Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Rootkit - Google Redirects etc


  • This topic is locked This topic is locked
15 replies to this topic

#1 Amie L

Amie L

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 15 October 2011 - 03:21 PM

Hi Everyone,

I hope someone may be able to assist me. My PC is infected with what I believe is a rootkit virus. Google redirects, I get the blue screen of death etc.

Please see my DDS log below, and I have attached the other 'attach' and 'ark' file.

Your help is much appreciated. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_22
Run by Astrantia at 19:53:48 on 2011-10-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.307 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\winsett.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\fsc-reg\fscreg.exe
C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe
C:\Windows\System32\winsett.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [fsc-reg] c:\programdata\fsc-reg\fscreg.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs5.1\Bridge.exe" -stealth
uRun: [System Cleanup] c:\windows\system32\winsett.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LMgrVolOSD] c:\program files\launch manager\OSD.exe
mRun: [LMgrOSD] c:\program files\launch manager\OSDCtrl.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [CtrlVol] c:\program files\launch manager\CtrlVol.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe
mRun: [System Cleanup] c:\windows\system32\winsett.exe
mRun: [MqmPPd] c:\windows\temp\i34lzh.exe
mRun: [HotkeyApp] c:\program files\launch manager\HotkeyApp.exe
mRun: [LaunchAp] c:\program files\launch manager\LaunchAp.exe
dRun: [NtWqIVLZEWZU] c:\windows\temp\Fl2.exe
dRun: [System Cleanup] c:\windows\system32\winsett.exe
dRun: [MqmPPd] c:\windows\temp\i34lzh.exe
StartupFolder: c:\users\astran~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\astran~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D1C76507-27D6-416B-A818-4AEB658EC76E} : DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: c:\windows\system32\kp8tv09.dll: {a8a152c2-a501-90bd-b821-04b53a2c8952} - c:\windows\system32\kp8tv09.dll
mASetup: ccc-core-static - msiexec /fums {019749A1-F9BC-476C-2614-58D9ED0A6F40} /qb
Hosts: 95.64.61.143 www.google.com
Hosts: 95.64.61.144 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\astrantia\appdata\roaming\mozilla\firefox\profiles\36h43r1i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e43f6cc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-GB&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
.
=============== Created Last 30 ================
.
2011-10-14 10:12:19 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-14 10:12:19 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-14 10:12:19 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-14 10:12:18 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-14 10:12:08 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-14 10:03:15 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-10-14 10:03:07 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 10:03:06 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 10:03:06 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-14 10:03:06 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-08 15:34:44 100000 ---h--w- c:\windows\system32\winsett.exe
2011-10-08 14:49:07 -------- d-sh--w- C:\found.000
2011-10-08 00:22:08 -------- d-----w- c:\users\astrantia\appdata\roaming\Xilom
2011-10-08 00:22:08 -------- d-----w- c:\users\astrantia\appdata\roaming\Kewuxy
2011-10-07 23:31:27 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2011-09-27 17:34:47 -------- d-----w- c:\users\astrantia\appdata\local\AVG Security Toolbar
2011-09-27 17:22:26 -------- d-----w- c:\programdata\AVG Security Toolbar(211)
.
==================== Find3M ====================
.
2011-09-08 22:01:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 13:56:08 160945 ----a-w- c:\programdata\SPLABBC.tmp
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:02:34.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:41 PM

Posted 15 October 2011 - 03:57 PM

Hello Amie L ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



IMPORTANT NOTE: One or more of the identified infections is related to the rootkit TDL4. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:





Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Open Erunt.exe. Follow the prompts leaving the values at default.

Note: to restore your registry, go to the folder and start ERDNT.exe





Please read carefully and follow these steps.


Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application.
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Regards,
Georgi

cXfZ4wS.png


#3 Amie L

Amie L
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 15 October 2011 - 04:59 PM

Thank you for your quick reply, Georgi.

