 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3203479484-2171436530-25300243-1000Core.job
[2011/06/26 14:55:23 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/06/26 14:55:19 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/06/26 14:51:25 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 14:46:36 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3203479484-2171436530-25300243-1000UA.job
[2011/06/26 14:46:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/26 14:46:16 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\File Helper.job
[2011/06/25 22:14:58 | 000,169,597 | ---- | M] () -- C:\Users\Fabian\Desktop\cindy.zip
[2011/06/25 14:52:26 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/25 10:16:19 | 000,000,107 | ---- | M] () -- C:\ProgramData\14641e4b
[2011/06/19 03:48:50 | 000,450,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/19 03:20:14 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/19 03:20:14 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/19 03:20:14 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/17 17:54:30 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/06/17 17:48:03 | 000,001,437 | ---- | M] () -- C:\Users\Fabian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/17 17:44:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/17 17:41:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/06/17 17:41:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/06/17 17:41:28 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/17 17:41:28 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/17 17:41:28 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/17 17:41:28 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/17 17:41:28 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/17 17:41:28 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/17 17:41:28 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/17 17:41:28 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/17 17:41:28 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/17 17:41:28 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/17 17:41:28 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/06/17 17:41:28 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/17 17:41:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/17 17:41:28 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/17 17:41:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/06/17 17:41:28 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/06/17 17:41:28 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/06/17 17:41:28 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/17 17:41:28 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/17 17:41:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/17 17:41:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/06/17 17:41:28 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/06/17 17:41:28 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/06/17 17:41:28 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/06/17 17:41:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/17 17:41:28 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/17 17:41:28 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/06/17 17:41:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/06/17 17:41:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/06/17 17:41:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/06/17 17:41:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/06/17 17:41:28 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/06/17 17:41:28 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/06/17 17:41:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/06/17 17:41:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/06/17 17:41:28 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/06/17 17:41:28 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/17 17:41:28 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/17 17:41:28 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/06/17 17:41:28 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/06/17 17:41:28 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/17 17:41:28 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/17 17:41:28 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/06/17 17:41:28 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/06/17 17:41:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/06/17 17:41:28 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/06/17 17:41:28 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/06/17 17:41:28 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/17 17:41:28 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/06/17 17:41:28 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/06/17 17:41:28 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/17 17:41:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/17 17:41:28 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/06/17 17:41:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/06/17 17:41:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/06/17 17:41:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/06/17 17:41:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/06/17 17:41:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/06/17 17:41:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/17 17:41:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/17 17:41:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/17 17:41:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/17 17:41:28 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/17 17:41:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/06/17 17:41:28 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/06/17 17:41:28 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/06/17 17:41:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/06/17 17:41:28 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/06/17 17:41:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/06/17 17:41:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/06/17 17:41:28 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/06/17 17:41:28 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/06/17 17:41:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/17 17:41:28 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/17 17:41:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/17 17:41:28 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/06/17 17:41:28 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/17 17:41:28 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/17 17:40:57 | 000,001,254 | ---- | M] () -- C:\Users\Fabian\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/06/17 17:38:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/17 17:38:06 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/17 17:38:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/17 17:38:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/17 17:32:18 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/06/17 17:32:18 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/06/17 17:32:18 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/06/17 17:32:18 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/06/17 17:27:59 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/17 12:43:08 | 571,855,290 | ---- | M] () -- C:\Users\Fabian\Desktop\ST2011.exe
[2011/06/12 22:17:12 | 000,005,828 | ---- | M] () -- C:\Users\Fabian\Desktop\Default_EXE.reg
[2011/06/11 20:12:20 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2011/06/11 19:48:12 | 000,296,522 | ---- | M] () -- C:\Users\Fabian\Desktop\Adobe.Acrobat.9.0.0.Pro.Extended-Patch_CiM.zip
[2011/06/11 19:43:35 | 000,151,552 | RHS- | M] () -- C:\Windows\SysWow64\chkdsk5.dll
[2011/06/09 20:28:45 | 000,785,920 | ---- | M] () -- C:\ProgramData\P2PGraph32.exe
[2011/06/09 20:28:45 | 000,785,920 | ---- | M] () -- C:\ProgramData\dimsroam32.exe
[2011/06/09 20:28:45 | 000,785,920 | ---- | M] () -- C:\ProgramData\api-ms-win-core-io-l1-1-032.exe
[2011/06/07 18:07:03 | 000,072,080 | ---- | M] () -- C:\Users\Fabian\g2mdlhlpx.exe
[2011/06/06 13:00:12 | 002,036,456 | R--- | M] () -- C:\Users\Fabian\Desktop\360M HSP v1-11.pdf
[2011/06/04 10:58:17 | 007,862,232 | ---- | M] (Siber Systems) -- C:\Users\Fabian\Desktop\RoboForm-Everywhere-Setup.exe
[2011/05/29 14:34:10 | 000,001,001 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/26 15:11:54 | 000,168,960 | ---- | C] () -- C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
[2011/06/26 14:51:25 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 22:14:57 | 000,169,597 | ---- | C] () -- C:\Users\Fabian\Desktop\cindy.zip
[2011/06/25 14:52:26 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/25 14:52:26 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/17 17:41:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/17 17:41:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/17 17:40:57 | 000,001,254 | ---- | C] () -- C:\Users\Fabian\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/06/17 17:40:57 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/06/17 17:27:59 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/17 17:27:59 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/06/17 11:21:18 | 571,855,290 | ---- | C] () -- C:\Users\Fabian\Desktop\ST2011.exe
[2011/06/12 22:17:11 | 000,005,828 | ---- | C] () -- C:\Users\Fabian\Desktop\Default_EXE.reg
[2011/06/12 19:39:35 | 000,785,920 | ---- | C] () -- C:\ProgramData\P2PGraph32.exe
[2011/06/12 18:56:30 | 000,000,107 | ---- | C] () -- C:\ProgramData\14641e4b
[2011/06/12 18:24:42 | 000,785,920 | ---- | C] () -- C:\ProgramData\dimsroam32.exe
[2011/06/12 18:24:41 | 000,000,105 | ---- | C] () -- C:\Windows\SysWow64\1045040699
[2011/06/12 16:56:45 | 000,785,920 | ---- | C] () -- C:\ProgramData\api-ms-win-core-io-l1-1-032.exe
[2011/06/11 20:12:20 | 000,002,272 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 3D Reviewer.lnk
[2011/06/11 20:12:20 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2011/06/11 20:12:19 | 000,002,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2011/06/11 20:12:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk
[2011/06/11 20:12:13 | 000,002,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011/06/11 19:49:32 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFabian.job
[2011/06/11 19:48:10 | 000,296,522 | ---- | C] () -- C:\Users\Fabian\Desktop\Adobe.Acrobat.9.0.0.Pro.Extended-Patch_CiM.zip
[2011/06/11 19:43:36 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\oreuc.job
[2011/06/11 19:43:35 | 000,151,552 | RHS- | C] () -- C:\Windows\SysWow64\chkdsk5.dll
[2011/06/06 13:00:04 | 002,036,456 | R--- | C] () -- C:\Users\Fabian\Desktop\360M HSP v1-11.pdf
[2011/05/25 14:42:06 | 000,119,702 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpSTOPFORECLOSURECALI PIC.0
[2011/05/25 14:42:06 | 000,105,692 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpSTOPFORECLOSURECALI PIC.JPG
[2011/05/10 18:11:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~41737976r
[2011/05/10 18:11:19 | 000,000,104 | ---- | C] () -- C:\ProgramData\~41737976
[2011/05/10 18:11:07 | 000,000,344 | ---- | C] () -- C:\ProgramData\41737976
[2011/05/10 18:03:42 | 000,000,120 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Mlupanerul.dat
[2011/05/10 18:03:42 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Mkozedesuv.bin
[2011/02/14 16:07:09 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2011/01/19 16:13:56 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/01/17 00:07:21 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/23 11:00:29 | 000,113,127 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmp2010-08-12_15-47-03_532.JPG
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/24 18:06:38 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/28 18:50:55 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/02/05 19:35:27 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/01/27 20:23:40 | 000,002,580 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\wklnhst.dat
[2009/12/24 17:31:00 | 000,003,584 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 15:56:23 | 000,649,194 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.3
[2009/12/19 15:56:22 | 000,632,024 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.2
[2009/12/19 15:56:21 | 000,641,078 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.1
[2009/12/19 15:56:19 | 001,484,654 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.JPG
[2009/12/19 15:56:19 | 001,484,654 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.0
[2009/11/29 00:45:22 | 000,040,634 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpAGENT AND PROPERTY INFO.JPG
[2009/10/26 22:27:11 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2009/10/26 22:27:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2009/10/25 20:01:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/25 17:03:52 | 000,037,845 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/08/08 23:54:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/15 08:20:54 | 000,355,432 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 12:14:00 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/12/05 20:53:03 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/06/26 15:11:39 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/06/26 15:11:43 | 4193,452,032 | -HS- | M] () -- C:\pagefile.sys
[2011/06/17 16:00:28 | 000,000,541 | ---- | M] () -- C:\rkill.log
[2011/06/17 16:10:15 | 000,064,588 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_17.06.2011_16.08.48_log.txt
[2011/06/17 18:39:46 | 000,064,830 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_17.06.2011_18.38.25_log.txt
[2011/06/25 10:56:25 | 000,064,830 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_25.06.2011_10.55.01_log.txt
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

#6 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 26 June 2011 - 06:04 PM

Here is the Extras.txt log



OTL Extras logfile created on: 6/26/2011 3:22:24 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Fabian\Desktop\Virus Uninstall Tools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.92% Memory free
7.81 Gb Paging File | 5.96 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 77.13 Gb Free Space | 35.06% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
Drive F: | 3.79 Gb Total Space | 1.92 Gb Free Space | 50.72% Space Free | Partition Type: FAT32

Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0874D757-6DE9-31B9-BA0B-2299F3A144C0}" = Microsoft Windows SDK .NET Framework Tools (40715)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{361A49FA-59B3-49FB-8C3E-08AF3EA5791A}" = Application Verifier (x64)
"{3C42502E-F258-3199-9C91-5A5A1FC97A40}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier and Windows Debugging Tools (40715)
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5BE226B3-1722-4fd0-9E39-997712B68F67}" = Canon MF8000 Series
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64D7179D-0240-3006-BB73-04DA18C03E14}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
"{698DEE97-5A35-3C60-960F-9FB9C58F4A3B}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro AntiVirus
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{E541ACEE-CA65-4E67-915B-C11710AC61AB}" = Sun VirtualBox
"{E6459059-B943-4770-9EE4-180F70B765F4}" = Canon D460-490
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CutePDF Writer Installation" = CutePDF Writer 2.8
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HDMI" = Intel® Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PDF-XChange 3_is1" = PDF-XChange 3
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{039694F1-2108-4B3E-8575-85C245210F94}" = Orca
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{130FA2D4-E5B3-4BA8-9C4A-70B615655319}" = Jing
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4313E16C-811B-469F-8815-6EB98085F8B2}" = SlingBoxWatchYourTVAnyWhere
"{43C6B92E-1662-42E3-8186-95D5C6850C8A}" = HomePipe Agent
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{46552BC3-52B6-404c-9B42-CE536AB719FD}_is1" = Ashampoo Home Designer1.0.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E55813F-2FA3-47E8-9AF9-31DC0B4AE3ED}" = Mindjet MindManager Viewer 7
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90756E9C-97E4-4405-A85F-1734804990DD}" = Mindjet MindManager 9
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3624-4E86-9072-973FBE1679C5}" = QuickBooks Premier Edition 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CF0EDB56-BBF6-3C9F-9C50-2E3B3D444641}" = Google Talk Plugin
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.35
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DBDAD850-F8CD-45DA-8077-44368A1F959F}" = HP Support Assistant
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = RoboForm 7-3-2 (All Users)
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Ask Toolbar_is1" = Foxit Toolbar
"BitTorrent" = BitTorrent
"BitZipper_is1" = BitZipper 2010
"CobBackup10" = Cobian Backup 10
"DivX Setup.divx.com" = DivX Setup
"doubleTwist" = doubleTwist
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.3
"Folder Iconizer" = Folder Iconizer
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Homepage Protection" = Homepage Protection
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB)
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.8.0.723
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Palm webOS® Doctor™ Build Sprint.148.194, webOS 1.3.1" = Palm webOS® Doctor™ Build Sprint.148.194, webOS 1.3.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2011 5:45:58 PM | Computer Name = Fabian-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/11/2011 8:50:19 PM | Computer Name = Fabian-PC | Source = MsiInstaller | ID = 11001
Description =

Error - 6/11/2011 8:51:01 PM | Computer Name = Fabian-PC | Source = MsiInstaller | ID = 11001
Description =

Error - 6/11/2011 10:50:33 PM | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Zwagya.exe, version: 0.0.0.0, time stamp:
0x4df227f5 Faulting module name: icuuc36.dll, version: 3.6.0.0, time stamp: 0x470efe15
Exception
code: 0xc0000005 Fault offset: 0x00001f94 Faulting process id: 0x13e0 Faulting application
start time: 0x01cc28aa889790d4 Faulting application path: C:\Windows\Zwagya.exe Faulting
module path: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icuuc36.dll Report Id:
bdaf35fc-949e-11e0-9877-e96c89cc1d62

Error - 6/11/2011 10:59:31 PM | Computer Name = Fabian-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/11/2011 11:48:50 PM | Computer Name = Fabian-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/12/2011 4:40:35 AM | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Zv1.exe, version: 0.0.0.0, time stamp:
0x4dda267d Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdbdf Exception code: 0xc0000005 Fault offset: 0x00034c7a Faulting process id:
0x1dbc Faulting application start time: 0x01cc28dc39254e11 Faulting application path:
C:\Users\Fabian\AppData\Local\Temp\Zv1.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: a39c16a8-94cf-11e0-9877-e96c89cc1d62

Error - 6/12/2011 6:34:50 PM | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Acrobat.exe, version: 9.0.0.332, time stamp:
0x4850eb76 Faulting module name: adobe_eula.dll_unloaded, version: 0.0.0.0, time
stamp: 0x48239def Exception code: 0xc0000005 Fault offset: 0x02a18d3c Faulting process
id: 0x1488 Faulting application start time: 0x01cc28b0a65a4837 Faulting application
path: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe Faulting module
path: adobe_eula.dll Report Id: 2ebc507a-9544-11e0-9877-e96c89cc1d62

Error - 6/12/2011 6:34:58 PM | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Acrobat.exe, version: 9.0.0.332, time stamp:
0x4850eb76 Faulting module name: adobe_eula.dll_unloaded, version: 0.0.0.0, time
stamp: 0x48239def Exception code: 0xc0000005 Fault offset: 0x029e7bb4 Faulting process
id: 0x1488 Faulting application start time: 0x01cc28b0a65a4837 Faulting application
path: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe Faulting module
path: adobe_eula.dll Report Id: 33a7ffdc-9544-11e0-9877-e96c89cc1d62

Error - 6/12/2011 6:36:14 PM | Computer Name = Fabian-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Hewlett-Packard Events ]
Error - 3/10/2011 1:54:26 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/17/2011 2:10:46 AM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/7/2011 10:09:02 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/14/2011 10:24:58 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/14/2011 10:24:59 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/16/2011 2:30:54 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/16/2011 2:30:55 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/16/2011 2:48:12 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/16/2011 2:48:13 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/21/2011 10:20:59 PM | Computer Name = Fabian-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ OSession Events ]
Error - 12/12/2009 4:58:25 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 138195
seconds with 6420 seconds of active time. This session ended with a crash.

Error - 1/13/2010 3:28:09 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 132528
seconds with 11220 seconds of active time. This session ended with a crash.

Error - 1/13/2010 3:41:50 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 801
seconds with 780 seconds of active time. This session ended with a crash.

Error - 1/21/2010 4:05:58 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 229
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/25/2010 2:32:34 PM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8232
seconds with 120 seconds of active time. This session ended with a crash.

Error - 4/9/2010 11:55:42 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/23/2010 1:35:53 PM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12631
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/2/2010 10:53:46 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51648
seconds with 720 seconds of active time. This session ended with a crash.

Error - 2/3/2011 12:08:29 AM | Computer Name = Fabian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 615010
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/17/2011 6:59:24 PM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7034
Description = The QuickBooksDB19 service terminated unexpectedly. It has done this
1 time(s).

Error - 6/17/2011 6:59:29 PM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Audio service terminated unexpectedly. It has done this
1 time(s).

Error - 6/17/2011 6:59:29 PM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7034
Description = The Certificate Propagation service terminated unexpectedly. It
has done this 1 time(s).

Error - 6/17/2011 6:59:29 PM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7034
Description = The SSDP Discovery service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/18/2011 2:55:09 PM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 6/18/2011 2:55:10 PM | Computer Name = Fabian-PC | Source = DCOM | ID = 10010
Description =

Error - 6/24/2011 8:46:47 PM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 6/25/2011 8:18:51 PM | Computer Name = Fabian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:17:03 PM on ?6/?25/?2011 was unexpected.

Error - 6/25/2011 8:23:15 PM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 6/25/2011 8:25:19 PM | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >

#7 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:55 AM

Posted 27 June 2011 - 06:52 AM

Hi again fabrod and thanks for the logs!!.. :)

Firstly,
Well, looks like your computer is quite heavily infected - multiple infections are visible in the logs you've posted... I've got concerns when it comes to the Adobe Acrobat Pro installed - is it an original program??.. As it can be seen in the logs, computer got infected right before, and a while after installing that program (presumably from an unknown source)...

[2011/06/11 19:48:10 | 000,296,522 | ---- | C] () -- C:\Users\Fabian\Desktop\Adobe.Acrobat.9.0.0.Pro.Extended-Patch_CiM.zip
[2011/06/11 19:43:36 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\oreuc.job
[2011/06/11 19:43:35 | 000,151,552 | RHS- | C] () -- C:\Windows\SysWow64\chkdsk5.dll

So, if this Adobe Acrobat Pro product is not original, I highly recommend you uninstall it, as I cannot guarantee a successful cleaning if such a pirated software is still installed...

Secondly,
You've got a Foxit Toolbar (aka Ask Toolbar) installed... It's a legitimate product but not recommended - it has a questionable reputation - more to read here: Products with Ask Toolbar I suggest you remove it (the Foxit program will work without it), use: Start -> Control Panel -> Programs and Features

Also, you've got this Add-on installed: AddThis - it collects both personal and anonymous information to provide services and advertising, see here: AddThis... I suggest you remove that Add-on (use Tools --> Add-Ons from Firefox), your choice...

