Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

INFECTED, REDIRECT VIRUS


  • This topic is locked This topic is locked
50 replies to this topic

#1 stelev

stelev

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 24 September 2011 - 05:30 AM

I have recently been getting redirected to various search engines when I have been clicking on the results of a google search. This not only happens in Chrome but also on FF, Explorer, Safari too.

I have tried to run TDSKILLER
I have ran Malwarebytes anti malware program
I have also ran CCCleaner.
I then ran CMD, and typed in ipconfig/flushdns.
Restarted laptop but issues remained.
None of these have solved the problem

Also today new tabs have just started to pop up with new search engine I dont even know about.

I'm not very tech orientated, but can follow instruction very well, and am patient. Could someone please help me sort this without having to resort to taking my laptop into a repair shop.

Thanks, below is the DDS log as requested in the how to section.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Home Laptop at 11:18:07 on 2011-09-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1242 [GMT 1:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Firewall Booster *Enabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_6d4d1665097f1e86\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\HOMELA~1\AppData\Local\Temp\HouseCall\housecall.bin
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Trend Micro Browser Guard] "C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE"
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
StartupFolder: C:\Users\HOMELA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OSD.lnk - C:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{937D7775-047B-448E-9AFB-22FEE4FEE18C} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO-X64: IEGBH0 - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TMIEGBHO Class: {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll
BHO-X64: TMIEGBHO - No File
TB-X64: TMBGBAR TOOLBAR: {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Trend Micro Browser Guard] "C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE"
mRun-x64: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0emcf1wk.default\
FF - prefs.js: browser.search.selectedEngine -
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 SoilIO;SoilIO;C:\Windows\system32\drivers\SoilIO.sys --> C:\Windows\system32\drivers\SoilIO.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 soilkbc;soilkbc;C:\Windows\system32\drivers\soilkbc.sys --> C:\Windows\system32\drivers\soilkbc.sys [?]
R3 SoilMC;SoilMC;C:\Windows\system32\drivers\SoilMC.sys --> C:\Windows\system32\drivers\SoilMC.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S3 SkyhawkeUSBLan;SkyhawkeUSBLan;C:\Windows\system32\DRIVERS\btblan.sys --> C:\Windows\system32\DRIVERS\btblan.sys [?]
.
=============== Created Last 30 ================
.
2011-09-24 10:07:55 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-09-24 10:07:01 -------- d-----w- C:\Users\Home Laptop\AppData\Local\Browser Guard
2011-09-24 10:06:27 388096 ----a-r- C:\Users\Home Laptop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-24 10:06:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-22 21:44:08 -------- d-----w- C:\Program Files\CCleaner
2011-09-22 21:38:33 -------- d-----w- C:\Users\Home Laptop\AppData\Roaming\Malwarebytes
2011-09-22 21:38:21 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-22 21:38:16 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-22 21:38:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-22 20:12:53 98816 ----a-w- C:\Windows\sed.exe
2011-09-22 20:12:53 518144 ----a-w- C:\Windows\SWREG.exe
2011-09-22 20:12:53 256000 ----a-w- C:\Windows\PEV.exe
2011-09-22 20:12:53 208896 ----a-w- C:\Windows\MBR.exe
2011-09-20 21:23:14 -------- d-----w- C:\ProgramData\Rosetta Stone
2011-09-20 21:23:14 -------- d-----w- C:\Program Files (x86)\Rosetta Stone
2011-09-20 20:16:31 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-09-20 19:31:26 -------- d-----we C:\Windows\system64
2011-09-20 18:53:03 -------- d-----w- C:\Users\Home Laptop\AppData\Local\{827F7FE3-336A-439B-9B2D-355CDD2EB64F}
2011-09-19 13:39:17 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-09-14 21:00:14 -------- d-----w- C:\Users\Home Laptop\AppData\Local\{EB4774FC-948B-43D1-839C-78C4D1A7AF6B}
2011-09-13 18:48:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-11 18:49:43 -------- d-----w- C:\Users\Home Laptop\Incomplete
2011-09-11 18:42:00 -------- d-----w- C:\Users\Home Laptop\AppData\Roaming\MP3Rocket
2011-09-11 18:41:55 -------- d-----w- C:\Program Files (x86)\MP3 Rocket
2011-09-04 20:17:07 -------- d-----w- C:\Users\Home Laptop\AppData\Local\{F6A6E061-2945-4E60-859B-9A416F1DDE1A}
2011-09-02 14:02:58 -------- d-----w- C:\Users\Home Laptop\AppData\Local\IsolatedStorage
2011-09-02 14:02:07 -------- d-----w- C:\Users\Home Laptop\AppData\Roaming\Navman_Wireless
2011-09-02 13:53:19 -------- d-----w- C:\Users\Home Laptop\AppData\Local\Deployment
2011-09-02 13:53:19 -------- d-----w- C:\Users\Home Laptop\AppData\Local\Apps
2011-09-02 11:54:39 47664 ----a-w- C:\Windows\System32\drivers\vmwvusb.sys
2011-09-02 11:54:11 -------- d-----w- C:\Users\Home Laptop\AppData\Local\VMware
2011-09-02 11:54:09 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2011-09-02 11:54:02 -------- d-----w- C:\Program Files\VMware
2011-09-01 19:17:32 -------- d-----w- C:\Users\Home Laptop\AppData\Local\{4EA3C883-091B-407C-9711-6BC15E0EAC96}
2011-09-01 19:13:57 -------- d-----w- C:\Users\Home Laptop\AppData\Local\{35AA621C-7812-4EF8-9EAC-DF2C417F80F7}
2011-09-01 19:10:37 -------- d-----w- C:\Users\Home Laptop\AppData\Local\{C3CF7C8D-7268-4C47-BCC5-A7ACE77032F4}
2011-08-29 19:01:25 -------- d-----w- C:\Users\Home Laptop\AppData\Local\{9578BB12-8DB3-4EDE-A690-0365B0925BFE}
2011-08-28 14:26:52 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2011-08-28 14:26:50 -------- d-----w- C:\Users\Home Laptop\AppData\Local\Conduit
2011-08-28 12:06:59 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll
2011-08-28 12:05:59 83736 ----a-w- C:\Windows\System32\xinput1_2.dll
2011-08-28 12:00:41 -------- d--h--w- C:\Windows\msdownld.tmp
2011-08-28 12:00:35 -------- d-----w- C:\Windows\SysWow64\directx
2011-08-27 13:14:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-08-26 21:19:11 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-08-26 20:51:45 -------- d-----w- C:\Users\Home Laptop\AppData\Roaming\MusicNet
2011-08-26 20:49:20 -------- d-----w- C:\Users\Home Laptop\AppData\Local\PackageAware
2011-08-26 20:08:55 -------- d-----w- C:\Users\Home Laptop\AppData\Roaming\MAGIX
2011-08-26 20:05:25 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2011-08-26 20:05:25 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2011-08-26 20:04:16 -------- d-----w- C:\ProgramData\MAGIX
2011-08-26 20:03:01 120200 ----a-w- C:\Windows\SysWow64\DLLDEV32i.dll
2011-08-26 20:03:01 -------- d-----w- C:\Program Files (x86)\MAGIX
2011-08-26 20:02:21 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
.
==================== Find3M ====================
.
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 10:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 10:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 10:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 10:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 10:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 10:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 10:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 10:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-05 17:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-07-05 17:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-06-26 19:26:49 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:20:08.59 ===============

BC AdBot (Login to Remove)

 


#2 stelev

stelev
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 25 September 2011 - 11:57 AM

I have read through replies to similar issues and have posted the following reports:
TDS KILLER
Combofix
Malware
OLT