TDSSKiller log:

22:44:33.0644 6592 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
22:44:35.0652 6592 ============================================================
22:44:35.0652 6592 Current date / time: 2011/10/15 22:44:35.0652
22:44:35.0653 6592 SystemInfo:
22:44:35.0653 6592
22:44:35.0653 6592 OS Version: 6.0.6002 ServicePack: 2.0
22:44:35.0653 6592 Product type: Workstation
22:44:35.0653 6592 ComputerName: ASTRANTIA-PC
22:44:35.0654 6592 UserName: Astrantia
22:44:35.0654 6592 Windows directory: C:\Windows
22:44:35.0654 6592 System windows directory: C:\Windows
22:44:35.0654 6592 Processor architecture: Intel x86
22:44:35.0654 6592 Number of processors: 2
22:44:35.0654 6592 Page size: 0x1000
22:44:35.0654 6592 Boot type: Normal boot
22:44:35.0654 6592 ============================================================
22:44:47.0305 6592 Initialize success
22:45:03.0737 6852 ============================================================
22:45:03.0738 6852 Scan started
22:45:03.0738 6852 Mode: Manual;
22:45:03.0738 6852 ============================================================
22:45:07.0687 6852 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:45:07.0709 6852 ACPI - ok
22:45:07.0833 6852 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:45:07.0923 6852 adp94xx - ok
22:45:08.0056 6852 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:45:08.0124 6852 adpahci - ok
22:45:08.0187 6852 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:45:08.0195 6852 adpu160m - ok
22:45:08.0278 6852 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:45:08.0305 6852 adpu320 - ok
22:45:08.0494 6852 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:45:08.0583 6852 AFD - ok
22:45:08.0689 6852 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:45:08.0697 6852 agp440 - ok
22:45:08.0762 6852 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:45:08.0804 6852 aic78xx - ok
22:45:08.0935 6852 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:45:08.0962 6852 aliide - ok
22:45:09.0048 6852 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:45:09.0055 6852 amdagp - ok
22:45:09.0131 6852 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:45:09.0138 6852 amdide - ok
22:45:09.0187 6852 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:45:09.0281 6852 AmdK7 - ok
22:45:09.0420 6852 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:45:09.0600 6852 AmdK8 - ok
22:45:09.0727 6852 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:45:09.0737 6852 arc - ok
22:45:09.0890 6852 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:45:09.0900 6852 arcsas - ok
22:45:10.0054 6852 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:45:10.0130 6852 AsyncMac - ok
22:45:10.0205 6852 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:45:10.0208 6852 atapi - ok
22:45:10.0466 6852 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
22:45:10.0656 6852 athr - ok
22:45:11.0079 6852 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
22:45:11.0124 6852 Avgfwfd - ok
22:45:11.0230 6852 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:45:11.0240 6852 AVGIDSDriver - ok
22:45:11.0298 6852 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:45:11.0311 6852 AVGIDSEH - ok
22:45:11.0350 6852 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:45:11.0357 6852 AVGIDSFilter - ok
22:45:11.0485 6852 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
22:45:11.0552 6852 AVGIDSShim - ok
22:45:11.0680 6852 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
22:45:11.0727 6852 Avgldx86 - ok
22:45:11.0763 6852 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:45:11.0780 6852 Avgmfx86 - ok
22:45:11.0828 6852 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:45:11.0837 6852 Avgrkx86 - ok
22:45:11.0881 6852 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
22:45:11.0915 6852 Avgtdix - ok
22:45:12.0107 6852 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:45:12.0113 6852 Beep - ok
22:45:12.0208 6852 blbdrive - ok
22:45:12.0342 6852 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:45:12.0399 6852 bowser - ok
22:45:12.0521 6852 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:45:12.0578 6852 BrFiltLo - ok
22:45:12.0648 6852 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:45:12.0673 6852 BrFiltUp - ok
22:45:12.0778 6852 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:45:12.0820 6852 Brserid - ok
22:45:12.0952 6852 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:45:13.0018 6852 BrSerWdm - ok
22:45:13.0098 6852 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:45:13.0105 6852 BrUsbMdm - ok
22:45:13.0168 6852 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:45:13.0225 6852 BrUsbSer - ok
22:45:13.0385 6852 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:45:13.0422 6852 BTHMODEM - ok
22:45:13.0533 6852 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:45:13.0542 6852 cdfs - ok
22:45:13.0616 6852 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:45:13.0654 6852 cdrom - ok
22:45:13.0736 6852 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:45:13.0744 6852 circlass - ok