Thirdly, (please note that I remove some LogMeIn program leftovers, as that programs seems to be no longer installed on this computer)
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    SRV - [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () [Auto | Running] -- c:\ProgramData\api-ms-win-core-io-l1-1-032.exe -- (CertPropSvc32)
    SRV - [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () [Auto | Running] -- c:\ProgramData\P2PGraph32.exe -- (AudioSrv32)
    DRV:64bit: - [2010/12/17 09:30:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    [2011/06/12 16:11:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{55de4b02-ccaa-4029-aa13-257af8f8999a}
    [2011/05/16 11:15:50 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\LogMeInClient@logmein.com
    O2 - BHO: (no name) - {01F55E0F-12CA-4747-8A82-E320AFFD17Ad} - File not found
    O2 - BHO: (b4974919) - {033CF3A6-8F3D-EC8B-3AAB-3D0B8033D9D8} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {0C5FF919-A899-200B-56C6-EC044E2E08FC} - File not found
    O2 - BHO: (b4974919) - {1204DE82-82D3-3A92-2D3F-37F730C82AB8} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {123DAC5F-7D2D-5A56-D252-CC60CB841DF4} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {12ED7CA9-77AB-953E-FC38-1FC825B4FE6B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {14BF1C22-4588-B371-C86A-96CD268DB419} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {168B2B41-0DE1-DFD1-1211-3B7AF97BE7FA} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {190D7E5A-C2B9-3058-CFB0-40A52CA57CE3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {1C987EFC-0209-9348-4C82-31E76A1DBE60} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {2564B548-4C65-FE12-70A5-D48F76ACB549} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {286BA5AA-FC33-EBD3-3E22-CFED944A1421} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {31B51F76-2736-3609-632F-7F685502497E} - File not found
    O2 - BHO: (b4974919) - {34D43DD2-1697-6C11-6976-B09036A3B230} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {369C0CB8-B2B8-7EF7-153A-C03DCC7DFEAD} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {48913C52-C82F-83C0-689B-0D82F49C59F9} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {4E86C4D6-59BA-D246-1F99-7C8B28290E54} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {5117E5C7-66E2-4F60-A238-F5B05CACF2F3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {5F237F03-B4DF-076D-96C8-C67CF89AA22F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {616C676B-E2A4-36C6-C1FD-62D4CF5BEC89} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {671A19DD-6141-E723-2F8E-FB842C5E7690} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {6DDA110D-4C9B-66B9-343A-0B5CCA4E8601} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {93B6996A-3CD2-8679-85C7-357A6A0BC6EF} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {94505469-DED4-6D92-A694-2BAD05529B9F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {976EC527-16A3-3665-7AB8-503C4DD0950C} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {99E2FE97-323B-522B-98C4-B244689D8DC0} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {9BF8A0EE-0EDB-FE4D-D501-1AE6699A8730} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {9EE59089-4679-2473-9819-AE93271111CC} - File not found
    O2 - BHO: (b4974919) - {AE897279-34B4-2833-209F-1934FC5081D7} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {B19C0E78-D427-3313-2D61-CE1E575E9F8A} - File not found
    O2 - BHO: (b4974919) - {B50B4782-8F48-C0A8-C38C-A625B685837A} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {B5F00750-52D7-F7AA-0721-649CDF86B17C} - File not found
    O2 - BHO: (b4974919) - {B8F09270-2E28-D10C-D67E-4DB8605F6C52} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {C85A9635-CCFE-B341-9B16-3A81441F55D4} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {C9526D6A-711B-543F-C5D2-3C4195DDEFEC} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {D580EF37-D72B-87BB-29E6-B17625D19715} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {D9ED874A-8271-22F3-C24E-937664C94443} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {DB9ED81D-1B29-1BE4-6D86-3D7E3D6FBD95} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {DD8FA737-6CD6-0596-DD17-93555F80CF7B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {E652DD9A-1F40-BE2B-D160-D2D0C73C3FC3} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {E93A3DED-4698-C03D-AE6E-C378E8DD5E2B} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {EF36B0D9-1198-3D78-AE10-FD6F1EF00A7F} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {EFA62B57-1FD3-E6C4-3A42-9029BE0D6B25} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {F43907B1-8803-A190-26DF-8AF69D52E506} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {F67889B1-D48A-5E56-8E5C-48315F45ACE0} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O2 - BHO: (b4974919) - {F8AEE6A0-ABE6-28E0-48ED-2577457D1ED1} - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [msnmsgr] File not found
    O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O20 - AppInit_DLLs: (C:\ProgramData\gpapi32.dll) - File not found
    O20 - AppInit_DLLs: (C:\ProgramData\api-ms-win-core-io-l1-1-032.dll) - C:\ProgramData\api-ms-win-core-io-l1-1-032.dll ()
    [2011/06/26 15:11:54 | 000,168,960 | ---- | M] () -- C:\ProgramData\api-ms-win-core-io-l1-1-032.dll
    [2011/06/26 15:11:54 | 000,000,105 | ---- | M] () -- C:\Windows\SysWow64\1045040699
    [2011/06/26 15:11:53 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\oreuc.job
    [2011/06/25 10:16:19 | 000,000,107 | ---- | M] () -- C:\ProgramData\14641e4b
    [2011/06/11 19:43:35 | 000,151,552 | RHS- | M] () -- C:\Windows\SysWow64\chkdsk5.dll
    [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () -- C:\ProgramData\P2PGraph32.exe
    [2011/06/09 20:28:45 | 000,785,920 | ---- | M] () -- C:\ProgramData\dimsroam32.exe
    [2011/05/10 18:11:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\~41737976r
    [2011/05/10 18:11:19 | 000,000,104 | ---- | C] () -- C:\ProgramData\~41737976
    [2011/05/10 18:11:07 | 000,000,344 | ---- | C] () -- C:\ProgramData\41737976
    [2011/05/10 18:03:42 | 000,000,120 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Mlupanerul.dat
    [2011/05/10 18:03:42 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Mkozedesuv.bin
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Finally,
Then, after a reboot,
Right click this folder: c:\_OTL and choose: "Send to" --> "Compressed (zipped) Folder".
Upload that zipped folder for analysis: go to this site, click on Browse, and choose the zipped file, click Upload. Allow the file to be uploaded - wait till: The file has been uploaded! appears.
(note: let me know if the file is too big - I'll ask you to upload it with a different method...

Logs to post in your next reply:
- an OTL fix logfile...
- a fresh OTL.txt log - run OTL.exe, click Run Scan, only OTL.txt report will be generated - post it in your next reply...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#8 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 27 June 2011 - 11:44 AM

OTL fix log file below: will send new OTL log in follow up post


All processes killed
========== OTL ==========
Error: Unable to stop service CertPropSvc32!
Service CertPropSvc32 deleted successfully!
c:\ProgramData\api-ms-win-core-io-l1-1-032.exe moved successfully.
Error: Unable to stop service AudioSrv32!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv32 deleted successfully.
c:\ProgramData\P2PGraph32.exe moved successfully.
Service LMIRfsClientNP stopped successfully!
Service LMIRfsClientNP deleted successfully!
C:\Windows\SysNative\LMIRfsClientNP.dll moved successfully.
C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{55de4b02-ccaa-4029-aa13-257af8f8999a}\defaults\preferences folder moved successfully.
C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{55de4b02-ccaa-4029-aa13-257af8f8999a}\defaults folder moved successfully.
C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{55de4b02-ccaa-4029-aa13-257af8f8999a}\chrome folder moved successfully.
C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{55de4b02-ccaa-4029-aa13-257af8f8999a} folder moved successfully.
C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\LogMeInClient@logmein.com\plugins folder moved successfully.
C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\LogMeInClient@logmein.com\META-INF folder moved successfully.
C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\LogMeInClient@logmein.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F55E0F-12CA-4747-8A82-E320AFFD17Ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01F55E0F-12CA-4747-8A82-E320AFFD17Ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{033CF3A6-8F3D-EC8B-3AAB-3D0B8033D9D8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{033CF3A6-8F3D-EC8B-3AAB-3D0B8033D9D8}\ deleted successfully.
C:\ProgramData\api-ms-win-core-io-l1-1-032.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C5FF919-A899-200B-56C6-EC044E2E08FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C5FF919-A899-200B-56C6-EC044E2E08FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1204DE82-82D3-3A92-2D3F-37F730C82AB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1204DE82-82D3-3A92-2D3F-37F730C82AB8}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{123DAC5F-7D2D-5A56-D252-CC60CB841DF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123DAC5F-7D2D-5A56-D252-CC60CB841DF4}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12ED7CA9-77AB-953E-FC38-1FC825B4FE6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12ED7CA9-77AB-953E-FC38-1FC825B4FE6B}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14BF1C22-4588-B371-C86A-96CD268DB419}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14BF1C22-4588-B371-C86A-96CD268DB419}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{168B2B41-0DE1-DFD1-1211-3B7AF97BE7FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{168B2B41-0DE1-DFD1-1211-3B7AF97BE7FA}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{190D7E5A-C2B9-3058-CFB0-40A52CA57CE3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{190D7E5A-C2B9-3058-CFB0-40A52CA57CE3}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C987EFC-0209-9348-4C82-31E76A1DBE60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C987EFC-0209-9348-4C82-31E76A1DBE60}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2564B548-4C65-FE12-70A5-D48F76ACB549}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2564B548-4C65-FE12-70A5-D48F76ACB549}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{286BA5AA-FC33-EBD3-3E22-CFED944A1421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{286BA5AA-FC33-EBD3-3E22-CFED944A1421}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31B51F76-2736-3609-632F-7F685502497E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31B51F76-2736-3609-632F-7F685502497E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34D43DD2-1697-6C11-6976-B09036A3B230}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34D43DD2-1697-6C11-6976-B09036A3B230}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{369C0CB8-B2B8-7EF7-153A-C03DCC7DFEAD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{369C0CB8-B2B8-7EF7-153A-C03DCC7DFEAD}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48913C52-C82F-83C0-689B-0D82F49C59F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48913C52-C82F-83C0-689B-0D82F49C59F9}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E86C4D6-59BA-D246-1F99-7C8B28290E54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E86C4D6-59BA-D246-1F99-7C8B28290E54}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5117E5C7-66E2-4F60-A238-F5B05CACF2F3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5117E5C7-66E2-4F60-A238-F5B05CACF2F3}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F237F03-B4DF-076D-96C8-C67CF89AA22F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F237F03-B4DF-076D-96C8-C67CF89AA22F}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{616C676B-E2A4-36C6-C1FD-62D4CF5BEC89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616C676B-E2A4-36C6-C1FD-62D4CF5BEC89}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{671A19DD-6141-E723-2F8E-FB842C5E7690}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{671A19DD-6141-E723-2F8E-FB842C5E7690}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DDA110D-4C9B-66B9-343A-0B5CCA4E8601}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DDA110D-4C9B-66B9-343A-0B5CCA4E8601}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93B6996A-3CD2-8679-85C7-357A6A0BC6EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93B6996A-3CD2-8679-85C7-357A6A0BC6EF}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94505469-DED4-6D92-A694-2BAD05529B9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94505469-DED4-6D92-A694-2BAD05529B9F}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{976EC527-16A3-3665-7AB8-503C4DD0950C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{976EC527-16A3-3665-7AB8-503C4DD0950C}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99E2FE97-323B-522B-98C4-B244689D8DC0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99E2FE97-323B-522B-98C4-B244689D8DC0}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9BF8A0EE-0EDB-FE4D-D501-1AE6699A8730}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BF8A0EE-0EDB-FE4D-D501-1AE6699A8730}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EE59089-4679-2473-9819-AE93271111CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EE59089-4679-2473-9819-AE93271111CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE897279-34B4-2833-209F-1934FC5081D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE897279-34B4-2833-209F-1934FC5081D7}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B19C0E78-D427-3313-2D61-CE1E575E9F8A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B19C0E78-D427-3313-2D61-CE1E575E9F8A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B50B4782-8F48-C0A8-C38C-A625B685837A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B50B4782-8F48-C0A8-C38C-A625B685837A}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5F00750-52D7-F7AA-0721-649CDF86B17C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5F00750-52D7-F7AA-0721-649CDF86B17C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8F09270-2E28-D10C-D67E-4DB8605F6C52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8F09270-2E28-D10C-D67E-4DB8605F6C52}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C85A9635-CCFE-B341-9B16-3A81441F55D4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C85A9635-CCFE-B341-9B16-3A81441F55D4}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9526D6A-711B-543F-C5D2-3C4195DDEFEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9526D6A-711B-543F-C5D2-3C4195DDEFEC}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D580EF37-D72B-87BB-29E6-B17625D19715}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D580EF37-D72B-87BB-29E6-B17625D19715}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D9ED874A-8271-22F3-C24E-937664C94443}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9ED874A-8271-22F3-C24E-937664C94443}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB9ED81D-1B29-1BE4-6D86-3D7E3D6FBD95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB9ED81D-1B29-1BE4-6D86-3D7E3D6FBD95}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD8FA737-6CD6-0596-DD17-93555F80CF7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD8FA737-6CD6-0596-DD17-93555F80CF7B}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E652DD9A-1F40-BE2B-D160-D2D0C73C3FC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E652DD9A-1F40-BE2B-D160-D2D0C73C3FC3}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E93A3DED-4698-C03D-AE6E-C378E8DD5E2B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E93A3DED-4698-C03D-AE6E-C378E8DD5E2B}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF36B0D9-1198-3D78-AE10-FD6F1EF00A7F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF36B0D9-1198-3D78-AE10-FD6F1EF00A7F}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFA62B57-1FD3-E6C4-3A42-9029BE0D6B25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFA62B57-1FD3-E6C4-3A42-9029BE0D6B25}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F43907B1-8803-A190-26DF-8AF69D52E506}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F43907B1-8803-A190-26DF-8AF69D52E506}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F67889B1-D48A-5E56-8E5C-48315F45ACE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F67889B1-D48A-5E56-8E5C-48315F45ACE0}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8AEE6A0-ABE6-28E0-48ED-2577457D1ED1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8AEE6A0-ABE6-28E0-48ED-2577457D1ED1}\ deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogMeIn GUI deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2F72393D-2472-4F82-B600-ED77F354B7FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F72393D-2472-4F82-B600-ED77F354B7FF}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\gpapi32.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\ProgramData\api-ms-win-core-io-l1-1-032.dll deleted successfully.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
File C:\ProgramData\api-ms-win-core-io-l1-1-032.dll not found.
C:\Windows\SysWOW64\1045040699 moved successfully.
C:\Windows\Tasks\oreuc.job moved successfully.
C:\ProgramData\14641e4b moved successfully.
C:\Windows\SysWOW64\chkdsk5.dll moved successfully.
File C:\ProgramData\P2PGraph32.exe not found.
C:\ProgramData\dimsroam32.exe moved successfully.
C:\ProgramData\~41737976r moved successfully.
C:\ProgramData\~41737976 moved successfully.
C:\ProgramData\41737976 moved successfully.
C:\Users\Fabian\AppData\Local\Mlupanerul.dat moved successfully.
C:\Users\Fabian\AppData\Local\Mkozedesuv.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Fabian
->Temp folder emptied: 1979571966 bytes
->Temporary Internet Files folder emptied: 773096376 bytes
->Java cache emptied: 290960236 bytes
->FireFox cache emptied: 279851583 bytes
->Google Chrome cache emptied: 22465292 bytes
->Flash cache emptied: 1176329 bytes