TDS KILLER RPORT

10:51:56.0291 5036 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
10:51:56.0478 5036 ============================================================
10:51:56.0478 5036 Current date / time: 2011/09/25 10:51:56.0478
10:51:56.0478 5036 SystemInfo:
10:51:56.0478 5036
10:51:56.0478 5036 OS Version: 6.1.7601 ServicePack: 1.0
10:51:56.0478 5036 Product type: Workstation
10:51:56.0478 5036 ComputerName: HOMELAPTOP-PC
10:51:56.0478 5036 UserName: Home Laptop
10:51:56.0478 5036 Windows directory: C:\Windows
10:51:56.0478 5036 System windows directory: C:\Windows
10:51:56.0478 5036 Running under WOW64
10:51:56.0478 5036 Processor architecture: Intel x64
10:51:56.0478 5036 Number of processors: 2
10:51:56.0478 5036 Page size: 0x1000
10:51:56.0478 5036 Boot type: Normal boot
10:51:56.0478 5036 ============================================================
10:51:56.0743 5036 Initialize success
10:52:00.0846 4224 ============================================================
10:52:00.0846 4224 Scan started
10:52:00.0846 4224 Mode: Manual;
10:52:00.0846 4224 ============================================================
10:52:01.0251 4224 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:52:01.0267 4224 1394ohci - ok
10:52:01.0376 4224 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:52:01.0376 4224 ACPI - ok
10:52:01.0470 4224 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:52:01.0485 4224 AcpiPmi - ok
10:52:01.0595 4224 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:52:01.0610 4224 adp94xx - ok
10:52:01.0735 4224 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:52:01.0751 4224 adpahci - ok
10:52:01.0860 4224 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:52:01.0875 4224 adpu320 - ok
10:52:01.0969 4224 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:52:01.0969 4224 AFD - ok
10:52:02.0063 4224 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:52:02.0063 4224 agp440 - ok
10:52:02.0203 4224 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:52:02.0203 4224 aliide - ok
10:52:02.0312 4224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:52:02.0312 4224 amdide - ok
10:52:02.0406 4224 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:52:02.0406 4224 AmdK8 - ok
10:52:02.0437 4224 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:52:02.0453 4224 AmdPPM - ok
10:52:02.0569 4224 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:52:02.0581 4224 amdsata - ok
10:52:02.0687 4224 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:52:02.0701 4224 amdsbs - ok
10:52:02.0806 4224 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:52:02.0815 4224 amdxata - ok
10:52:02.0926 4224 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:52:02.0937 4224 AppID - ok
10:52:03.0062 4224 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:52:03.0073 4224 arc - ok
10:52:03.0152 4224 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:52:03.0164 4224 arcsas - ok
10:52:03.0291 4224 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:52:03.0301 4224 AsyncMac - ok
10:52:03.0403 4224 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:52:03.0412 4224 atapi - ok
10:52:03.0545 4224 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:52:03.0565 4224 b06bdrv - ok
10:52:03.0647 4224 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:52:03.0665 4224 b57nd60a - ok
10:52:03.0766 4224 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:52:03.0773 4224 Beep - ok
10:52:03.0882 4224 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:52:03.0893 4224 blbdrive - ok
10:52:04.0009 4224 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:52:04.0021 4224 bowser - ok
10:52:04.0109 4224 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:52:04.0118 4224 BrFiltLo - ok
10:52:04.0140 4224 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:52:04.0148 4224 BrFiltUp - ok
10:52:04.0243 4224 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:52:04.0259 4224 Brserid - ok
10:52:04.0367 4224 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:52:04.0378 4224 BrSerWdm - ok
10:52:04.0479 4224 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:52:04.0488 4224 BrUsbMdm - ok
10:52:04.0569 4224 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:52:04.0577 4224 BrUsbSer - ok
10:52:04.0660 4224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:52:04.0672 4224 BTHMODEM - ok
10:52:04.0769 4224 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:52:04.0781 4224 cdfs - ok
10:52:04.0887 4224 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:52:04.0899 4224 cdrom - ok
10:52:05.0007 4224 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:52:05.0017 4224 circlass - ok
10:52:05.0103 4224 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:52:05.0107 4224 CLFS - ok
10:52:05.0219 4224 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:52:05.0234 4224 CmBatt - ok
10:52:05.0341 4224 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:52:05.0349 4224 cmdide - ok
10:52:05.0451 4224 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:52:05.0469 4224 CNG - ok
10:52:05.0554 4224 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:52:05.0563 4224 Compbatt - ok
10:52:05.0661 4224 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:52:05.0671 4224 CompositeBus - ok
10:52:05.0775 4224 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:52:05.0783 4224 crcdisk - ok
10:52:05.0924 4224 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:52:05.0937 4224 DfsC - ok
10:52:06.0024 4224 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:52:06.0025 4224 discache - ok
10:52:06.0123 4224 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:52:06.0134 4224 Disk - ok
10:52:06.0238 4224 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:52:06.0247 4224 drmkaud - ok
10:52:06.0351 4224 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:52:06.0379 4224 DXGKrnl - ok
10:52:06.0519 4224 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:52:06.0747 4224 ebdrv - ok
10:52:06.0871 4224 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:52:06.0891 4224 elxstor - ok
10:52:06.0979 4224 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:52:06.0987 4224 ErrDev - ok
10:52:07.0091 4224 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:52:07.0105 4224 exfat - ok
10:52:07.0188 4224 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:52:07.0203 4224 fastfat - ok
10:52:07.0297 4224 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:52:07.0307 4224 fdc - ok
10:52:07.0411 4224 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:52:07.0422 4224 FileInfo - ok
10:52:07.0498 4224 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:52:07.0509 4224 Filetrace - ok
10:52:07.0602 4224 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:52:07.0612 4224 flpydisk - ok
10:52:07.0720 4224 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:52:07.0732 4224 FltMgr - ok
10:52:07.0810 4224 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:52:07.0825 4224 FsDepends - ok
10:52:07.0935 4224 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:52:07.0935 4224 fssfltr - ok
10:52:08.0044 4224 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:52:08.0059 4224 Fs_Rec - ok
10:52:08.0153 4224 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:52:08.0153 4224 fvevol - ok
10:52:08.0247 4224 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:52:08.0262 4224 gagp30kx - ok
10:52:08.0356 4224 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:52:08.0356 4224 GEARAspiWDM - ok
10:52:08.0465 4224 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:52:08.0465 4224 hcw85cir - ok
10:52:08.0574 4224 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:52:08.0605 4224 HdAudAddService - ok
10:52:08.0699 4224 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:52:08.0699 4224 HDAudBus - ok
10:52:08.0777 4224 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:52:08.0777 4224 HidBatt - ok
10:52:08.0871 4224 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:52:08.0871 4224 HidBth - ok
10:52:08.0964 4224 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:52:08.0964 4224 HidIr - ok
10:52:09.0078 4224 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:52:09.0087 4224 HidUsb - ok
10:52:09.0190 4224 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:52:09.0201 4224 HpSAMD - ok
10:52:09.0293 4224 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:52:09.0299 4224 HTTP - ok
10:52:09.0395 4224 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:52:09.0396 4224 hwpolicy - ok
10:52:09.0517 4224 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:52:09.0530 4224 i8042prt - ok
10:52:09.0622 4224 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
10:52:09.0626 4224 iaStor - ok
10:52:09.0741 4224 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:52:09.0758 4224 iaStorV - ok
10:52:10.0130 4224 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:52:10.0364 4224 igfx - ok
10:52:10.0457 4224 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:52:10.0473 4224 iirsp - ok
10:52:10.0566 4224 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:52:10.0566 4224 intelide - ok
10:52:10.0660 4224 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:52:10.0660 4224 intelppm - ok
10:52:10.0738 4224 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:52:10.0754 4224 IpFilterDriver - ok
10:52:10.0847 4224 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:52:10.0863 4224 IPMIDRV - ok
10:52:10.0941 4224 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:52:10.0956 4224 IPNAT - ok
10:52:11.0081 4224 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:52:11.0081 4224 IRENUM - ok
10:52:11.0190 4224 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:52:11.0190 4224 isapnp - ok
10:52:11.0284 4224 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:52:11.0300 4224 iScsiPrt - ok
10:52:11.0393 4224 JMCR (364f2281f960895788ef55c401e946e9) C:\Windows\system32\DRIVERS\jmcr.sys
10:52:11.0409 4224 JMCR - ok
10:52:11.0502 4224 JME (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
10:52:11.0518 4224 JME - ok
10:52:11.0627 4224 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:52:11.0627 4224 kbdclass - ok
10:52:11.0721 4224 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:52:11.0736 4224 kbdhid - ok
10:52:11.0830 4224 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:52:11.0830 4224 KSecDD - ok
10:52:11.0939 4224 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:52:11.0955 4224 KSecPkg - ok
10:52:12.0048 4224 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:52:12.0064 4224 ksthunk - ok
10:52:12.0173 4224 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:52:12.0189 4224 lltdio - ok
10:52:12.0298 4224 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:52:12.0314 4224 LSI_FC - ok
10:52:12.0392 4224 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:52:12.0407 4224 LSI_SAS - ok
10:52:12.0508 4224 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:52:12.0519 4224 LSI_SAS2 - ok
10:52:12.0607 4224 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:52:12.0619 4224 LSI_SCSI - ok
10:52:12.0705 4224 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:52:12.0717 4224 luafv - ok
10:52:12.0808 4224 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
10:52:12.0823 4224 mcdbus - ok
10:52:12.0911 4224 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:52:12.0920 4224 megasas - ok
10:52:13.0005 4224 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:52:13.0020 4224 MegaSR - ok
10:52:13.0114 4224 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:52:13.0124 4224 Modem - ok
10:52:13.0200 4224 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:52:13.0202 4224 monitor - ok
10:52:13.0308 4224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:52:13.0319 4224 mouclass - ok
10:52:13.0417 4224 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:52:13.0427 4224 mouhid - ok
10:52:13.0506 4224 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:52:13.0508 4224 mountmgr - ok
10:52:13.0595 4224 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:52:13.0609 4224 mpio - ok
10:52:13.0703 4224 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:52:13.0719 4224 mpsdrv - ok
10:52:13.0817 4224 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:52:13.0830 4224 MRxDAV - ok
10:52:13.0928 4224 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:52:13.0942 4224 mrxsmb - ok
10:52:14.0028 4224 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:52:14.0044 4224 mrxsmb10 - ok
10:52:14.0126 4224 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:52:14.0138 4224 mrxsmb20 - ok
10:52:14.0229 4224 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:52:14.0241 4224 msahci - ok
10:52:14.0327 4224 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:52:14.0339 4224 msdsm - ok
10:52:14.0435 4224 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:52:14.0445 4224 Msfs - ok
10:52:14.0527 4224 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:52:14.0535 4224 mshidkmdf - ok
10:52:14.0631 4224 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:52:14.0640 4224 msisadrv - ok
10:52:14.0739 4224 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:52:14.0747 4224 MSKSSRV - ok
10:52:14.0841 4224 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:52:14.0841 4224 MSPCLOCK - ok
10:52:14.0935 4224 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:52:14.0935 4224 MSPQM - ok
10:52:15.0044 4224 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:52:15.0059 4224 MsRPC - ok
10:52:15.0188 4224 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:52:15.0190 4224 mssmbios - ok
10:52:15.0291 4224 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:52:15.0298 4224 MSTEE - ok
10:52:15.0391 4224 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:52:15.0399 4224 MTConfig - ok
10:52:15.0486 4224 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:52:15.0496 4224 Mup - ok
10:52:15.0606 4224 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:52:15.0623 4224 NativeWifiP - ok