22:45:13.0886 6852 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:45:13.0899 6852 CLFS - ok
22:45:14.0027 6852 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:45:14.0118 6852 CmBatt - ok
22:45:14.0208 6852 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:45:14.0216 6852 cmdide - ok
22:45:14.0455 6852 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:45:14.0556 6852 Compbatt - ok
22:45:14.0799 6852 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:45:14.0822 6852 crcdisk - ok
22:45:14.0901 6852 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:45:14.0946 6852 Crusoe - ok
22:45:15.0053 6852 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:45:15.0059 6852 DfsC - ok
22:45:15.0241 6852 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:45:15.0248 6852 disk - ok
22:45:15.0417 6852 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:45:15.0484 6852 drmkaud - ok
22:45:15.0599 6852 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:45:15.0677 6852 DXGKrnl - ok
22:45:15.0840 6852 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:45:15.0852 6852 E1G60 - ok
22:45:16.0038 6852 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:45:16.0049 6852 Ecache - ok
22:45:16.0188 6852 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:45:16.0224 6852 elxstor - ok
22:45:16.0463 6852 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:45:16.0518 6852 exfat - ok
22:45:16.0616 6852 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:45:16.0628 6852 fastfat - ok
22:45:16.0761 6852 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:45:16.0826 6852 fdc - ok
22:45:17.0072 6852 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:45:17.0089 6852 FileInfo - ok
22:45:17.0143 6852 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:45:17.0182 6852 Filetrace - ok
22:45:17.0255 6852 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:45:17.0419 6852 flpydisk - ok
22:45:17.0585 6852 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:45:17.0602 6852 FltMgr - ok
22:45:17.0745 6852 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:45:17.0774 6852 Fs_Rec - ok
22:45:17.0859 6852 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:45:17.0886 6852 gagp30kx - ok
22:45:18.0044 6852 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:45:18.0137 6852 HdAudAddService - ok
22:45:18.0242 6852 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:45:18.0346 6852 HDAudBus - ok
22:45:18.0484 6852 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:45:18.0492 6852 HidBth - ok
22:45:18.0538 6852 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:45:18.0574 6852 HidIr - ok
22:45:18.0665 6852 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:45:18.0754 6852 HidUsb - ok
22:45:18.0969 6852 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
22:45:19.0171 6852 Hotkey - ok
22:45:19.0241 6852 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:45:19.0255 6852 HpCISSs - ok
22:45:19.0457 6852 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
22:45:19.0512 6852 HTCAND32 - ok
22:45:19.0655 6852 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:45:19.0734 6852 HTTP - ok
22:45:20.0115 6852 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:45:20.0153 6852 i2omp - ok
22:45:20.0284 6852 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:45:20.0336 6852 i8042prt - ok
22:45:20.0549 6852 iaStor (294110966cedd127629c5be48367c8cf) C:\Windows\system32\drivers\iastor.sys
22:45:20.0600 6852 iaStor - ok
22:45:20.0683 6852 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:45:20.0700 6852 iaStorV - ok
22:45:20.0838 6852 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:45:20.0858 6852 iirsp - ok
22:45:21.0092 6852 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
22:45:21.0224 6852 IntcAzAudAddService - ok
22:45:21.0319 6852 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
22:45:21.0388 6852 intelide - ok
22:45:21.0528 6852 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:45:21.0588 6852 intelppm - ok
22:45:21.0760 6852 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:45:21.0801 6852 IpFilterDriver - ok
22:45:21.0885 6852 IpInIp - ok
22:45:21.0975 6852 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:45:22.0016 6852 IPMIDRV - ok
22:45:22.0075 6852 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:45:22.0085 6852 IPNAT - ok
22:45:22.0224 6852 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:45:22.0230 6852 IRENUM - ok
22:45:22.0283 6852 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:45:22.0301 6852 isapnp - ok
22:45:22.0375 6852 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:45:22.0451 6852 iScsiPrt - ok
22:45:22.0607 6852 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:45:22.0626 6852 iteatapi - ok
22:45:22.0806 6852 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:45:22.0816 6852 iteraid - ok
22:45:22.0927 6852 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:45:22.0936 6852 kbdclass - ok
22:45:22.0979 6852 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
22:45:22.0987 6852 kbdhid - ok
22:45:23.0088 6852 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:45:23.0132 6852 KSecDD - ok