User: Public

User: QBDataServiceUser19
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 508928 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 87337136 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 86639556 bytes

Total Files Cleaned = 3,359.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Fabian
->Flash cache emptied: 0 bytes

User: Public

User: QBDataServiceUser19

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06272011_090103

Files\Folders moved on Reboot...
C:\Users\Fabian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Fabian\AppData\Local\Temp\~DF560AFEABE3E993A3.TMP not found!

Registry entries deleted on Reboot...

#9 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 27 June 2011 - 11:51 AM

Newest OTL.txt file with my scan.. Once again thank you very much snemelk for taking the time to go through my mess :thumbsup:

OTL logfile created on: 6/27/2011 9:45:19 AM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Fabian\Desktop\Virus Uninstall Tools
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 51.82% Memory free
7.81 Gb Paging File | 5.52 Gb Available in Paging File | 70.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 82.37 Gb Free Space | 37.45% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
Drive F: | 3.79 Gb Total Space | 1.92 Gb Free Space | 50.72% Space Free | Partition Type: FAT32

Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/26 15:19:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\Virus Uninstall Tools\OTL.exe
PRC - [2011/06/15 21:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 10:33:34 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011/05/25 13:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/26 15:06:06 | 000,161,336 | ---- | M] (Google) -- C:\Users\Fabian\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/18 23:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/12/09 12:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 14:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2009/07/24 18:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2008/10/17 16:04:28 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/07/10 00:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 15:19:30 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\Virus Uninstall Tools\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/08 09:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2010/06/07 00:08:36 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2010/06/07 00:08:36 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/07/21 18:33:00 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/02 14:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/09/23 09:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/17 16:04:28 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 22:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/10 00:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe -- (QuickBooksDB19)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/30 10:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 10:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 10:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/06/07 00:08:36 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/11/30 12:49:04 | 000,146,384 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/08/25 01:43:55 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/21 18:33:00 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 16:16:00 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 17:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 15:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/24 12:00:00 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/17 09:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 09:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/26 05:13:00 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 0F 5E F5 01 CA 12 47 47 8A 82 E3 20 AF FD 17 AD [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 01:53:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/04/25 00:17:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/01/08 23:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/01/08 23:30:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/06/20 12:12:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/25 14:52:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/27 08:53:53 | 000,000,000 | ---D | M]

[2010/08/22 12:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Extensions
[2010/08/22 12:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/17 11:33:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Extensions\propstream@equimine.com
[2011/06/27 09:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions
[2011/05/16 11:15:50 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/05/16 11:15:50 | 000,000,000 | ---D | M] (New Tab JumpStart) -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\jumpstart@mihailo.lalevic
[2011/06/25 14:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/17 17:38:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/06/15 21:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/06/17 17:38:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/26 14:36:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/01 01:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/06/09 12:59:43 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 01:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 01:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (b4974919) - {FE889CAC-AA9D-45F1-8213-B92768F68D71} - File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HomePipeAgentUtility] C:\Program Files (x86)\HomePipe Networks\HomePipe Agent\HomePipe.AgentUtility.exe (HomePipe Networks Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fabian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\google\google~2\go36f4~1.dll) - c:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{17c7f16d-cfae-11de-96d4-94ef31159b12}\Shell - "" = AutoRun
O33 - MountPoints2\{17c7f16d-cfae-11de-96d4-94ef31159b12}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{48f50b7e-9155-11de-8f83-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{48f50b7e-9155-11de-8f83-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MInst.exe
O33 - MountPoints2\{761428bb-4878-11df-aa22-08002700bc3b}\Shell - "" = AutoRun
O33 - MountPoints2\{761428bb-4878-11df-aa22-08002700bc3b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/27 09:01:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/27 08:53:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/20 12:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2011/06/20 11:20:23 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Collective Genius
[2011/06/20 11:02:45 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Virus Uninstall Tools
[2011/06/18 23:36:09 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Safe mirror
[2011/06/18 23:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 10
[2011/06/18 23:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2011/06/18 13:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma
[2011/06/18 13:40:38 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\My Books
[2011/06/18 13:40:38 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\kinoma
[2011/06/18 13:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reader
[2011/06/18 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2011/06/18 13:39:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Sony Corporation
[2011/06/18 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/06/17 17:41:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/06/17 17:41:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/06/17 17:41:28 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/17 17:41:28 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/17 17:41:28 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/17 17:41:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/17 17:41:28 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/17 17:41:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/17 17:41:28 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/17 17:41:28 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/17 17:41:28 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/17 17:41:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/17 17:41:28 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/06/17 17:41:28 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/17 17:41:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/17 17:41:28 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/17 17:41:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/06/17 17:41:28 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/06/17 17:41:28 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/06/17 17:41:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/17 17:41:28 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/17 17:41:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/17 17:41:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/06/17 17:41:28 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/06/17 17:41:28 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/06/17 17:41:28 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/06/17 17:41:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/17 17:41:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/17 17:41:28 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/06/17 17:41:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/06/17 17:41:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/06/17 17:41:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/06/17 17:41:28 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/06/17 17:41:28 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/06/17 17:41:28 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/06/17 17:41:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/06/17 17:41:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/06/17 17:41:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/06/17 17:41:28 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/17 17:41:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/17 17:41:28 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/06/17 17:41:28 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/06/17 17:41:28 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/17 17:41:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/17 17:41:28 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/06/17 17:41:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/06/17 17:41:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/06/17 17:41:28 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/06/17 17:41:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/06/17 17:41:28 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/17 17:41:28 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/06/17 17:41:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/06/17 17:41:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/17 17:41:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/17 17:41:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/06/17 17:41:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/06/17 17:41:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/06/17 17:41:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/06/17 17:41:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/06/17 17:41:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/06/17 17:41:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/17 17:41:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/17 17:41:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/17 17:41:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/06/17 17:41:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/06/17 17:41:28 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/06/17 17:41:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/06/17 17:41:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/06/17 17:41:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/06/17 17:41:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/06/17 17:41:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/06/17 17:41:28 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/06/17 17:41:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/17 17:41:28 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/17 17:41:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/17 17:41:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/06/17 17:41:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/17 17:41:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/17 17:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/17 17:38:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/17 17:38:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/17 17:38:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/17 17:34:50 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/17 17:32:24 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/06/17 17:32:24 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/06/17 17:32:24 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/06/17 17:32:24 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/06/17 17:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/17 17:28:07 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Secunia PSI
[2011/06/17 17:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2011/06/17 16:14:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2011/06/17 16:14:06 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/17 16:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/17 16:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/17 16:14:02 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/17 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/16 14:49:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/06/16 14:49:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/06/16 14:49:16 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/06/11 20:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/06/09 20:28:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/09 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/06/09 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2011/06/09 12:48:29 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\DownVision
[2011/06/07 18:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/06/06 16:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/06 16:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/06/06 12:38:29 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Fax
[2011/06/05 17:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/05 17:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/06/05 17:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/06/05 17:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