10:52:15.0733 4224 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:52:15.0739 4224 NDIS - ok
10:52:15.0827 4224 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:52:15.0838 4224 NdisCap - ok
10:52:15.0927 4224 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:52:15.0937 4224 NdisTapi - ok
10:52:16.0019 4224 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:52:16.0031 4224 Ndisuio - ok
10:52:16.0125 4224 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:52:16.0143 4224 NdisWan - ok
10:52:16.0238 4224 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:52:16.0253 4224 NDProxy - ok
10:52:16.0354 4224 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:52:16.0366 4224 NetBIOS - ok
10:52:16.0465 4224 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:52:16.0467 4224 NetBT - ok
10:52:16.0576 4224 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:52:16.0586 4224 nfrd960 - ok
10:52:16.0670 4224 NPF - ok
10:52:16.0708 4224 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:52:16.0719 4224 Npfs - ok
10:52:16.0802 4224 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:52:16.0804 4224 nsiproxy - ok
10:52:16.0923 4224 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:52:16.0964 4224 Ntfs - ok
10:52:17.0039 4224 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:52:17.0047 4224 Null - ok
10:52:17.0147 4224 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:52:17.0162 4224 nvraid - ok
10:52:17.0274 4224 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:52:17.0287 4224 nvstor - ok
10:52:17.0381 4224 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:52:17.0394 4224 nv_agp - ok
10:52:17.0515 4224 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:52:17.0528 4224 ohci1394 - ok
10:52:17.0677 4224 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:52:17.0689 4224 Parport - ok
10:52:17.0788 4224 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:52:17.0799 4224 partmgr - ok
10:52:17.0880 4224 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:52:17.0896 4224 pci - ok
10:52:17.0974 4224 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:52:17.0989 4224 pciide - ok
10:52:18.0083 4224 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:52:18.0098 4224 pcmcia - ok
10:52:18.0192 4224 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:52:18.0208 4224 pcw - ok
10:52:18.0301 4224 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:52:18.0332 4224 PEAUTH - ok
10:52:18.0473 4224 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:52:18.0488 4224 PptpMiniport - ok
10:52:18.0566 4224 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:52:18.0582 4224 Processor - ok
10:52:18.0691 4224 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:52:18.0691 4224 Psched - ok
10:52:18.0816 4224 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:52:18.0863 4224 ql2300 - ok
10:52:18.0972 4224 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:52:18.0988 4224 ql40xx - ok
10:52:19.0066 4224 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:52:19.0081 4224 QWAVEdrv - ok
10:52:19.0159 4224 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:52:19.0159 4224 RasAcd - ok
10:52:19.0268 4224 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:52:19.0268 4224 RasAgileVpn - ok
10:52:19.0378 4224 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:52:19.0393 4224 Rasl2tp - ok
10:52:19.0471 4224 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:52:19.0487 4224 RasPppoe - ok
10:52:19.0580 4224 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:52:19.0596 4224 RasSstp - ok
10:52:19.0721 4224 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:52:19.0736 4224 rdbss - ok
10:52:19.0814 4224 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:52:19.0830 4224 rdpbus - ok
10:52:19.0908 4224 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:52:19.0908 4224 RDPCDD - ok
10:52:19.0986 4224 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:52:19.0986 4224 RDPENCDD - ok
10:52:20.0080 4224 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:52:20.0080 4224 RDPREFMP - ok
10:52:20.0173 4224 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:52:20.0189 4224 RDPWD - ok
10:52:20.0282 4224 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:52:20.0298 4224 rdyboost - ok
10:52:20.0407 4224 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:52:20.0423 4224 rspndr - ok
10:52:20.0516 4224 rtl8192se (a5986b46c4348cb35ebb98f220948df7) C:\Windows\system32\DRIVERS\rtl8192se.sys
10:52:20.0548 4224 rtl8192se - ok
10:52:20.0657 4224 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:52:20.0672 4224 sbp2port - ok
10:52:20.0766 4224 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:52:20.0766 4224 scfilter - ok
10:52:20.0891 4224 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:52:20.0906 4224 sdbus - ok
10:52:21.0000 4224 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:52:21.0016 4224 secdrv - ok
10:52:21.0125 4224 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:52:21.0125 4224 Serenum - ok
10:52:21.0234 4224 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:52:21.0250 4224 Serial - ok
10:52:21.0359 4224 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:52:21.0359 4224 sermouse - ok
10:52:21.0468 4224 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:52:21.0468 4224 sffdisk - ok
10:52:21.0562 4224 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:52:21.0577 4224 sffp_mmc - ok
10:52:21.0664 4224 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:52:21.0673 4224 sffp_sd - ok
10:52:21.0744 4224 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:52:21.0752 4224 sfloppy - ok
10:52:21.0848 4224 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:52:21.0871 4224 Sftfs - ok
10:52:21.0977 4224 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:52:21.0991 4224 Sftplay - ok
10:52:22.0088 4224 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:52:22.0096 4224 Sftredir - ok
10:52:22.0166 4224 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:52:22.0174 4224 Sftvol - ok
10:52:22.0277 4224 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:52:22.0287 4224 SiSRaid2 - ok
10:52:22.0350 4224 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:52:22.0360 4224 SiSRaid4 - ok
10:52:22.0456 4224 SkyhawkeUSBLan (22a249676b45987b7ada1fd91cb9c9c0) C:\Windows\system32\DRIVERS\btblan.sys
10:52:22.0466 4224 SkyhawkeUSBLan - ok
10:52:22.0553 4224 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:52:22.0565 4224 Smb - ok
10:52:22.0654 4224 SoilIO (47b37e4f919bf170818920a98c2fe1c6) C:\Windows\system32\drivers\SoilIO.sys
10:52:22.0654 4224 SoilIO - ok
10:52:22.0747 4224 soilkbc (0626c7524fbe58e1af6e76f1bb739ca2) C:\Windows\system32\drivers\soilkbc.sys
10:52:22.0763 4224 soilkbc - ok
10:52:22.0841 4224 SoilMC (709bde623d7680e2d2a958cd4dc0a902) C:\Windows\system32\drivers\SoilMC.sys
10:52:22.0841 4224 SoilMC - ok
10:52:22.0903 4224 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:52:22.0919 4224 spldr - ok
10:52:23.0028 4224 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:52:23.0044 4224 srv - ok
10:52:23.0137 4224 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:52:23.0169 4224 srv2 - ok
10:52:23.0262 4224 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:52:23.0278 4224 srvnet - ok
10:52:23.0371 4224 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:52:23.0387 4224 stexstor - ok
10:52:23.0481 4224 STHDA (936a4d05f7a790b8aab3b6be61651e0e) C:\Windows\system32\DRIVERS\stwrt64.sys
10:52:23.0496 4224 STHDA - ok
10:52:23.0590 4224 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:52:23.0590 4224 swenum - ok
10:52:23.0746 4224 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
10:52:23.0793 4224 Tcpip - ok
10:52:23.0917 4224 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
10:52:23.0933 4224 TCPIP6 - ok
10:52:24.0011 4224 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:52:24.0027 4224 tcpipreg - ok
10:52:24.0105 4224 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:52:24.0105 4224 TDPIPE - ok
10:52:24.0183 4224 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:52:24.0183 4224 TDTCP - ok
10:52:24.0292 4224 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:52:24.0307 4224 tdx - ok
10:52:24.0401 4224 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:52:24.0401 4224 TermDD - ok
10:52:24.0526 4224 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
10:52:24.0526 4224 tmactmon - ok
10:52:24.0619 4224 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
10:52:24.0619 4224 tmcomm - ok
10:52:24.0713 4224 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
10:52:24.0729 4224 tmevtmgr - ok
10:52:24.0822 4224 tmlwf (5922b1f5741bbdbaf7f7b4cbd2b7c4a5) C:\Windows\system32\DRIVERS\tmlwf.sys
10:52:24.0838 4224 tmlwf - ok
10:52:24.0947 4224 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
10:52:24.0963 4224 tmtdi - ok
10:52:25.0087 4224 tmwfp (0a2e3899cc72ad4cc85ea3d50a5331cc) C:\Windows\system32\DRIVERS\tmwfp.sys
10:52:25.0103 4224 tmwfp - ok
10:52:25.0259 4224 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:52:25.0275 4224 tssecsrv - ok
10:52:25.0384 4224 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:52:25.0399 4224 TsUsbFlt - ok
10:52:25.0540 4224 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:52:25.0555 4224 tunnel - ok
10:52:25.0649 4224 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:52:25.0665 4224 uagp35 - ok
10:52:25.0758 4224 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:52:25.0774 4224 udfs - ok
10:52:25.0914 4224 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:52:25.0914 4224 uliagpkx - ok
10:52:26.0023 4224 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:52:26.0023 4224 umbus - ok
10:52:26.0133 4224 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:52:26.0133 4224 UmPass - ok
10:52:26.0226 4224 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:52:26.0242 4224 USBAAPL64 - ok
10:52:26.0351 4224 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:52:26.0367 4224 usbaudio - ok
10:52:26.0460 4224 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:52:26.0460 4224 usbccgp - ok
10:52:26.0554 4224 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:52:26.0569 4224 usbcir - ok
10:52:26.0663 4224 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:52:26.0663 4224 usbehci - ok
10:52:26.0757 4224 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:52:26.0772 4224 usbhub - ok
10:52:26.0850 4224 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:52:26.0850 4224 usbohci - ok
10:52:26.0944 4224 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:52:26.0944 4224 usbprint - ok
10:52:27.0022 4224 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:52:27.0037 4224 USBSTOR - ok
10:52:27.0115 4224 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
10:52:27.0115 4224 usbuhci - ok
10:52:27.0225 4224 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:52:27.0240 4224 usbvideo - ok
10:52:27.0365 4224 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:52:27.0381 4224 vdrvroot - ok
10:52:27.0505 4224 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:52:27.0521 4224 vga - ok
10:52:27.0599 4224 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:52:27.0615 4224 VgaSave - ok
10:52:27.0661 4224 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:52:27.0677 4224 vhdmp - ok
10:52:27.0771 4224 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:52:27.0771 4224 viaide - ok
10:52:27.0864 4224 vmwvusb (1c1111810f0fcd958a6dfe3f869ad80d) C:\Windows\system32\Drivers\vmwvusb.sys
10:52:27.0880 4224 vmwvusb - ok
10:52:27.0973 4224 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:52:27.0973 4224 volmgr - ok
10:52:28.0067 4224 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:52:28.0067 4224 volmgrx - ok
10:52:28.0145 4224 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:52:28.0176 4224 volsnap - ok
10:52:28.0254 4224 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:52:28.0254 4224 vsmraid - ok
10:52:28.0332 4224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:52:28.0348 4224 vwifibus - ok
10:52:28.0410 4224 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:52:28.0426 4224 vwififlt - ok
10:52:28.0504 4224 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:52:28.0519 4224 WacomPen - ok
10:52:28.0629 4224 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:52:28.0629 4224 WANARP - ok
10:52:28.0644 4224 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:52:28.0644 4224 Wanarpv6 - ok
10:52:28.0738 4224 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:52:28.0753 4224 Wd - ok
10:52:28.0831 4224 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:52:28.0847 4224 Wdf01000 - ok
10:52:28.0941 4224 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:52:28.0956 4224 WfpLwf - ok
10:52:29.0034 4224 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:52:29.0034 4224 WIMMount - ok
10:52:29.0190 4224 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:52:29.0190 4224 WmiAcpi - ok
10:52:29.0331 4224 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:52:29.0331 4224 ws2ifsl - ok
10:52:29.0471 4224 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:52:29.0471 4224 WudfPf - ok
10:52:29.0580 4224 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:52:29.0596 4224 WUDFRd - ok
10:52:29.0643 4224 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:52:29.0658 4224 \Device\Harddisk0\DR0 - ok
10:52:29.0658 4224 Boot (0x1200) (19f89bff3a4721f35fbd42e6c7f76bb5) \Device\Harddisk0\DR0\Partition0
10:52:29.0658 4224 \Device\Harddisk0\DR0\Partition0 - ok
10:52:29.0674 4224 Boot (0x1200) (633119d98197f45dfbfdffca640077f9) \Device\Harddisk0\DR0\Partition1
10:52:29.0674 4224 \Device\Harddisk0\DR0\Partition1 - ok
10:52:29.0674 4224 ============================================================
10:52:29.0674 4224 Scan finished
10:52:29.0674 4224 ============================================================
10:52:29.0689 5216 Detected object count: 0
10:52:29.0689 5216 Actual detected object count: 0