22:45:23.0446 6852 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:45:23.0475 6852 lltdio - ok
22:45:23.0590 6852 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:45:23.0597 6852 LSI_FC - ok
22:45:23.0656 6852 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:45:23.0674 6852 LSI_SAS - ok
22:45:23.0868 6852 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:45:23.0876 6852 LSI_SCSI - ok
22:45:24.0080 6852 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:45:24.0094 6852 luafv - ok
22:45:24.0232 6852 mailKmd - ok
22:45:24.0423 6852 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:45:24.0430 6852 megasas - ok
22:45:24.0492 6852 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:45:24.0546 6852 Modem - ok
22:45:24.0764 6852 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:45:24.0844 6852 monitor - ok
22:45:24.0972 6852 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:45:25.0169 6852 mouclass - ok
22:45:25.0615 6852 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
22:45:25.0658 6852 mouhid - ok
22:45:25.0781 6852 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:45:25.0791 6852 MountMgr - ok
22:45:25.0925 6852 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:45:25.0934 6852 mpio - ok
22:45:25.0991 6852 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:45:26.0039 6852 mpsdrv - ok
22:45:26.0282 6852 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:45:26.0302 6852 Mraid35x - ok
22:45:26.0400 6852 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:45:26.0441 6852 MRxDAV - ok
22:45:26.0528 6852 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:45:26.0572 6852 mrxsmb - ok
22:45:26.0699 6852 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:45:26.0740 6852 mrxsmb10 - ok
22:45:26.0794 6852 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:45:26.0838 6852 mrxsmb20 - ok
22:45:26.0930 6852 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:45:26.0936 6852 msahci - ok
22:45:27.0006 6852 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:45:27.0014 6852 msdsm - ok
22:45:27.0140 6852 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:45:27.0172 6852 Msfs - ok
22:45:27.0284 6852 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:45:27.0302 6852 msisadrv - ok
22:45:27.0441 6852 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:45:27.0507 6852 MSKSSRV - ok
22:45:27.0716 6852 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:45:27.0824 6852 MSPCLOCK - ok
22:45:28.0034 6852 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:45:28.0042 6852 MSPQM - ok
22:45:28.0158 6852 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:45:28.0180 6852 MsRPC - ok
22:45:28.0244 6852 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:45:28.0251 6852 mssmbios - ok
22:45:28.0343 6852 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:45:28.0381 6852 MSTEE - ok
22:45:28.0430 6852 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:45:28.0438 6852 Mup - ok
22:45:28.0558 6852 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:45:28.0598 6852 NativeWifiP - ok
22:45:28.0734 6852 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:45:28.0769 6852 NDIS - ok
22:45:28.0908 6852 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:45:28.0947 6852 NdisTapi - ok
22:45:29.0075 6852 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:45:29.0109 6852 Ndisuio - ok
22:45:29.0200 6852 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:45:29.0233 6852 NdisWan - ok
22:45:29.0366 6852 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:45:29.0375 6852 NDProxy - ok
22:45:29.0467 6852 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:45:29.0497 6852 NetBIOS - ok
22:45:29.0577 6852 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:45:29.0644 6852 netbt - ok
22:45:29.0830 6852 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:45:29.0837 6852 nfrd960 - ok
22:45:29.0985 6852 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:45:30.0030 6852 Npfs - ok
22:45:30.0173 6852 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:45:30.0240 6852 nsiproxy - ok
22:45:30.0439 6852 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:45:30.0496 6852 Ntfs - ok
22:45:30.0603 6852 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:45:30.0695 6852 ntrigdigi - ok
22:45:30.0776 6852 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:45:30.0788 6852 Null - ok
22:45:30.0891 6852 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
22:45:30.0945 6852 nvatabus - ok
22:45:31.0038 6852 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
22:45:31.0083 6852 nvraid - ok
22:45:31.0212 6852 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:45:31.0218 6852 nvstor - ok
22:45:31.0296 6852 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:45:31.0338 6852 nv_agp - ok
22:45:31.0437 6852 NwlnkFlt - ok
22:45:31.0487 6852 NwlnkFwd - ok
22:45:31.0614 6852 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:45:31.0644 6852 ohci1394 - ok
22:45:31.0743 6852 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:45:31.0756 6852 Parport - ok
22:45:31.0925 6852 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:45:31.0932 6852 partmgr - ok