========== Files - Modified Within 30 Days ==========

[2011/06/27 09:38:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/27 09:36:31 | 005,125,812 | ---- | M] () -- C:\Users\Fabian\Desktop\_OTL.zip
[2011/06/27 09:36:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 09:36:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 09:30:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3203479484-2171436530-25300243-1000UA.job
[2011/06/27 09:28:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/27 09:26:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/27 09:26:28 | 000,442,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/27 09:26:10 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/26 15:11:51 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFabian.job
[2011/06/26 14:57:06 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3203479484-2171436530-25300243-1000Core.job
[2011/06/26 14:55:23 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2011/06/26 14:55:19 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2011/06/26 14:51:25 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 14:46:16 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\File Helper.job
[2011/06/25 22:14:58 | 000,169,597 | ---- | M] () -- C:\Users\Fabian\Desktop\cindy.zip
[2011/06/25 14:52:26 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/19 03:20:14 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/19 03:20:14 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/19 03:20:14 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/17 17:54:30 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/06/17 17:48:03 | 000,001,437 | ---- | M] () -- C:\Users\Fabian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/17 17:44:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/17 17:41:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/06/17 17:41:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/06/17 17:41:28 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/06/17 17:41:28 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/06/17 17:41:28 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/17 17:41:28 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/17 17:41:28 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/06/17 17:41:28 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/06/17 17:41:28 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/06/17 17:41:28 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/06/17 17:41:28 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/06/17 17:41:28 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/06/17 17:41:28 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/06/17 17:41:28 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/06/17 17:41:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/06/17 17:41:28 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/17 17:41:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/06/17 17:41:28 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/06/17 17:41:28 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/06/17 17:41:28 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/06/17 17:41:28 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/06/17 17:41:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/06/17 17:41:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/06/17 17:41:28 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/06/17 17:41:28 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/06/17 17:41:28 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/06/17 17:41:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/17 17:41:28 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/17 17:41:28 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/06/17 17:41:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/06/17 17:41:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/06/17 17:41:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/06/17 17:41:28 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/06/17 17:41:28 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/06/17 17:41:28 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/06/17 17:41:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/06/17 17:41:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/06/17 17:41:28 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/06/17 17:41:28 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/06/17 17:41:28 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/17 17:41:28 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/06/17 17:41:28 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/06/17 17:41:28 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/17 17:41:28 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/17 17:41:28 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/06/17 17:41:28 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/06/17 17:41:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/06/17 17:41:28 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/06/17 17:41:28 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/06/17 17:41:28 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/06/17 17:41:28 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/06/17 17:41:28 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/06/17 17:41:28 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/17 17:41:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/17 17:41:28 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/06/17 17:41:28 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/06/17 17:41:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/06/17 17:41:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/06/17 17:41:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/06/17 17:41:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/06/17 17:41:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/17 17:41:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/17 17:41:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/17 17:41:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/17 17:41:28 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/17 17:41:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/06/17 17:41:28 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/06/17 17:41:28 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/06/17 17:41:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/06/17 17:41:28 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/06/17 17:41:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/06/17 17:41:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/06/17 17:41:28 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/06/17 17:41:28 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/06/17 17:41:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/17 17:41:28 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/06/17 17:41:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/17 17:41:28 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/06/17 17:41:28 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/17 17:41:28 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/17 17:40:57 | 000,001,254 | ---- | M] () -- C:\Users\Fabian\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/06/17 17:38:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/06/17 17:38:06 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/06/17 17:38:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/06/17 17:38:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/06/17 17:32:18 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/06/17 17:32:18 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/06/17 17:32:18 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/06/17 17:32:18 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/06/17 17:27:59 | 000,001,106 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/17 12:43:08 | 571,855,290 | ---- | M] () -- C:\Users\Fabian\Desktop\ST2011.exe
[2011/06/12 22:17:12 | 000,005,828 | ---- | M] () -- C:\Users\Fabian\Desktop\Default_EXE.reg
[2011/06/11 19:48:12 | 000,296,522 | ---- | M] () -- C:\Users\Fabian\Desktop\Adobe.Acrobat.9.0.0.Pro.Extended-Patch_CiM.zip
[2011/06/07 18:07:03 | 000,072,080 | ---- | M] () -- C:\Users\Fabian\g2mdlhlpx.exe
[2011/06/06 13:00:12 | 002,036,456 | R--- | M] () -- C:\Users\Fabian\Desktop\360M HSP v1-11.pdf
[2011/06/04 10:58:17 | 007,862,232 | ---- | M] (Siber Systems) -- C:\Users\Fabian\Desktop\RoboForm-Everywhere-Setup.exe
[2011/05/29 14:34:10 | 000,001,001 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/27 09:36:30 | 005,125,812 | ---- | C] () -- C:\Users\Fabian\Desktop\_OTL.zip
[2011/06/26 14:51:25 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 22:14:57 | 000,169,597 | ---- | C] () -- C:\Users\Fabian\Desktop\cindy.zip
[2011/06/25 14:52:26 | 000,001,074 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/25 14:52:26 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/17 17:41:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/06/17 17:41:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/06/17 17:40:57 | 000,001,254 | ---- | C] () -- C:\Users\Fabian\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/06/17 17:40:57 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011/06/17 17:27:59 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/06/17 17:27:59 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/06/17 11:21:18 | 571,855,290 | ---- | C] () -- C:\Users\Fabian\Desktop\ST2011.exe
[2011/06/12 22:17:11 | 000,005,828 | ---- | C] () -- C:\Users\Fabian\Desktop\Default_EXE.reg
[2011/06/11 19:49:32 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFabian.job
[2011/06/11 19:48:10 | 000,296,522 | ---- | C] () -- C:\Users\Fabian\Desktop\Adobe.Acrobat.9.0.0.Pro.Extended-Patch_CiM.zip
[2011/06/06 13:00:04 | 002,036,456 | R--- | C] () -- C:\Users\Fabian\Desktop\360M HSP v1-11.pdf
[2011/05/25 14:42:06 | 000,119,702 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpSTOPFORECLOSURECALI PIC.0
[2011/05/25 14:42:06 | 000,105,692 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpSTOPFORECLOSURECALI PIC.JPG
[2011/02/14 16:07:09 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2011/01/19 16:13:56 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2011/01/17 00:07:21 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/23 11:00:29 | 000,113,127 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmp2010-08-12_15-47-03_532.JPG
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/24 18:06:38 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/28 18:50:55 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/02/05 19:35:27 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/01/27 20:23:40 | 000,002,580 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\wklnhst.dat
[2009/12/24 17:31:00 | 000,003,584 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 15:56:23 | 000,649,194 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.3
[2009/12/19 15:56:22 | 000,632,024 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.2
[2009/12/19 15:56:21 | 000,641,078 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.1
[2009/12/19 15:56:19 | 001,484,654 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.JPG
[2009/12/19 15:56:19 | 001,484,654 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpIMG_0411.0
[2009/11/29 00:45:22 | 000,040,634 | ---- | C] () -- C:\Users\Fabian\AppData\Local\tmpAGENT AND PROPERTY INFO.JPG
[2009/10/26 22:27:11 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2009/10/26 22:27:11 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2009/10/25 20:01:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/25 17:03:52 | 000,037,845 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/08/08 23:54:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/15 08:20:54 | 000,355,432 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 12:14:00 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll

< End of report >

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:55 AM

Posted 27 June 2011 - 01:34 PM

Hi again fabrod!!.. :)

Once again thank you very much snemelk for taking the time to go through my mess :thumbsup:

No problem!.. :thumbup2:

Thanks for the upload!!..
The OTL log looks much better, please let me know what problem remains (!)...

Please post the most recent TDSSKiller logfile: C:\TDSSKiller.2.5.5.0_25.06.2011_10.55.01_log.txt

I see there is a policy set, it is said to “Remove the Action Center icon” in the “Start Menu and Taskbar” administrative template... It could be set by malware (or by you)... Let me know if you want to set that policy to a default value...

Please do the following:

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (b4974919) - {FE889CAC-AA9D-45F1-8213-B92768F68D71} - File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 28 June 2011 - 09:28 AM

most recent TDSSKiller logfile: C:\TDSSKiller.2.5.5.0_25.06.2011_10.55.01_log.txt the OTL Run Fix log and Eset Scan Log are below:

I don't recall setting the “Remove the Action Center icon” policy, I don't even know what that is so my guess is it would be best to be set to default.