======================================================================================================================================

Combofix report

ComboFix 11-09-24.04 - Home Laptop 25/09/2011 10:57:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1604 [GMT 1:00]
Running from: c:\users\Home Laptop\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Firewall Booster *Enabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MPAccess
c:\program files (x86)\MPAccess\01BCC.exe
c:\program files (x86)\MPAccess\0F.exe
c:\program files (x86)\MPAccess\1000.exe
c:\program files (x86)\MPAccess\alotgb.exe
c:\program files (x86)\MPAccess\dfgdb.sdf
c:\program files (x86)\MPAccess\F3.exe
c:\program files (x86)\MPAccess\ggg.exe
c:\program files (x86)\MPAccess\teFst.htm
c:\program files (x86)\MPAccess\windoFwsh.exe
c:\program files (x86)\MPAccess\xaxaxa.dat
c:\programdata\E1010.tmp
c:\programdata\OSD10.tmp
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-08-25 to 2011-09-25 )))))))))))))))))))))))))))))))
.
.
2011-09-25 10:15 . 2011-09-25 10:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-24 10:07 . 2011-09-24 10:12 -------- d-----w- c:\users\Home Laptop\AppData\Local\Browser Guard
2011-09-24 10:06 . 2011-09-24 10:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-24 10:06 . 2011-09-24 10:06 388096 ----a-r- c:\users\Home Laptop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-22 21:44 . 2011-09-22 21:44 -------- d-----w- c:\program files\CCleaner
2011-09-22 21:38 . 2011-09-22 21:38 -------- d-----w- c:\users\Home Laptop\AppData\Roaming\Malwarebytes
2011-09-22 21:38 . 2011-09-22 21:38 -------- d-----w- c:\programdata\Malwarebytes
2011-09-22 21:38 . 2011-09-22 21:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-22 21:38 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-20 21:23 . 2011-09-21 21:53 -------- d-----w- c:\programdata\Rosetta Stone
2011-09-20 21:23 . 2011-09-20 21:23 -------- d-----w- c:\program files (x86)\Rosetta Stone
2011-09-20 20:16 . 2009-02-24 17:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-09-19 13:39 . 2011-09-19 13:39 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-09-17 12:50 . 2011-09-17 12:50 -------- d-----w- c:\program files\7-Zip
2011-09-13 18:48 . 2011-09-13 18:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-11 18:49 . 2011-09-22 19:08 -------- d-----w- c:\users\Home Laptop\Incomplete
2011-09-11 18:44 . 2011-09-13 18:48 -------- d-----w- c:\program files (x86)\Java
2011-09-11 18:44 . 2011-09-13 18:48 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-11 18:42 . 2011-09-12 19:52 -------- d-----w- c:\users\Home Laptop\AppData\Roaming\MP3Rocket
2011-09-11 18:41 . 2011-09-11 18:49 -------- d-----w- c:\program files (x86)\MP3 Rocket
2011-09-02 14:02 . 2011-09-02 14:02 -------- d-----w- c:\users\Home Laptop\AppData\Local\IsolatedStorage
2011-09-02 14:02 . 2011-09-02 14:41 -------- d-----w- c:\users\Home Laptop\AppData\Roaming\Navman_Wireless
2011-09-02 13:53 . 2011-09-07 19:11 -------- d-----w- c:\users\Home Laptop\AppData\Local\Deployment
2011-09-02 13:53 . 2011-09-02 13:53 -------- d-----w- c:\users\Home Laptop\AppData\Local\Apps
2011-09-02 11:58 . 2011-09-02 11:58 -------- d-----w- c:\users\Home Laptop\AppData\Roaming\VMware
2011-09-02 11:54 . 2011-02-18 17:41 47664 ----a-w- c:\windows\system32\drivers\vmwvusb.sys
2011-09-02 11:54 . 2011-09-02 11:58 -------- d-----w- c:\programdata\VMware
2011-09-02 11:54 . 2011-09-02 11:54 -------- d-----w- c:\users\Home Laptop\AppData\Local\VMware
2011-09-02 11:54 . 2011-09-02 11:54 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-09-02 11:54 . 2011-09-02 11:54 -------- d-----w- c:\program files\VMware
2011-08-28 14:26 . 2011-08-28 14:26 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-08-28 14:26 . 2011-08-28 14:31 -------- d-----w- c:\users\Home Laptop\AppData\Local\Conduit
2011-08-28 12:06 . 2009-03-09 14:27 520544 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-08-28 12:05 . 2006-07-28 08:31 83736 ----a-w- c:\windows\system32\xinput1_2.dll
2011-08-28 12:00 . 2011-08-28 12:04 -------- d--h--w- c:\windows\msdownld.tmp
2011-08-27 13:14 . 2011-08-27 13:14 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-26 21:19 . 2011-08-26 21:19 -------- d-----w- c:\program files (x86)\VideoLAN
2011-08-26 20:51 . 2011-08-26 20:51 -------- d-----w- c:\users\Home Laptop\AppData\Roaming\MusicNet
2011-08-26 20:49 . 2011-08-26 20:49 -------- d-----w- c:\users\Home Laptop\AppData\Local\PackageAware
2011-08-26 20:08 . 2011-08-26 20:08 -------- d-----w- c:\users\Home Laptop\AppData\Roaming\MAGIX
2011-08-26 20:05 . 2003-04-18 15:29 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2011-08-26 20:05 . 2003-04-18 15:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-08-26 20:04 . 2011-08-26 20:31 -------- d-----w- c:\programdata\MAGIX
2011-08-26 20:03 . 2011-08-26 20:32 -------- d-----w- c:\program files (x86)\MAGIX
2011-08-26 20:03 . 2007-04-27 09:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2011-08-26 20:02 . 2011-08-26 20:30 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 05:42 . 2011-08-11 20:00 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 20:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 20:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 20:00 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 20:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 20:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-11 18:27 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-11 18:27 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-11 18:27 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-11 18:27 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-11 18:27 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-11 18:27 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-11 18:27 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-11 18:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-11 18:27 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-11 18:27 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-11 18:27 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 18:27 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-11 18:27 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-11 18:27 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 18:27 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 10:34 . 2011-07-12 10:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:34 . 2011-07-12 10:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:34 . 2011-07-12 10:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:34 . 2011-07-12 10:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-09 05:26 . 2011-08-24 09:21 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:29 . 2011-08-24 09:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:46 . 2011-08-11 18:27 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 17:37 . 2011-07-05 17:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 17:37 . 2011-07-05 17:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"CaddieSyncConduit"="c:\program files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe" [2011-04-27 2364792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Trend Micro Browser Guard"="c:\program files (x86)\Trend Micro\Browser Guard\BGUI.EXE" [2011-02-25 787984]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\users\Home Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OSD.lnk - c:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe [2010-9-8 4286]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
R3 SkyhawkeUSBLan;SkyhawkeUSBLan;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SoilIO;SoilIO; [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-18 494192]
S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-18 1120368]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 13:06]
.
2011-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 13:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-06 487424]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"combofix"="c:\combofix\CF16061.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Home Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0emcf1wk.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2257002012-2512448184-3150513115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2257002012-2512448184-3150513115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-09-25 11:51:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-25 10:51
.
Pre-Run: 224,268,632,064 bytes free
Post-Run: 224,058,777,600 bytes free
.
- - End Of File - - 0A3BBB12D37F894C5E30DE9AB8DDA2FF