22:45:32.0105 6852 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:45:32.0145 6852 Parvdm - ok
22:45:32.0274 6852 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:45:32.0284 6852 pci - ok
22:45:32.0441 6852 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:45:32.0447 6852 pciide - ok
22:45:32.0617 6852 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:45:32.0644 6852 pcmcia - ok
22:45:32.0840 6852 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:45:32.0992 6852 PEAUTH - ok
22:45:33.0257 6852 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:45:33.0352 6852 PptpMiniport - ok
22:45:33.0450 6852 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:45:33.0489 6852 Processor - ok
22:45:33.0687 6852 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:45:33.0692 6852 PSched - ok
22:45:33.0804 6852 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:45:33.0849 6852 ql2300 - ok
22:45:33.0941 6852 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:45:33.0953 6852 ql40xx - ok
22:45:34.0104 6852 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:45:34.0110 6852 QWAVEdrv - ok
22:45:34.0316 6852 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys
22:45:34.0503 6852 R300 - ok
22:45:34.0571 6852 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:45:34.0577 6852 RasAcd - ok
22:45:34.0728 6852 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:45:34.0778 6852 Rasl2tp - ok
22:45:34.0884 6852 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:45:34.0914 6852 RasPppoe - ok
22:45:34.0988 6852 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:45:35.0028 6852 RasSstp - ok
22:45:35.0177 6852 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:45:35.0192 6852 rdbss - ok
22:45:35.0272 6852 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:45:35.0280 6852 RDPCDD - ok
22:45:35.0381 6852 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
22:45:35.0395 6852 rdpdr - ok
22:45:35.0449 6852 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:45:35.0469 6852 RDPENCDD - ok
22:45:35.0564 6852 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:45:35.0596 6852 RDPWD - ok
22:45:36.0032 6852 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:45:36.0142 6852 rspndr - ok
22:45:36.0225 6852 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
22:45:36.0315 6852 RTL8023xp - ok
22:45:36.0497 6852 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:45:36.0506 6852 sbp2port - ok
22:45:36.0574 6852 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:45:36.0608 6852 secdrv - ok
22:45:36.0683 6852 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:45:36.0691 6852 Serenum - ok
22:45:36.0738 6852 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:45:36.0772 6852 Serial - ok
22:45:36.0876 6852 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:45:36.0904 6852 sermouse - ok
22:45:37.0050 6852 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:45:37.0064 6852 sffdisk - ok
22:45:37.0131 6852 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:45:37.0160 6852 sffp_mmc - ok
22:45:37.0261 6852 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:45:37.0268 6852 sffp_sd - ok
22:45:37.0355 6852 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:45:37.0362 6852 sfloppy - ok
22:45:37.0465 6852 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:45:37.0488 6852 sisagp - ok
22:45:37.0576 6852 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
22:45:37.0628 6852 SiSRaid2 - ok
22:45:37.0739 6852 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:45:37.0749 6852 SiSRaid4 - ok
22:45:37.0906 6852 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:45:37.0916 6852 Smb - ok
22:45:38.0083 6852 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
22:45:38.0299 6852 smserial - ok
22:45:38.0427 6852 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:45:38.0434 6852 spldr - ok
22:45:38.0542 6852 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:45:38.0589 6852 srv - ok
22:45:38.0726 6852 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:45:38.0781 6852 srv2 - ok
22:45:38.0870 6852 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:45:38.0901 6852 srvnet - ok
22:45:39.0111 6852 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:45:39.0119 6852 swenum - ok
22:45:39.0241 6852 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:45:39.0248 6852 Symc8xx - ok
22:45:39.0367 6852 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:45:39.0393 6852 Sym_hi - ok
22:45:39.0503 6852 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:45:39.0511 6852 Sym_u3 - ok
22:45:39.0751 6852 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
22:45:39.0806 6852 Tcpip - ok
22:45:39.0945 6852 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
22:45:39.0964 6852 Tcpip6 - ok
22:45:40.0092 6852 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:45:40.0122 6852 tcpipreg - ok
22:45:40.0216 6852 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:45:40.0224 6852 TDPIPE - ok
22:45:40.0334 6852 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:45:40.0365 6852 TDTCP - ok
22:45:40.0478 6852 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:45:40.0487 6852 tdx - ok