2011/06/25 10:55:01.0406 5344 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 10:55:02.0371 5344 ================================================================================
2011/06/25 10:55:02.0371 5344 SystemInfo:
2011/06/25 10:55:02.0371 5344
2011/06/25 10:55:02.0371 5344 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/25 10:55:02.0371 5344 Product type: Workstation
2011/06/25 10:55:02.0371 5344 ComputerName: FABIAN-PC
2011/06/25 10:55:02.0371 5344 UserName: Fabian
2011/06/25 10:55:02.0371 5344 Windows directory: C:\Windows
2011/06/25 10:55:02.0371 5344 System windows directory: C:\Windows
2011/06/25 10:55:02.0371 5344 Running under WOW64
2011/06/25 10:55:02.0371 5344 Processor architecture: Intel x64
2011/06/25 10:55:02.0371 5344 Number of processors: 2
2011/06/25 10:55:02.0371 5344 Page size: 0x1000
2011/06/25 10:55:02.0371 5344 Boot type: Normal boot
2011/06/25 10:55:02.0371 5344 ================================================================================
2011/06/25 10:55:06.0465 5344 Initialize success
2011/06/25 10:55:10.0079 8700 ================================================================================
2011/06/25 10:55:10.0079 8700 Scan started
2011/06/25 10:55:10.0079 8700 Mode: Manual;
2011/06/25 10:55:10.0079 8700 ================================================================================
2011/06/25 10:55:21.0954 8700 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/25 10:55:22.0219 8700 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/06/25 10:55:22.0595 8700 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/25 10:55:22.0893 8700 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/25 10:55:23.0249 8700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/25 10:55:23.0512 8700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/25 10:55:23.0880 8700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/25 10:55:24.0271 8700 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/06/25 10:55:24.0469 8700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/25 10:55:24.0675 8700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/25 10:55:24.0868 8700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/25 10:55:25.0070 8700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/25 10:55:25.0333 8700 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/25 10:55:25.0595 8700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/25 10:55:25.0766 8700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/25 10:55:25.0999 8700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/25 10:55:26.0224 8700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/25 10:55:27.0402 8700 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/25 10:55:28.0536 8700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/25 10:55:28.0964 8700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/25 10:55:29.0473 8700 BCM43XX (f99c7ae4bb91bd1506b3572f944307bb) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/25 10:55:29.0815 8700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/25 10:55:29.0973 8700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/25 10:55:30.0107 8700 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/25 10:55:30.0243 8700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/25 10:55:30.0411 8700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/25 10:55:30.0543 8700 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/25 10:55:30.0734 8700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/25 10:55:30.0850 8700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/25 10:55:31.0051 8700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/25 10:55:31.0180 8700 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/25 10:55:31.0338 8700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/25 10:55:31.0464 8700 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/25 10:55:31.0578 8700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/25 10:55:31.0943 8700 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/06/25 10:55:32.0062 8700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/25 10:55:32.0212 8700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/25 10:55:32.0360 8700 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/25 10:55:32.0489 8700 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/25 10:55:32.0635 8700 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/06/25 10:55:32.0764 8700 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/25 10:55:32.0895 8700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/25 10:55:33.0040 8700 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/25 10:55:33.0235 8700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/25 10:55:33.0556 8700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/25 10:55:33.0696 8700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/25 10:55:33.0819 8700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/25 10:55:33.0955 8700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/25 10:55:34.0083 8700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/25 10:55:34.0209 8700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/25 10:55:34.0351 8700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/25 10:55:34.0465 8700 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/25 10:55:34.0597 8700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/25 10:55:34.0702 8700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/25 10:55:34.0845 8700 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/25 10:55:34.0961 8700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/25 10:55:35.0202 8700 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/25 10:55:35.0358 8700 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/25 10:55:35.0464 8700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/25 10:55:35.0562 8700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/25 10:55:35.0689 8700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/25 10:55:35.0834 8700 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/25 10:55:36.0099 8700 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/06/25 10:55:36.0307 8700 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/06/25 10:55:36.0572 8700 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/25 10:55:37.0241 8700 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/25 10:55:37.0771 8700 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/25 10:55:38.0339 8700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/25 10:55:38.0809 8700 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/25 10:55:41.0894 8700 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/25 10:55:42.0889 8700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/25 10:55:43.0133 8700 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
2011/06/25 10:55:43.0320 8700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/25 10:55:43.0553 8700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/25 10:55:43.0754 8700 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/25 10:55:44.0066 8700 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/25 10:55:44.0267 8700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/25 10:55:44.0489 8700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/25 10:55:44.0928 8700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/25 10:55:45.0156 8700 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/25 10:55:45.0350 8700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/25 10:55:45.0461 8700 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/25 10:55:45.0597 8700 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/25 10:55:45.0725 8700 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/25 10:55:45.0846 8700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/25 10:55:46.0009 8700 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
2011/06/25 10:55:46.0146 8700 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
2011/06/25 10:55:46.0300 8700 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/25 10:55:46.0449 8700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/25 10:55:46.0716 8700 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/25 10:55:46.0842 8700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/25 10:55:47.0016 8700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/25 10:55:47.0156 8700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/25 10:55:47.0285 8700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/25 10:55:47.0499 8700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/25 10:55:47.0615 8700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/25 10:55:47.0744 8700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/25 10:55:47.0861 8700 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/25 10:55:47.0976 8700 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/25 10:55:48.0103 8700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/25 10:55:48.0236 8700 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/25 10:55:48.0413 8700 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/25 10:55:48.0614 8700 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/25 10:55:48.0769 8700 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/25 10:55:48.0881 8700 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/25 10:55:48.0993 8700 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/25 10:55:49.0145 8700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/25 10:55:49.0263 8700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/25 10:55:49.0386 8700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/25 10:55:49.0517 8700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/25 10:55:49.0632 8700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/25 10:55:49.0764 8700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/25 10:55:49.0876 8700 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/25 10:55:50.0016 8700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/25 10:55:50.0187 8700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/25 10:55:50.0302 8700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/25 10:55:50.0445 8700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/25 10:55:50.0590 8700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/25 10:55:50.0760 8700 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/25 10:55:50.0884 8700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/25 10:55:51.0023 8700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/25 10:55:51.0181 8700 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/25 10:55:51.0314 8700 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/25 10:55:51.0448 8700 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/25 10:55:51.0562 8700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/25 10:55:51.0682 8700 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/25 10:55:51.0949 8700 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/06/25 10:55:52.0216 8700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/25 10:55:52.0330 8700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/25 10:55:52.0445 8700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/25 10:55:53.0097 8700 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/25 10:55:53.0219 8700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/25 10:55:53.0349 8700 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/25 10:55:53.0482 8700 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/25 10:55:53.0585 8700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/25 10:55:53.0705 8700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/25 10:55:53.0856 8700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/25 10:55:53.0971 8700 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/25 10:55:54.0092 8700 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/25 10:55:54.0204 8700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/25 10:55:54.0315 8700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/25 10:55:54.0446 8700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/25 10:55:54.0567 8700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/25 10:55:54.0859 8700 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/25 10:55:54.0982 8700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/25 10:55:55.0111 8700 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/25 10:55:55.0247 8700 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/06/25 10:55:55.0433 8700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/25 10:55:55.0575 8700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/25 10:55:55.0714 8700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/25 10:55:55.0827 8700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/25 10:55:55.0956 8700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/25 10:55:56.0108 8700 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/25 10:55:56.0240 8700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/25 10:55:56.0357 8700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/25 10:55:56.0471 8700 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/25 10:55:56.0588 8700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/25 10:55:56.0708 8700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/25 10:55:56.0828 8700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/25 10:55:56.0960 8700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/25 10:55:57.0081 8700 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/25 10:55:57.0227 8700 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/25 10:55:57.0403 8700 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/06/25 10:55:57.0563 8700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/25 10:55:57.0712 8700 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/25 10:55:57.0828 8700 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/25 10:55:58.0209 8700 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/25 10:55:58.0280 8700 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/25 10:55:58.0404 8700 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/25 10:55:58.0530 8700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/25 10:55:58.0705 8700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/25 10:55:58.0813 8700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/25 10:55:58.0931 8700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/25 10:55:59.0105 8700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/25 10:55:59.0209 8700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/25 10:55:59.0317 8700 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/25 10:55:59.0442 8700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/25 10:55:59.0555 8700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/25 10:55:59.0690 8700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/25 10:55:59.0807 8700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/25 10:55:59.0986 8700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/25 10:56:00.0144 8700 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/06/25 10:56:00.0296 8700 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/25 10:56:00.0440 8700 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/25 10:56:00.0591 8700 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/25 10:56:00.0756 8700 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/25 10:56:00.0914 8700 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/25 10:56:01.0082 8700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/25 10:56:01.0245 8700 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/06/25 10:56:01.0378 8700 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/06/25 10:56:01.0510 8700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/25 10:56:01.0660 8700 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/25 10:56:01.0876 8700 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/06/25 10:56:02.0082 8700 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/25 10:56:02.0208 8700 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/25 10:56:02.0337 8700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/25 10:56:02.0454 8700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/25 10:56:02.0580 8700 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/25 10:56:02.0743 8700 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/25 10:56:02.0903 8700 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/06/25 10:56:03.0042 8700 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/06/25 10:56:03.0269 8700 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
2011/06/25 10:56:03.0417 8700 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/25 10:56:03.0539 8700 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/25 10:56:03.0674 8700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/25 10:56:03.0798 8700 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/25 10:56:03.0997 8700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/25 10:56:04.0249 8700 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/25 10:56:04.0403 8700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/25 10:56:04.0642 8700 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/25 10:56:05.0628 8700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/25 10:56:05.0852 8700 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/25 10:56:06.0119 8700 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/25 10:56:06.0369 8700 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/25 10:56:06.0604 8700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/25 10:56:06.0960 8700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/25 10:56:07.0193 8700 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/25 10:56:07.0435 8700 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/25 10:56:07.0782 8700 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/25 10:56:07.0989 8700 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/06/25 10:56:08.0319 8700 VBoxDrv (6169466b234093d3da6cc3aaef08f7b4) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/06/25 10:56:08.0465 8700 VBoxNetAdp (020120d38b4c79abc05bcd78ea6b3dbc) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/06/25 10:56:08.0728 8700 VBoxNetFlt (53a71ce5b83dc0afd40b39ad75dc4c78) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/06/25 10:56:09.0212 8700 VBoxUSBMon (2b383a1671a08beeb94ecfaec087f6a5) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/06/25 10:56:09.0531 8700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/25 10:56:09.0743 8700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/25 10:56:09.0992 8700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/25 10:56:10.0242 8700 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/25 10:56:10.0480 8700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/25 10:56:10.0757 8700 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/25 10:56:11.0021 8700 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/25 10:56:11.0271 8700 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/25 10:56:11.0562 8700 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
2011/06/25 10:56:11.0993 8700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/25 10:56:12.0223 8700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/25 10:56:12.0423 8700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/25 10:56:12.0668 8700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/25 10:56:12.0895 8700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/25 10:56:13.0119 8700 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/25 10:56:13.0185 8700 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/25 10:56:13.0423 8700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/25 10:56:13.0666 8700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/25 10:56:13.0946 8700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/25 10:56:14.0214 8700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/25 10:56:14.0741 8700 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/25 10:56:14.0922 8700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/25 10:56:15.0143 8700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/25 10:56:15.0481 8700 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/25 10:56:15.0888 8700 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/25 10:56:16.0168 8700 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/06/25 10:56:16.0386 8700 MBR (0x1B8) (8ca37966eb3c750d08ac01dcd8dda115) \Device\Harddisk0\DR0
2011/06/25 10:56:16.0402 8700 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR7
2011/06/25 10:56:16.0437 8700 ================================================================================
2011/06/25 10:56:16.0437 8700 Scan finished
2011/06/25 10:56:16.0437 8700 ================================================================================
2011/06/25 10:56:16.0458 8544 Detected object count: 0
2011/06/25 10:56:16.0458 8544 Actual detected object count: 0
2011/06/25 10:56:25.0393 1208 Deinitialize success



My most recent OTL fix log


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE889CAC-AA9D-45F1-8213-B92768F68D71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE889CAC-AA9D-45F1-8213-B92768F68D71}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ deleted successfully.