==============================================================================================================================================

OTL First Scan

OTL logfile created on: 25/09/2011 17:31:32 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Home Laptop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.45% Memory free
5.93 Gb Paging File | 4.44 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.86 Gb Total Space | 208.73 Gb Free Space | 72.01% Space Free | Partition Type: NTFS

Computer Name: HOMELAPTOP-PC | User Name: Home Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/25 17:30:25 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Home Laptop\Downloads\OTL.exe
PRC - [2011/09/20 04:07:40 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/04/27 21:27:22 | 002,364,792 | ---- | M] (SkyHawke) -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe
PRC - [2011/02/25 20:21:50 | 000,665,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
PRC - [2011/02/25 20:20:58 | 000,787,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
PRC - [2011/02/18 18:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/16 17:18:26 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/20 04:07:39 | 000,412,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\ppgooglenaclpluginchrome.dll
MOD - [2011/09/20 04:07:37 | 003,696,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\pdf.dll
MOD - [2011/09/20 04:06:11 | 000,142,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\avutil-51.dll
MOD - [2011/09/20 04:06:10 | 000,253,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\avformat-53.dll
MOD - [2011/09/20 04:06:09 | 002,403,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\avcodec-53.dll
MOD - [2011/08/28 14:37:51 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/28 14:37:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/28 14:37:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/28 14:37:37 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\69d837670ac67c4776ea5a115d64a550\IAStorUtil.ni.dll
MOD - [2011/08/28 14:37:31 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/28 14:37:23 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/28 14:36:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/28 14:36:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/28 14:36:43 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/28 14:36:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/27 21:27:24 | 000,163,704 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\conduitscripting0.dll
MOD - [2011/04/27 21:22:02 | 000,591,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qjson0.dll
MOD - [2011/04/27 21:21:48 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\qextserialport1.dll
MOD - [2010/09/23 15:52:52 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtCore4.dll
MOD - [2010/09/13 06:12:38 | 000,744,448 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScriptTools4.dll
MOD - [2010/09/13 03:16:14 | 002,173,952 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtScript4.dll
MOD - [2010/09/13 02:30:18 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtGui4.dll
MOD - [2010/09/13 01:55:26 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtNetwork4.dll
MOD - [2010/09/13 01:51:28 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\QtXml4.dll
MOD - [2010/03/16 17:18:26 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
MOD - [2010/03/16 17:14:46 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\Media_DSG.dll
MOD - [2009/11/17 17:21:06 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SoilIO.dll
MOD - [2009/06/23 03:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\libgcc_s_dw2-1.dll
MOD - [2009/01/10 19:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\SkyGolf\CaddieSync Express\mingwm10.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/18 18:41:20 | 001,120,368 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV:64bit: - [2011/02/18 18:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV:64bit: - [2011/02/16 20:20:04 | 000,256,336 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV:64bit: - [2010/09/06 13:52:00 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_6d4d1665097f1e86\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/19 14:39:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 18:41:20 | 000,047,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/06 14:08:00 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/09/06 13:57:00 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
DRV:64bit: - [2010/09/06 13:54:00 | 000,153,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/09/06 13:53:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/08/08 11:18:48 | 000,339,536 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010/08/08 11:18:48 | 000,194,640 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010/08/08 11:18:48 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/08/08 11:18:48 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/08/08 11:18:48 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/08/08 11:18:48 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/04/15 23:45:54 | 000,047,600 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (SkyhawkeUSBLan)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/11 17:28:52 | 000,017,912 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SoilIO.sys -- (SoilIO)
DRV:64bit: - [2009/12/03 10:04:16 | 000,013,304 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SoilMC.sys -- (SoilMC)
DRV:64bit: - [2009/12/03 10:03:50 | 000,013,816 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Soilkbc.sys -- (soilkbc)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2257002012-2512448184-3150513115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-2257002012-2512448184-3150513115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2257002012-2512448184-3150513115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\firefoxextension\ [2011/08/17 19:37:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/23 20:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/10 18:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home Laptop\AppData\Roaming\Mozilla\Extensions
[2011/09/11 19:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0emcf1wk.default\extensions
[2011/08/28 15:27:00 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Home Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0emcf1wk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/17 18:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/13 19:48:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.186\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteBlock = C:\Users\Home Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj\0.2.2_0\