22:45:40.0574 6852 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:45:40.0581 6852 TermDD - ok
22:45:40.0782 6852 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:45:40.0842 6852 tssecsrv - ok
22:45:40.0954 6852 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:45:40.0964 6852 tunmp - ok
22:45:41.0017 6852 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:45:41.0051 6852 tunnel - ok
22:45:41.0256 6852 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:45:41.0266 6852 uagp35 - ok
22:45:41.0376 6852 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:45:41.0404 6852 udfs - ok
22:45:41.0502 6852 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:45:41.0511 6852 uliagpkx - ok
22:45:41.0573 6852 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:45:41.0591 6852 uliahci - ok
22:45:41.0754 6852 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:45:41.0771 6852 UlSata - ok
22:45:41.0911 6852 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:45:41.0920 6852 ulsata2 - ok
22:45:42.0034 6852 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:45:42.0071 6852 umbus - ok
22:45:42.0254 6852 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:45:42.0263 6852 usbaudio - ok
22:45:42.0372 6852 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:45:42.0401 6852 usbccgp - ok
22:45:42.0554 6852 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:45:42.0643 6852 usbcir - ok
22:45:42.0877 6852 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:45:42.0914 6852 usbehci - ok
22:45:43.0014 6852 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:45:43.0072 6852 usbhub - ok
22:45:43.0123 6852 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:45:43.0136 6852 usbohci - ok
22:45:43.0209 6852 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:45:43.0235 6852 usbprint - ok
22:45:43.0452 6852 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:45:43.0487 6852 usbscan - ok
22:45:43.0573 6852 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:45:43.0584 6852 USBSTOR - ok
22:45:43.0652 6852 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
22:45:43.0692 6852 usbuhci - ok
22:45:43.0874 6852 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
22:45:43.0905 6852 usb_rndisx - ok
22:45:44.0089 6852 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:45:44.0113 6852 vga - ok
22:45:44.0181 6852 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:45:44.0188 6852 VgaSave - ok
22:45:44.0256 6852 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:45:44.0264 6852 viaagp - ok
22:45:44.0347 6852 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:45:44.0355 6852 ViaC7 - ok
22:45:44.0396 6852 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:45:44.0423 6852 viaide - ok
22:45:44.0527 6852 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
22:45:44.0538 6852 viamraid - ok
22:45:44.0628 6852 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:45:44.0635 6852 volmgr - ok
22:45:44.0692 6852 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:45:44.0715 6852 volmgrx - ok
22:45:44.0794 6852 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:45:44.0806 6852 volsnap - ok
22:45:44.0884 6852 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:45:44.0895 6852 vsmraid - ok
22:45:45.0059 6852 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:45:45.0068 6852 WacomPen - ok
22:45:45.0148 6852 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:45.0157 6852 Wanarp - ok
22:45:45.0181 6852 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:45:45.0186 6852 Wanarpv6 - ok
22:45:45.0266 6852 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:45:45.0281 6852 Wd - ok
22:45:45.0444 6852 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:45:45.0479 6852 Wdf01000 - ok
22:45:45.0785 6852 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:45:45.0820 6852 WmiAcpi - ok
22:45:45.0935 6852 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:45:45.0942 6852 ws2ifsl - ok
22:45:46.0092 6852 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:45:46.0102 6852 WUDFRd - ok
22:45:46.0203 6852 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
22:45:46.0204 6852 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
22:45:46.0205 6852 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
22:45:46.0235 6852 Boot (0x1200) (2feecd7fc0036eada7d934684cddc91b) \Device\Harddisk0\DR0\Partition0
22:45:46.0237 6852 \Device\Harddisk0\DR0\Partition0 - ok
22:45:46.0273 6852 Boot (0x1200) (c65d2b68941b9fd6d59eff24898c6844) \Device\Harddisk0\DR0\Partition1
22:45:46.0275 6852 \Device\Harddisk0\DR0\Partition1 - ok
22:45:46.0277 6852 ============================================================
22:45:46.0277 6852 Scan finished
22:45:46.0277 6852 ============================================================
22:45:46.0323 8916 Detected object count: 1
22:45:46.0323 8916 Actual detected object count: 1
22:46:56.0535 8916 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
22:46:56.0536 8916 \Device\Harddisk0\DR0 - ok
22:46:56.0599 8916 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
22:46:59.0126 5896 Deinitialize success