OTL by OldTimer - Version 3.2.24.1 log created on 06272011_223317





Eset Scan Log:



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=390d0883a42c0644b2b405a3307e98fd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-28 07:22:23
# local_time=2011-06-28 12:22:23 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 32423307 32423307 0 0
# compatibility_mode=5893 16776574 66 94 32740391 60783362 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=272596
# found=7
# cleaned=7
# scan_time=5832
C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Default\knhdhpfngkaddeljdaeoogkkhjanimba\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\c_ProgramData\api-ms-win-core-io-l1-1-032.dll a variant of Win32/Kryptik.OKQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\c_ProgramData\api-ms-win-core-io-l1-1-032.exe a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\c_ProgramData\dimsroam32.exe a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\c_ProgramData\P2PGraph32.exe a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\C_Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{55de4b02-ccaa-4029-aa13-257af8f8999a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\C_Windows\SysWOW64\chkdsk5.dll a variant of Win32/Kryptik.OXO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#12 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 28 June 2011 - 09:30 AM

most recent TDSSKiller logfile: C:\TDSSKiller.2.5.5.0_25.06.2011_10.55.01_log.txt the OTL Run Fix log and Eset Scan Log are below:

I don't recall setting the “Remove the Action Center icon” policy, I don't even know what that is so my guess is it would be best to be set to default.


2011/06/25 10:55:01.0406 5344 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 10:55:02.0371 5344 ================================================================================
2011/06/25 10:55:02.0371 5344 SystemInfo:
2011/06/25 10:55:02.0371 5344
2011/06/25 10:55:02.0371 5344 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/25 10:55:02.0371 5344 Product type: Workstation
2011/06/25 10:55:02.0371 5344 ComputerName: FABIAN-PC
2011/06/25 10:55:02.0371 5344 UserName: Fabian
2011/06/25 10:55:02.0371 5344 Windows directory: C:\Windows
2011/06/25 10:55:02.0371 5344 System windows directory: C:\Windows
2011/06/25 10:55:02.0371 5344 Running under WOW64
2011/06/25 10:55:02.0371 5344 Processor architecture: Intel x64
2011/06/25 10:55:02.0371 5344 Number of processors: 2
2011/06/25 10:55:02.0371 5344 Page size: 0x1000
2011/06/25 10:55:02.0371 5344 Boot type: Normal boot
2011/06/25 10:55:02.0371 5344 ================================================================================
2011/06/25 10:55:06.0465 5344 Initialize success
2011/06/25 10:55:10.0079 8700 ================================================================================
2011/06/25 10:55:10.0079 8700 Scan started
2011/06/25 10:55:10.0079 8700 Mode: Manual;
2011/06/25 10:55:10.0079 8700 ================================================================================
2011/06/25 10:55:21.0954 8700 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/25 10:55:22.0219 8700 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/06/25 10:55:22.0595 8700 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/25 10:55:22.0893 8700 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/25 10:55:23.0249 8700 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/25 10:55:23.0512 8700 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/25 10:55:23.0880 8700 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/25 10:55:24.0271 8700 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/06/25 10:55:24.0469 8700 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/25 10:55:24.0675 8700 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/25 10:55:24.0868 8700 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/25 10:55:25.0070 8700 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/25 10:55:25.0333 8700 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/25 10:55:25.0595 8700 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/25 10:55:25.0766 8700 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/25 10:55:25.0999 8700 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/25 10:55:26.0224 8700 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/25 10:55:27.0402 8700 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/25 10:55:28.0536 8700 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/25 10:55:28.0964 8700 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/25 10:55:29.0473 8700 BCM43XX (f99c7ae4bb91bd1506b3572f944307bb) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/25 10:55:29.0815 8700 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/25 10:55:29.0973 8700 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/25 10:55:30.0107 8700 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/25 10:55:30.0243 8700 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/25 10:55:30.0411 8700 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/25 10:55:30.0543 8700 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/25 10:55:30.0734 8700 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/25 10:55:30.0850 8700 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/25 10:55:31.0051 8700 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/25 10:55:31.0180 8700 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/25 10:55:31.0338 8700 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/25 10:55:31.0464 8700 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/25 10:55:31.0578 8700 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/25 10:55:31.0943 8700 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/06/25 10:55:32.0062 8700 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/25 10:55:32.0212 8700 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/25 10:55:32.0360 8700 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/25 10:55:32.0489 8700 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/25 10:55:32.0635 8700 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/06/25 10:55:32.0764 8700 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/25 10:55:32.0895 8700 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/25 10:55:33.0040 8700 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/25 10:55:33.0235 8700 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/25 10:55:33.0556 8700 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/25 10:55:33.0696 8700 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/25 10:55:33.0819 8700 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/25 10:55:33.0955 8700 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/25 10:55:34.0083 8700 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/25 10:55:34.0209 8700 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/25 10:55:34.0351 8700 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/25 10:55:34.0465 8700 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/25 10:55:34.0597 8700 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/25 10:55:34.0702 8700 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/25 10:55:34.0845 8700 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/25 10:55:34.0961 8700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/25 10:55:35.0202 8700 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/25 10:55:35.0358 8700 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/25 10:55:35.0464 8700 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/25 10:55:35.0562 8700 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/25 10:55:35.0689 8700 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/25 10:55:35.0834 8700 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/25 10:55:36.0099 8700 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/06/25 10:55:36.0307 8700 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/06/25 10:55:36.0572 8700 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/25 10:55:37.0241 8700 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/25 10:55:37.0771 8700 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/25 10:55:38.0339 8700 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/25 10:55:38.0809 8700 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/25 10:55:41.0894 8700 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/25 10:55:42.0889 8700 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/25 10:55:43.0133 8700 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
2011/06/25 10:55:43.0320 8700 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/25 10:55:43.0553 8700 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/25 10:55:43.0754 8700 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/25 10:55:44.0066 8700 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/25 10:55:44.0267 8700 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/25 10:55:44.0489 8700 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/25 10:55:44.0928 8700 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/25 10:55:45.0156 8700 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/25 10:55:45.0350 8700 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/25 10:55:45.0461 8700 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/25 10:55:45.0597 8700 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/25 10:55:45.0725 8700 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/25 10:55:45.0846 8700 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/25 10:55:46.0009 8700 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
2011/06/25 10:55:46.0146 8700 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
2011/06/25 10:55:46.0300 8700 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/25 10:55:46.0449 8700 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/25 10:55:46.0716 8700 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/25 10:55:46.0842 8700 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/25 10:55:47.0016 8700 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/25 10:55:47.0156 8700 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/25 10:55:47.0285 8700 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/25 10:55:47.0499 8700 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/25 10:55:47.0615 8700 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/25 10:55:47.0744 8700 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/25 10:55:47.0861 8700 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/25 10:55:47.0976 8700 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/25 10:55:48.0103 8700 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/25 10:55:48.0236 8700 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/25 10:55:48.0413 8700 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/25 10:55:48.0614 8700 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/25 10:55:48.0769 8700 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/25 10:55:48.0881 8700 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/25 10:55:48.0993 8700 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/25 10:55:49.0145 8700 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/25 10:55:49.0263 8700 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/25 10:55:49.0386 8700 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/25 10:55:49.0517 8700 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/25 10:55:49.0632 8700 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/25 10:55:49.0764 8700 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/25 10:55:49.0876 8700 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/25 10:55:50.0016 8700 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/25 10:55:50.0187 8700 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/25 10:55:50.0302 8700 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/25 10:55:50.0445 8700 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/25 10:55:50.0590 8700 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/25 10:55:50.0760 8700 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/25 10:55:50.0884 8700 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/25 10:55:51.0023 8700 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/25 10:55:51.0181 8700 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/25 10:55:51.0314 8700 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/25 10:55:51.0448 8700 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/25 10:55:51.0562 8700 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/25 10:55:51.0682 8700 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/25 10:55:51.0949 8700 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/06/25 10:55:52.0216 8700 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/25 10:55:52.0330 8700 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/25 10:55:52.0445 8700 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/25 10:55:53.0097 8700 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/25 10:55:53.0219 8700 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/25 10:55:53.0349 8700 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/25 10:55:53.0482 8700 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/25 10:55:53.0585 8700 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/25 10:55:53.0705 8700 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/25 10:55:53.0856 8700 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/25 10:55:53.0971 8700 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/25 10:55:54.0092 8700 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/25 10:55:54.0204 8700 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/25 10:55:54.0315 8700 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/25 10:55:54.0446 8700 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/25 10:55:54.0567 8700 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/25 10:55:54.0859 8700 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/25 10:55:54.0982 8700 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/25 10:55:55.0111 8700 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/25 10:55:55.0247 8700 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/06/25 10:55:55.0433 8700 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/25 10:55:55.0575 8700 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/25 10:55:55.0714 8700 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/25 10:55:55.0827 8700 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/25 10:55:55.0956 8700 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/25 10:55:56.0108 8700 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/25 10:55:56.0240 8700 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/25 10:55:56.0357 8700 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/25 10:55:56.0471 8700 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/25 10:55:56.0588 8700 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/25 10:55:56.0708 8700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/25 10:55:56.0828 8700 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/25 10:55:56.0960 8700 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/25 10:55:57.0081 8700 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/25 10:55:57.0227 8700 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/25 10:55:57.0403 8700 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/06/25 10:55:57.0563 8700 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/25 10:55:57.0712 8700 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
2011/06/25 10:55:57.0828 8700 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/25 10:55:58.0209 8700 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/25 10:55:58.0280 8700 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/25 10:55:58.0404 8700 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/25 10:55:58.0530 8700 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/25 10:55:58.0705 8700 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/25 10:55:58.0813 8700 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/25 10:55:58.0931 8700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/25 10:55:59.0105 8700 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/25 10:55:59.0209 8700 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/25 10:55:59.0317 8700 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/25 10:55:59.0442 8700 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/25 10:55:59.0555 8700 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/25 10:55:59.0690 8700 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/25 10:55:59.0807 8700 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/25 10:55:59.0986 8700 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/25 10:56:00.0144 8700 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/06/25 10:56:00.0296 8700 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/25 10:56:00.0440 8700 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/06/25 10:56:00.0591 8700 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/06/25 10:56:00.0756 8700 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/06/25 10:56:00.0914 8700 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/25 10:56:01.0082 8700 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/25 10:56:01.0245 8700 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/06/25 10:56:01.0378 8700 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/06/25 10:56:01.0510 8700 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/25 10:56:01.0660 8700 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/25 10:56:01.0876 8700 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/06/25 10:56:02.0082 8700 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/25 10:56:02.0208 8700 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/25 10:56:02.0337 8700 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/25 10:56:02.0454 8700 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/25 10:56:02.0580 8700 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/25 10:56:02.0743 8700 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/25 10:56:02.0903 8700 tmpreflt (803ee35df92815ea5d41cee7410c8cc1) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/06/25 10:56:03.0042 8700 tmtdi (21cc12b7f8b44e91d03ead5b17aaf0b2) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/06/25 10:56:03.0269 8700 tmxpflt (9bd32132a3470cefb3cbea5fa492bd6f) C:\Windows\system32\DRIVERS\tmxpflt.sys
2011/06/25 10:56:03.0417 8700 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/25 10:56:03.0539 8700 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/25 10:56:03.0674 8700 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/25 10:56:03.0798 8700 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/25 10:56:03.0997 8700 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/25 10:56:04.0249 8700 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/25 10:56:04.0403 8700 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/25 10:56:04.0642 8700 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/25 10:56:05.0628 8700 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/25 10:56:05.0852 8700 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/25 10:56:06.0119 8700 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/25 10:56:06.0369 8700 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/25 10:56:06.0604 8700 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/25 10:56:06.0960 8700 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/25 10:56:07.0193 8700 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/25 10:56:07.0435 8700 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/25 10:56:07.0782 8700 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/25 10:56:07.0989 8700 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/06/25 10:56:08.0319 8700 VBoxDrv (6169466b234093d3da6cc3aaef08f7b4) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/06/25 10:56:08.0465 8700 VBoxNetAdp (020120d38b4c79abc05bcd78ea6b3dbc) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/06/25 10:56:08.0728 8700 VBoxNetFlt (53a71ce5b83dc0afd40b39ad75dc4c78) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/06/25 10:56:09.0212 8700 VBoxUSBMon (2b383a1671a08beeb94ecfaec087f6a5) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/06/25 10:56:09.0531 8700 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/25 10:56:09.0743 8700 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/25 10:56:09.0992 8700 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/25 10:56:10.0242 8700 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/25 10:56:10.0480 8700 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/25 10:56:10.0757 8700 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/25 10:56:11.0021 8700 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/25 10:56:11.0271 8700 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/25 10:56:11.0562 8700 vsapint (b01ce1f5a44126892240d179a6dbd43f) C:\Windows\system32\DRIVERS\vsapint.sys
2011/06/25 10:56:11.0993 8700 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/25 10:56:12.0223 8700 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/25 10:56:12.0423 8700 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/25 10:56:12.0668 8700 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/25 10:56:12.0895 8700 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/25 10:56:13.0119 8700 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/25 10:56:13.0185 8700 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/25 10:56:13.0423 8700 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/25 10:56:13.0666 8700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/25 10:56:13.0946 8700 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/25 10:56:14.0214 8700 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/25 10:56:14.0741 8700 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/25 10:56:14.0922 8700 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/25 10:56:15.0143 8700 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/25 10:56:15.0481 8700 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/25 10:56:15.0888 8700 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/25 10:56:16.0168 8700 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/06/25 10:56:16.0386 8700 MBR (0x1B8) (8ca37966eb3c750d08ac01dcd8dda115) \Device\Harddisk0\DR0
2011/06/25 10:56:16.0402 8700 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR7
2011/06/25 10:56:16.0437 8700 ================================================================================
2011/06/25 10:56:16.0437 8700 Scan finished
2011/06/25 10:56:16.0437 8700 ================================================================================
2011/06/25 10:56:16.0458 8544 Detected object count: 0
2011/06/25 10:56:16.0458 8544 Actual detected object count: 0
2011/06/25 10:56:25.0393 1208 Deinitialize success