O1 HOSTS File: ([2011/09/25 11:47:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (no name) - {9F3209E2-334B-41E9-B09C-703F398742E7} - No CLSID value found.
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {9F3209E2-334B-41E9-B09C-703F398742E7} - No CLSID value found.
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\tmieg64.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [CaddieSyncConduit] C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (SkyHawke)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2257002012-2512448184-3150513115-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2257002012-2512448184-3150513115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2257002012-2512448184-3150513115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\rsvpsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\rsvpsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{937D7775-047B-448E-9AFB-22FEE4FEE18C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O30:64bit: - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/25 17:04:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/25 11:51:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/24 11:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2011/09/24 11:07:01 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\Browser Guard
[2011/09/24 11:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Browser Guard
[2011/09/24 11:06:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Browser Guard
[2011/09/24 11:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/09/24 11:06:27 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/09/22 23:02:41 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\Documents\Cleaner
[2011/09/22 22:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/22 22:38:33 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\Malwarebytes
[2011/09/22 22:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/22 22:38:16 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/22 22:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/22 21:12:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/22 21:12:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/22 21:12:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/22 21:10:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/22 21:09:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/20 22:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2011/09/20 22:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2011/09/20 22:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2011/09/20 21:16:31 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2011/09/20 19:53:03 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\{827F7FE3-336A-439B-9B2D-355CDD2EB64F}
[2011/09/19 14:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/09/17 13:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/09/17 13:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/09/14 22:00:14 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\{EB4774FC-948B-43D1-839C-78C4D1A7AF6B}
[2011/09/13 19:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/13 19:48:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/13 19:48:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/13 19:48:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/13 19:48:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/11 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\Incomplete
[2011/09/11 19:45:18 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
[2011/09/11 19:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/09/11 19:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/11 19:42:00 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\MP3Rocket
[2011/09/11 19:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 Rocket
[2011/09/04 21:17:07 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\{F6A6E061-2945-4E60-859B-9A416F1DDE1A}
[2011/09/02 15:02:58 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\IsolatedStorage
[2011/09/02 15:02:07 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\Navman_Wireless
[2011/09/02 14:54:46 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navman Wireless
[2011/09/02 14:53:19 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\Deployment
[2011/09/02 14:53:19 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\Apps
[2011/09/02 12:58:47 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\VMware
[2011/09/02 12:54:39 | 000,047,664 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmwvusb.sys
[2011/09/02 12:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011/09/02 12:54:11 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\VMware
[2011/09/02 12:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011/09/02 12:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/09/02 12:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2011/09/01 20:17:32 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\{4EA3C883-091B-407C-9711-6BC15E0EAC96}
[2011/09/01 20:13:57 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\{35AA621C-7812-4EF8-9EAC-DF2C417F80F7}
[2011/09/01 20:10:37 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\{C3CF7C8D-7268-4C47-BCC5-A7ACE77032F4}
[2011/08/29 20:01:25 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\{9578BB12-8DB3-4EDE-A690-0365B0925BFE}
[2011/08/28 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\Conduit
[2011/08/28 13:07:19 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2011/08/28 13:07:19 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2011/08/28 13:07:19 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2011/08/28 13:07:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2011/08/28 13:07:18 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2011/08/28 13:07:18 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2011/08/28 13:07:17 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2011/08/28 13:07:17 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2011/08/28 13:07:15 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2011/08/28 13:07:15 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2011/08/28 13:07:15 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2011/08/28 13:07:15 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2011/08/28 13:07:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2011/08/28 13:07:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2011/08/28 13:07:12 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2011/08/28 13:07:12 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2011/08/28 13:07:10 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2011/08/28 13:07:10 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2011/08/28 13:07:10 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2011/08/28 13:07:10 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2011/08/28 13:07:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2011/08/28 13:07:09 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2011/08/28 13:07:08 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2011/08/28 13:07:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2011/08/28 13:07:07 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011/08/28 13:07:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011/08/28 13:07:05 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011/08/28 13:07:04 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011/08/28 13:07:04 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011/08/28 13:07:03 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011/08/28 13:07:03 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011/08/28 13:07:02 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011/08/28 13:07:02 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011/08/28 13:07:00 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011/08/28 13:07:00 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/08/28 13:06:59 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011/08/28 13:06:59 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011/08/28 13:06:58 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011/08/28 13:06:58 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011/08/28 13:06:56 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011/08/28 13:06:56 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011/08/28 13:06:56 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011/08/28 13:06:55 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011/08/28 13:06:55 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011/08/28 13:06:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011/08/28 13:06:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011/08/28 13:06:53 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011/08/28 13:06:53 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/08/28 13:06:53 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011/08/28 13:06:53 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/08/28 13:06:51 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011/08/28 13:06:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/08/28 13:06:49 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011/08/28 13:06:49 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/08/28 13:06:49 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011/08/28 13:06:49 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/08/28 13:06:48 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/08/28 13:06:48 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011/08/28 13:06:47 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011/08/28 13:06:47 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/08/28 13:06:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011/08/28 13:06:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/08/28 13:06:45 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011/08/28 13:06:45 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/08/28 13:06:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/08/28 13:06:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011/08/28 13:06:43 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011/08/28 13:06:43 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/08/28 13:06:43 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011/08/28 13:06:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/08/28 13:06:41 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011/08/28 13:06:41 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/08/28 13:06:40 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011/08/28 13:06:40 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/08/28 13:06:40 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011/08/28 13:06:40 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/08/28 13:06:39 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/08/28 13:06:39 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011/08/28 13:06:38 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011/08/28 13:06:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/08/28 13:06:37 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011/08/28 13:06:37 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/08/28 13:06:37 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011/08/28 13:06:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/08/28 13:06:36 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011/08/28 13:06:36 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/08/28 13:06:34 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011/08/28 13:06:34 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/08/28 13:06:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/08/28 13:06:31 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011/08/28 13:06:30 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011/08/28 13:06:30 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/08/28 13:06:29 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011/08/28 13:06:29 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/08/28 13:06:29 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011/08/28 13:06:29 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/08/28 13:06:27 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011/08/28 13:06:27 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/08/28 13:06:25 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011/08/28 13:06:25 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/08/28 13:06:23 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011/08/28 13:06:23 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/08/28 13:06:23 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011/08/28 13:06:23 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/08/28 13:06:21 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011/08/28 13:06:21 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/08/28 13:06:19 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011/08/28 13:06:19 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/08/28 13:06:18 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011/08/28 13:06:18 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/08/28 13:06:18 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011/08/28 13:06:18 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/08/28 13:06:17 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011/08/28 13:06:17 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/08/28 13:06:15 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011/08/28 13:06:15 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/08/28 13:06:15 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011/08/28 13:06:15 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/08/28 13:06:14 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011/08/28 13:06:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/08/28 13:06:14 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011/08/28 13:06:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/08/28 13:06:13 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011/08/28 13:06:13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/08/28 13:06:11 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011/08/28 13:06:11 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/08/28 13:06:10 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011/08/28 13:06:10 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/08/28 13:06:09 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011/08/28 13:06:09 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/08/28 13:06:09 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011/08/28 13:06:09 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/08/28 13:06:08 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011/08/28 13:06:08 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/08/28 13:06:05 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011/08/28 13:06:05 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/08/28 13:06:04 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011/08/28 13:06:04 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/08/28 13:06:03 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011/08/28 13:06:03 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/08/28 13:06:02 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011/08/28 13:06:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/08/28 13:06:02 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011/08/28 13:06:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/08/28 13:06:01 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011/08/28 13:06:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/08/28 13:06:00 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011/08/28 13:06:00 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/08/28 13:05:59 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011/08/28 13:05:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/08/28 13:05:58 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011/08/28 13:05:58 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/08/28 13:05:57 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011/08/28 13:05:57 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/08/28 13:05:55 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011/08/28 13:05:55 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/08/28 13:05:51 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011/08/28 13:05:51 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/08/28 13:05:49 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011/08/28 13:05:49 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/08/28 13:05:49 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011/08/28 13:05:49 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/08/28 13:05:48 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011/08/28 13:05:48 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/08/28 13:05:47 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011/08/28 13:05:47 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/08/28 13:05:45 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011/08/28 13:05:45 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011/08/28 13:05:45 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/08/28 13:05:45 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/08/28 13:05:43 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011/08/28 13:05:43 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/08/28 13:05:40 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011/08/28 13:05:40 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/08/28 13:00:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011/08/27 14:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/08/26 22:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/08/26 21:51:45 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\MusicNet
[2011/08/26 21:49:20 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Local\PackageAware
[2011/08/26 21:08:55 | 000,000,000 | ---D | C] -- C:\Users\Home Laptop\AppData\Roaming\MAGIX
[2011/08/26 21:06:11 | 000,917,504 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2011/08/26 21:06:11 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2011/08/26 21:06:11 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2011/08/26 21:06:11 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2011/08/26 21:06:11 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2011/08/26 21:06:11 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2011/08/26 21:06:11 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2011/08/26 21:06:11 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2011/08/26 21:06:11 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2011/08/26 21:06:11 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2011/08/26 21:06:11 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2011/08/26 21:06:11 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2011/08/26 21:06:11 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2011/08/26 21:06:11 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2011/08/26 21:06:11 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2011/08/26 21:06:11 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2011/08/26 21:06:11 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2011/08/26 21:06:11 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2011/08/26 21:06:11 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2011/08/26 21:06:10 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2011/08/26 21:06:10 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2011/08/26 21:06:10 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2011/08/26 21:06:10 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2011/08/26 21:05:25 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll
[2011/08/26 21:05:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2011/08/26 21:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011/08/26 21:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2011/08/26 21:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/25 17:27:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/25 17:11:20 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 17:11:20 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/25 17:04:18 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/25 17:04:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/25 17:03:54 | 2388,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/25 11:47:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/24 13:59:31 | 006,751,233 | ---- | M] () -- C:\Users\Home Laptop\AppData\Local\census.cache
[2011/09/24 13:54:25 | 000,106,032 | ---- | M] () -- C:\Users\Home Laptop\AppData\Local\ars.cache
[2011/09/24 11:09:07 | 000,000,036 | ---- | M] () -- C:\Users\Home Laptop\AppData\Local\housecall.guid.cache
[2011/09/24 11:07:00 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro Browser Guard v3.0 Beta.lnk
[2011/09/24 11:06:28 | 000,003,003 | ---- | M] () -- C:\Users\Home Laptop\Desktop\HiJackThis.lnk
[2011/09/24 10:17:44 | 000,336,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/22 22:44:10 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/22 22:38:23 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 21:51:11 | 000,795,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/21 21:51:11 | 000,676,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/21 21:51:11 | 000,129,642 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/21 10:28:22 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/20 23:17:02 | 000,002,779 | ---- | M] () -- C:\Users\Home Laptop\Desktop\Rosetta Stone V3.lnk
[2011/09/20 21:27:57 | 000,000,933 | ---- | M] () -- C:\Users\Home Laptop\Desktop\Downloads - Shortcut.lnk
[2011/09/13 22:43:22 | 000,804,132 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/13 19:48:07 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/09/13 19:48:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/09/13 19:48:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/09/13 19:48:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/11 19:45:18 | 000,001,993 | ---- | M] () -- C:\Users\Home Laptop\Desktop\MP3 Rocket 6.1.lnk
[2011/09/11 19:44:13 | 013,801,120 | ---- | M] () -- C:\Users\Home Laptop\Desktop\jre-6u1-windows-i586-p-s.exe
[2011/09/02 12:54:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vmwvusb_01009.Wdf
[2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/28 23:47:48 | 000,003,584 | ---- | M] () -- C:\Users\Home Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/24 13:59:31 | 006,751,233 | ---- | C] () -- C:\Users\Home Laptop\AppData\Local\census.cache
[2011/09/24 13:54:25 | 000,106,032 | ---- | C] () -- C:\Users\Home Laptop\AppData\Local\ars.cache
[2011/09/24 11:08:10 | 000,000,036 | ---- | C] () -- C:\Users\Home Laptop\AppData\Local\housecall.guid.cache
[2011/09/24 11:07:00 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro Browser Guard v3.0 Beta.lnk
[2011/09/24 11:06:28 | 000,003,003 | ---- | C] () -- C:\Users\Home Laptop\Desktop\HiJackThis.lnk
[2011/09/24 10:17:34 | 000,336,872 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/22 22:44:10 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/22 22:38:23 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 21:12:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/22 21:12:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/22 21:12:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/22 21:12:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/22 21:12:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/20 23:17:02 | 000,002,779 | ---- | C] () -- C:\Users\Home Laptop\Desktop\Rosetta Stone V3.lnk
[2011/09/20 21:27:57 | 000,000,933 | ---- | C] () -- C:\Users\Home Laptop\Desktop\Downloads - Shortcut.lnk
[2011/09/11 19:45:18 | 000,001,993 | ---- | C] () -- C:\Users\Home Laptop\Desktop\MP3 Rocket 6.1.lnk
[2011/09/11 19:42:15 | 013,801,120 | ---- | C] () -- C:\Users\Home Laptop\Desktop\jre-6u1-windows-i586-p-s.exe
[2011/09/02 12:54:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_vmwvusb_01009.Wdf
[2011/08/28 23:47:48 | 000,003,584 | ---- | C] () -- C:\Users\Home Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/26 21:06:10 | 000,038,492 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib
[2011/08/26 21:03:01 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010/09/08 13:59:37 | 000,804,132 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/08 12:58:41 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/09/08 12:46:26 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:57:20 | 001,073,664 | ---- | C] () -- C:\Windows\TGConfig_VS08.exe
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