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:41 PM

Posted 15 October 2011 - 05:04 PM

Hi Amie,



We need to uninstall AVG because it will conflict with our tools.
You can reinstall it at the end of the cleaning process.


Click "start" on the taskbar and then click on the "Control Panel" icon.
click on the Uninstall a program option option under the Programs category.
Posted Image
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "uninstall":

AVG

Additional instructions can be found here if needed.

Next please download AVG Remover and save it to your desktop.

Run it to remove all leftovers from AVG. After this, please restart your computer.


Note: Please leave it uninstalled until the computer is clean as we may have more work to do.
Just make sure you only connect to the net while running combofix or to download tools I request or you could get reinfected.



Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!
  • Double click it & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Notes: Skip the Recovery Console part as you're running Vista. You can use the Windows DVD to boot into the Vista Recovery Environment if something goes awry.
  • Click on Yes, to continue scanning for malware.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.



-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.




Regards,
Georgi

Edited by B-boy/StyLe/, 15 October 2011 - 05:19 PM.

cXfZ4wS.png


#5 Amie L

Amie L
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 15 October 2011 - 06:24 PM

Hi again. Thanks for your reply.

Combo fix log:

ComboFix 11-10-15.04 - Astrantia 16/10/2011 0:03:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.966 [GMT 1:00]
Running from: C:\Users\Astrantia\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\SPLABBC.tmp
C:\servi3e.bin
C:\servi3e.bin\0515FD2D61BDBA0
C:\Users\Astrantia\AppData\Roaming\4A8A.5EB
C:\Users\Astrantia\AppData\Roaming\Adobe\plugs
C:\Users\Astrantia\AppData\Roaming\Adobe\shed


((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))


2011-10-15 23:13:54 . 2011-10-15 23:13:54 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-10-14 10:12:19 . 2011-07-29 16:01:34 293376 ----a-w- C:\Windows\system32\psisdecd.dll
2011-10-14 10:12:19 . 2011-07-29 16:01:33 217088 ----a-w- C:\Windows\system32\psisrndr.ax
2011-10-14 10:12:19 . 2011-07-29 16:00:05 69632 ----a-w- C:\Windows\system32\Mpeg2Data.ax
2011-10-14 10:12:18 . 2011-07-29 16:00:14 57856 ----a-w- C:\Windows\system32\MSDvbNP.ax
2011-10-14 10:12:08 . 2011-09-06 13:30:12 2043392 ----a-w- C:\Windows\system32\win32k.sys
2011-10-14 10:03:15 . 2011-09-14 10:51:10 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-10-14 10:03:07 . 2011-08-25 16:14:01 238080 ----a-w- C:\Windows\system32\oleacc.dll
2011-10-14 10:03:06 . 2011-08-25 16:15:04 555520 ----a-w- C:\Windows\system32\UIAutomationCore.dll
2011-10-14 10:03:06 . 2011-08-25 16:14:01 563712 ----a-w- C:\Windows\system32\oleaut32.dll
2011-10-14 10:03:06 . 2011-08-25 13:31:01 4096 ----a-w- C:\Windows\system32\oleaccrc.dll
2011-10-08 15:34:44 . 2011-10-08 15:34:44 100000 ---h--w- C:\Windows\system32\winsett.exe
2011-10-08 14:49:07 . 2011-10-08 14:49:07 -------- d-----w- C:\found.000
2011-10-08 00:22:08 . 2011-10-12 14:53:58 -------- d-----w- C:\Users\Astrantia\AppData\Roaming\Xilom
2011-10-08 00:22:08 . 2011-10-11 14:03:07 -------- d-----w- C:\Users\Astrantia\AppData\Roaming\Kewuxy
2011-10-07 23:31:27 . 2011-10-07 23:31:27 19416 ----a-w- C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
2011-09-27 17:22:26 . 2011-09-27 17:24:11 -------- d-----w- C:\ProgramData\AVG Security Toolbar(211)
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-09-08 22:01:17 . 2011-06-29 14:24:57 404640 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 23:31:26 . 2011-08-11 20:54:38 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-10 22:28:04 1233920]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 19:35:24 90112]
"fsc-reg"="C:\ProgramData\fsc-reg\fscreg.exe" [2007-06-13 08:34:46 339984]
"AdobeBridge"="C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-02 20:35:24 12008296]
"System Cleanup"="C:\Windows\System32\winsett.exe" [2011-10-08 15:34:44 100000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 10:11:00 4317184]
"LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 18:23:34 180224]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2006-08-29 16:26:32 241664]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-27 03:46:56 153136]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 10:44:46 248552]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2011-07-11 21:47:06 74752]
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 16:42:18 499608]
"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 12:37:14 517096]
"AdobeCS5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 03:57:06 406992]
"Mobile Connectivity Suite"="C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 15:19:48 598016]
"AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 06:08:56 1523360]
"System Cleanup"="C:\Windows\system32\winsett.exe" [2011-10-08 15:34:44 100000]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-12-14 23:53:28 192512]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 20:36:40 32768]
"Malwarebytes' Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 17:08:46 963976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SMkNNTC1TUzdGVy1NT1hGUi1UUlU4Vi0zRU1CUg&inst=NzYtOTQyNzE5MjcyLUZJKzEtVklQKzEtRkwxMCsxLVRVRyszLUZPSSsxLUREVCsxMzg3LUREMTArMS1TVDEwQVBQKzEtRDM4MUwrNi1JMTArMQ&prod=94&ver=10.0.1410" [?]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"System Cleanup"="C:\Windows\system32\winsett.exe" [2011-10-08 15:34:44 100000]