My most recent OTL fix log


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE889CAC-AA9D-45F1-8213-B92768F68D71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE889CAC-AA9D-45F1-8213-B92768F68D71}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ deleted successfully.

OTL by OldTimer - Version 3.2.24.1 log created on 06272011_223317





Eset Scan Log:



ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=390d0883a42c0644b2b405a3307e98fd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-28 07:22:23
# local_time=2011-06-28 12:22:23 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 32423307 32423307 0 0
# compatibility_mode=5893 16776574 66 94 32740391 60783362 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=272596
# found=7
# cleaned=7
# scan_time=5832
C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Default\knhdhpfngkaddeljdaeoogkkhjanimba\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\c_ProgramData\api-ms-win-core-io-l1-1-032.dll a variant of Win32/Kryptik.OKQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\c_ProgramData\api-ms-win-core-io-l1-1-032.exe a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\c_ProgramData\dimsroam32.exe a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\c_ProgramData\P2PGraph32.exe a variant of Win32/Kryptik.OYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\C_Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\cminha1z.default\extensions\{55de4b02-ccaa-4029-aa13-257af8f8999a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06272011_090103\C_Windows\SysWOW64\chkdsk5.dll a variant of Win32/Kryptik.OXO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#13 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:55 AM

Posted 28 June 2011 - 01:29 PM

Hi again fabrod!!.. :)

That looks good, tell me please, does any problem remain??..

Let's take a look at this Registry value I mentioned:

Open Notepad and copy and paste next present in the quotebox:

@echo off
REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer" /v HideSCAHealth >> C:\look.txt
notepad c:\look.txt
del c:\look.txt
del %0

Save this as look.bat , choose to save as *all files and place it on your Desktop.
It should look like this: Posted Image
Right-click on it, and choose: Run as administrator... A Notepad should open.
Copy and paste the contents of it in your next reply.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#14 fabrod

fabrod
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 29 June 2011 - 12:43 AM

Hey Snemelk.. great job so far!! :thumbup2: . Below are the results, I actually ran the look.bat program twice since my computer restarted after the first time before I copied the notepad file. One thing that has lingered as of before I ran the look.bat program is firefox is constantly freezing up, I don't use explorer much so I don't know if it has the same issue. If there are any other issues I probably won't figure them out for a few days as I use my computer. The google redirect issue seems to be gone though, which I am very pleased about!

It seems my computer was infected quite a bit before your help. In your opinion, how much of the infection remains and how much am I at risk at this point? What should i look out for as far as signs of any types of infections which are under the radar? And what do you recommend to keep myself protected? I currently have Trend Micro Antivirus plus Antispyware.




HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HideSCAHealth REG_DWORD 0x1


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HideSCAHealth REG_DWORD 0x1

#15 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:02:55 AM

Posted 29 June 2011 - 07:25 AM

Hi again fabrod!!.. :)

One thing that has lingered as of before I ran the look.bat program is firefox is constantly freezing up, I don't use explorer much so I don't know if it has the same issue.

It can just be a problem with one of the Add-ons... Please run Firefox in a Safe Mode (when prompted, click Continue In Safe Mode) - check if it freezes in that mode as well... Let me know the result...

In your opinion, how much of the infection remains and how much am I at risk at this point?
What should i look out for as far as signs of any types of infections which are under the radar?
And what do you recommend to keep myself protected? I currently have Trend Micro Antivirus plus Antispyware.

Logs look clean, in my opinion, your system should be safe to use... Only this line in the OTL logfile is suspicious: PRC - File not found --... May be a glitch, may be also an infection hiding... But if no problem remains, I'd believe in that former option...

When it comes to a computer infection telltale signs - antivirus warnings, unusual slow-down of your computer speed, various unusual ads (pop-ups, redirects, audio ads), fake antivirus warnings, etc. ... Some infections just stay silently, try to steal your personal data (passwords, etc.), send spam... Anyway, it's all about money (for criminals, of course)...
Infections can get into your computer in quite a few ways - by opening an attachment with a "virus", by running a malicious program (say downloaded from internet, including cracks/keygens), through exploits either in the operating system or programs you use, via removable devices, etc. ...
For more information you can read various security reports, for example: Cisco Security Reports...

When it comes to protection against various threats... Some of the ideas I present on my web page (A few steps to make your web browsing safer)... If you paid for your antivirus, you can keep it, it certainly protects against most threats... However, I do not find it a very good program - for a reference, you can for example take a look at the On-Demand Comparative report (February 2011) here: AV-Comparatives.org - standard detection rates, many false positives... If you ask me, I would consider installing Avast! (a free version)...

When it comes to that look.bat, please do the following:
Copy and paste this text IN BOLD into a text editor such as Notepad.

Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your Desktop.


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HideSCAHealth"=dword:00000000


Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

Also, please check with your Secunia Personal Software Inspector (PSI) program if all your applications are up-to date... When it comes to Adobe Acrobat Reader, I recommend using the latest version:
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users