===============================================================================================================================================
OTL Extras scan report

OTL Extras logfile created on: 25/09/2011 17:31:32 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Home Laptop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.45% Memory free
5.93 Gb Paging File | 4.44 Gb Available in Paging File | 74.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.86 Gb Total Space | 208.73 Gb Free Space | 72.01% Space Free | Partition Type: NTFS

Computer Name: HOMELAPTOP-PC | User Name: Home Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2257002012-2512448184-3150513115-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{70C29540-5625-443D-BC4F-6D0C763F44C8}" = VMware View Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}" = Driver 1.3
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}" = DSG OSD 1.01
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8292F88E-2DB7-456B-A8F1-9079B7432A1E}" = DVD Architect Studio 5.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4ADDB2A-EE3C-41A7-88DF-99333DAE18E3}" = Browser Guard v3.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ares" = Ares 2.1.7
"CaddieSync Express" = CaddieSync Express 1.0.1
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)
"MP3 Rocket" = MP3 Rocket
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SkyCaddieDesktop" = SkyCaddie Desktop
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2257002012-2512448184-3150513115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0743ecfd88b016b6" = OnlineAVL 2
"CopyTrans Suite" = CopyTrans Suite Remove Only

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/09/2011 16:07:24 | Computer Name = HomeLaptop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RosettaStoneVersion3.exe, version: 1.0.0.1,
time stamp: 0x465c3e1d Faulting module name: LicencingDLL_libFNP.dll, version: 11.4.10.1,
time stamp: 0x452e3a65 Exception code: 0xc0000005 Fault offset: 0x00001533 Faulting
process id: 0x111c Faulting application start time: 0x01cc7899df6e265e Faulting application
path: C:\Program Files (x86)\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe
Faulting
module path: C:\Program Files (x86)\Rosetta Stone\Rosetta Stone V3\LicencingDLL_libFNP.dll
Report
Id: 51ce4744-e48d-11e0-957f-80ee730e48ee

Error - 21/09/2011 17:37:42 | Computer Name = HomeLaptop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RosettaStoneVersion3.exe, version: 1.0.0.1,
time stamp: 0x465c3e1d Faulting module name: LicencingDLL_libFNP.dll, version: 11.4.10.1,
time stamp: 0x452e3a65 Exception code: 0xc0000005 Fault offset: 0x00001533 Faulting
process id: 0x890 Faulting application start time: 0x01cc78a6287bc94d Faulting application
path: C:\Program Files (x86)\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe
Faulting
module path: C:\Program Files (x86)\Rosetta Stone\Rosetta Stone V3\LicencingDLL_libFNP.dll
Report
Id: eeedaf24-e499-11e0-957f-80ee730e48ee

Error - 21/09/2011 17:42:27 | Computer Name = HomeLaptop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RosettaStoneVersion3.exe, version: 1.0.0.1,
time stamp: 0x465c3e1d Faulting module name: LicencingDLL_libFNP.dll, version: 11.4.10.1,
time stamp: 0x452e3a65 Exception code: 0xc0000005 Fault offset: 0x00001533 Faulting
process id: 0x1238 Faulting application start time: 0x01cc78a6eb91e9b3 Faulting application
path: C:\Program Files (x86)\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe
Faulting
module path: C:\Program Files (x86)\Rosetta Stone\Rosetta Stone V3\LicencingDLL_libFNP.dll
Report
Id: 9907e042-e49a-11e0-957f-80ee730e48ee

Error - 21/09/2011 17:53:06 | Computer Name = HomeLaptop-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RosettaStoneVersion3.exe, version: 1.0.0.1,
time stamp: 0x465c3e1d Faulting module name: LicencingDLL_libFNP.dll, version: 11.4.10.1,
time stamp: 0x452e3a65 Exception code: 0xc0000005 Fault offset: 0x00001533 Faulting
process id: 0x8ac Faulting application start time: 0x01cc78a77783c8b6 Faulting application
path: C:\Program Files (x86)\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe
Faulting
module path: C:\Program Files (x86)\Rosetta Stone\Rosetta Stone V3\LicencingDLL_libFNP.dll
Report
Id: 162ce695-e49c-11e0-957f-80ee730e48ee

Error - 22/09/2011 16:13:10 | Computer Name = HomeLaptop-PC | Source = Bonjour Service | ID = 100
Description = 468: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 22/09/2011 16:13:10 | Computer Name = HomeLaptop-PC | Source = Bonjour Service | ID = 100
Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 22/09/2011 16:13:10 | Computer Name = HomeLaptop-PC | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 22/09/2011 16:13:10 | Computer Name = HomeLaptop-PC | Source = Bonjour Service | ID = 100
Description = 580: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 22/09/2011 16:13:10 | Computer Name = HomeLaptop-PC | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 23/09/2011 16:04:37 | Computer Name = HomeLaptop-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

[ System Events ]
Error - 04/09/2011 05:57:10 | Computer Name = HomeLaptop-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 05/09/2011 02:16:47 | Computer Name = HomeLaptop-PC | Source = DCOM | ID = 10005
Description =

Error - 05/09/2011 02:16:47 | Computer Name = HomeLaptop-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 05/09/2011 02:16:47 | Computer Name = HomeLaptop-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 05/09/2011 02:16:47 | Computer Name = HomeLaptop-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 05/09/2011 02:16:47 | Computer Name = HomeLaptop-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 06/09/2011 15:23:10 | Computer Name = HomeLaptop-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 06/09/2011 15:23:19 | Computer Name = HomeLaptop-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR4, has a bad block.

Error - 11/09/2011 04:40:17 | Computer Name = HomeLaptop-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:54:20 on ?10/?09/?2011 was unexpected.

Error - 11/09/2011 14:54:31 | Computer Name = HomeLaptop-PC | Source = DCOM | ID = 10010
Description =


< End of report >

=============================================================================================================================================

My laptop is connected to the internet via a gateway from Virginmedia, so not sure if this is the same as a router.

I have restarted the laptop immediately following sending this reply, and will not be using it to run any programs or to access the internet until I receive a reply to my posts.

Thanks in advance.

S

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 29 September 2011 - 05:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420261 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 29 September 2011 - 10:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

You can ignore HelpBot's request for more logs.

Now that you have run everything you have found on other topics (you should not be running Combofix without supervision!) how is the machine now?
Posted Image
m0le is a proud member of UNITE

#5 stelev

stelev
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 01 October 2011 - 11:11 AM

I am still not running properly.

When I try to use payment site or search engines I still have issues such as DNS not recognising the site or search engines redirecting me.

I´m not able to use lap`top at home fornext couple of days due to work but will follow any advice on my return.

Thanks for you help

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 01 October 2011 - 05:56 PM

Please rerun Combofix and post the log. Let's see whether NPF has been removed previously.

Please let me know which browser(s) you use too. Thanks
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 03 October 2011 - 08:33 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 04 October 2011 - 07:37 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 11 October 2011 - 07:25 PM

Reopened at user's request

-----------------------------------------

Please run Combofix :)
Posted Image
m0le is a proud member of UNITE

#10 stelev

stelev
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 12 October 2011 - 11:36 AM

Hi

I have run combofix, will not run anything else for now.

Here is the log


ComboFix 11-10-12.01 - Home Laptop 12/10/2011 17:08:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.1770 [GMT 1:00]
Running from: c:\users\Home Laptop\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
FW: Trend Micro Firewall Booster *Enabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 16:25 . 2011-10-12 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-28 20:49 . 2011-09-28 20:49 -------- d-----w- c:\program files (x86)\WinPcap
2011-09-24 10:07 . 2011-09-24 10:12 -------- d-----w- c:\users\Home Laptop\AppData\Local\Browser Guard
2011-09-24 10:06 . 2011-09-24 10:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-24 10:06 . 2011-09-24 10:06 388096 ----a-r- c:\users\Home Laptop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-22 21:44 . 2011-09-22 21:44 -------- d-----w- c:\program files\CCleaner
2011-09-22 21:38 . 2011-09-22 21:38 -------- d-----w- c:\users\Home Laptop\AppData\Roaming\Malwarebytes
2011-09-22 21:38 . 2011-09-22 21:38 -------- d-----w- c:\programdata\Malwarebytes
2011-09-22 21:38 . 2011-09-22 21:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-22 21:38 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-20 21:23 . 2011-09-27 16:53 -------- d-----w- c:\programdata\Rosetta Stone
2011-09-20 21:23 . 2011-09-20 21:23 -------- d-----w- c:\program files (x86)\Rosetta Stone
2011-09-20 20:16 . 2009-02-24 17:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-09-19 13:39 . 2011-09-19 13:39 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-09-17 12:50 . 2011-09-17 12:50 -------- d-----w- c:\program files\7-Zip
2011-09-13 18:48 . 2011-09-13 18:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-28 14:26 . 2011-08-28 14:26 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-07-22 05:42 . 2011-08-11 20:00 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 20:00 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 20:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 20:00 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 20:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 20:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-11 18:27 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-11 18:27 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-11 18:27 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-11 18:27 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-11 18:27 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-11 18:27 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-11 18:27 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-11 18:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-11 18:27 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-11 18:27 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-11 18:27 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 18:27 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-11 18:27 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-11 18:27 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 18:27 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 18:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 18:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-25_10.47.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-20 18:19 . 2009-10-20 18:19 53299 c:\windows\SysWOW64\pthreadVC.dll
+ 2009-10-20 18:20 . 2009-10-20 18:20 96784 c:\windows\SysWOW64\Packet.dll
+ 2011-10-12 10:37 . 2011-10-12 10:37 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-09-25 10:16 . 2011-09-25 10:16 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-09-27 17:32 . 2011-09-27 17:32 49408 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-08-03 07:55 . 2011-10-12 15:59 41486 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-12 15:59 52182 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-27 20:46 . 2011-10-12 15:59 13208 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2257002012-2512448184-3150513115-1000_UserData.bin
+ 2009-10-20 18:19 . 2009-10-20 18:19 47632 c:\windows\system32\drivers\npf.sys
+ 2011-01-27 14:57 . 2011-09-28 23:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-27 14:57 . 2011-09-24 13:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-27 14:57 . 2011-09-24 13:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-27 14:57 . 2011-09-28 23:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-28 23:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-24 13:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-27 21:27 . 2011-09-27 21:27 25088 c:\windows\Installer\265883.msi
- 2011-09-25 10:16 . 2011-09-25 10:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-12 15:57 . 2011-10-12 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-12 15:57 . 2011-10-12 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-25 10:16 . 2011-09-25 10:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-20 18:19 . 2009-10-20 18:19 281104 c:\windows\SysWOW64\wpcap.dll
+ 2009-10-20 18:19 . 2009-10-20 18:19 369168 c:\windows\system32\wpcap.dll
- 2009-07-14 02:36 . 2011-09-21 20:51 676856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-29 21:10 676856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-29 21:10 129642 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-09-21 20:51 129642 c:\windows\system32\perfc009.dat
+ 2009-10-20 18:20 . 2009-10-20 18:20 105488 c:\windows\system32\Packet.dll
+ 2011-10-11 06:39 . 2011-10-11 06:39 336872 c:\windows\system32\FNTCACHE.DAT
- 2011-09-24 09:17 . 2011-09-24 09:17 336872 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:01 . 2011-10-12 10:37 297460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-09-25 10:16 297460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-28 13:29 . 2011-10-11 07:06 910408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2257002012-2512448184-3150513115-1000-12288.dat
- 2011-08-28 13:29 . 2011-09-24 15:53 910408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2257002012-2512448184-3150513115-1000-12288.dat
+ 2011-04-10 20:08 . 2011-10-12 10:37 8495200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2257002012-2512448184-3150513115-1000-8192.dat
+ 2011-02-06 14:38 . 2011-09-28 20:25 49062856 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"CaddieSyncConduit"="c:\program files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe" [2011-04-27 2364792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Trend Micro Browser Guard"="c:\program files (x86)\Trend Micro\Browser Guard\BGUI.EXE" [2011-02-25 787984]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
c:\users\Home Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OSD.lnk - c:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe [2010-9-8 4286]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
R3 SkyhawkeUSBLan;SkyhawkeUSBLan;c:\windows\system32\DRIVERS\btblan.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SoilIO;SoilIO; [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [x]
S2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2011-02-18 494192]
S2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2011-02-18 1120368]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 soilkbc;soilkbc; [x]
S3 SoilMC;SoilMC; [x]
S3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\Drivers\vmwvusb.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 13:06]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 13:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-06 487424]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{937D7775-047B-448E-9AFB-22FEE4FEE18C}: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\users\Home Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\0emcf1wk.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2257002012-2512448184-3150513115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2257002012-2512448184-3150513115-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-12 17:29:53
ComboFix-quarantined-files.txt 2011-10-12 16:29
ComboFix2.txt 2011-09-25 10:51
.
Pre-Run: 229,485,273,088 bytes free
Post-Run: 229,438,500,864 bytes free
.
- - End Of File - - 1AA368C902F7EEDA758C50FBA68AC495



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 12 October 2011 - 04:38 PM

That log looks fine. Please scan online with ESET next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#12 stelev

stelev
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 13 October 2011 - 03:54 PM

At the end of the scan there were scan results, showing how many files scanned etc. It stated that there were
Scanned files: 268621
Infected files: 0
Cleaned files: 0
Total scan time: 4 hours 17, minutes, 19 seconds
Scan status: Finished

Please let me know what to do the same issues are still in place, also I can no longer purchase anything through securesuite.co.uk

Cheers for the help so far. Much appreciated.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:05 PM

Posted 13 October 2011 - 08:39 PM

also I can no longer purchase anything through securesuite.co.uk


What happens when you attempt to?

Please run aswMBR so we can look for rootkits now

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#14 stelev

stelev
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 14 October 2011 - 01:40 PM

When I try to use the securesuite for purchases it says that it is not recognised by the DNS server.

When the aswMBR scan is complete do I click FIXMBR or just save log and post?

Thanks

#15 stelev

stelev
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 14 October 2011 - 01:51 PM

Here is the log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-14 19:36:35
-----------------------------
19:36:35.446 OS Version: Windows x64 6.1.7601 Service Pack 1
19:36:35.446 Number of processors: 2 586 0x170A
19:36:35.446 ComputerName: HOMELAPTOP-PC UserName: Home Laptop
19:36:37.366 Initialize success
19:37:31.541 AVAST engine defs: 11101400
19:37:45.924 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:37:45.924 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
19:37:45.955 Disk 0 MBR read successfully
19:37:45.955 Disk 0 MBR scan
19:37:45.971 Disk 0 Windows 7 default MBR code
19:37:45.971 Service scanning
19:37:52.601 Modules scanning
19:37:52.601 Disk 0 trace - called modules:
19:37:52.679 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:37:52.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005142790]
19:37:52.679 3 CLASSPNP.SYS[fffff88001bd143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002417050]
19:37:54.301 AVAST engine scan C:\Windows
19:38:00.039 AVAST engine scan C:\Windows\system32
19:41:48.237 AVAST engine scan C:\Windows\system32\drivers
19:42:07.146 AVAST engine scan C:\Users\Home Laptop
19:50:30.320 Disk 0 MBR has been saved successfully to "C:\Users\Home Laptop\Documents\MBR.dat"
19:50:30.320 The log file has been saved successfully to "C:\Users\Home Laptop\Documents\aswMBR.txt"






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users