C:\Users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2011-6-28 2278240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R3 HTCAND32;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 15:49:32 24576]
R3 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 12:16:28 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 15:33:04 51040]
S2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe [2007-11-28 14:12:40 589824]
S3 WisLMSvc;WisLMSvc;C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-18 03:45:26 118784]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache


------- Supplementary Scan -------

uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - C:\Users\Astrantia\AppData\Roaming\Mozilla\Firefox\Profiles\36h43r1i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e43f6cc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-GB&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-CtrlVol - C:\Program Files\Launch Manager\CtrlVol.exe
HKLM_ActiveSetup-ccc-core-static - msiexec



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 00:14:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe?????H?-???????-?X3-????v????????????0???<???????|??????vT??v????3 ?v!??v??????-???-?=??u????L???~z v??-???????-?????? A???-?????? A?Z?-?=??u?????????a@?`??????????? ?A???}?????? A???@???-??x@???-?r?-???@???-????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

Completion time: 2011-10-16 00:19:20
ComboFix-quarantined-files.txt 2011-10-15 23:19:16

Pre-Run: 11,407,675,392 bytes free
Post-Run: 15,364,222,976 bytes free

- - End Of File - - 07024B77FCD9133821A73165E4F13D3C

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:41 PM

Posted 15 October 2011 - 06:38 PM

Hi Amie,


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\system32\winsett.exe

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/

Please repeat the above steps for the following files: (if they exist)

c:\windows\system32\kp8tv09.dll
c:\windows\temp\i34lzh.exe
c:\windows\temp\Fl2.exe
c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe



Regards,
Georgi

cXfZ4wS.png


#7 Amie L

Amie L
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 16 October 2011 - 07:33 AM

Hi again,

All other files don't exist.

winsett.exe:

Antivirus Version Last Update Result
AhnLab-V3 2011.10.13.00 2011.10.13 Trojan/Win32.HDC
AntiVir 7.11.15.252 2011.10.13 TR/Downloader.Gen
Antiy-AVL 2.0.3.7 2011.10.13 -
Avast 6.0.1289.0 2011.10.13 Win32:Ertfor-D [Trj]
AVG 10.0.0.1190 2011.10.13 -
BitDefender 7.2 2011.10.13 Generic.Malware.SFDBdld.B615CE4E
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.10.13 -
ClamAV 0.97.0.0 2011.10.13 -
Commtouch 5.3.2.6 2011.10.13 W32/Heuristic-257!Eldorado
Comodo 10440 2011.10.13 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.10.12 -
Emsisoft 5.1.0.11 2011.10.13 Trojan.Win32.Ertfor!IK
eSafe 7.0.17.0 2011.10.11 Win32.Trojan
eTrust-Vet 36.1.8617 2011.10.13 Win32/Ertfor.B!generic
F-Prot 4.6.5.141 2011.10.13 W32/Heuristic-257!Eldorado
F-Secure 9.0.16440.0 2011.10.13 Generic.Malware.SFDBdld.B615CE4E
Fortinet 4.3.370.0 2011.10.13 W32/ErtFor.D!tr
GData 22 2011.10.13 Generic.Malware.SFDBdld.B615CE4E
Ikarus T3.1.1.107.0 2011.10.13 Trojan.Win32.Ertfor
Jiangmin 13.0.900 2011.10.12 Trojan/Generic.okkp
K7AntiVirus 9.115.5278 2011.10.13 Riskware
Kaspersky 9.0.0.837 2011.10.13 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.10.13 Artemis!1A8AA77D9B32
McAfee-GW-Edition 2010.1D 2011.10.13 Artemis!1A8AA77D9B32
Microsoft 1.7702 2011.10.13 Trojan:Win32/Ertfor.B
NOD32 6541 2011.10.13 probably a variant of Win32/Agent.SDL
Norman 6.07.11 2011.10.13 W32/Ertfor.O
nProtect 2011-10-13.01 2011.10.13 -
Panda 10.0.3.5 2011.10.13 Trj/CI.A
PCTools 8.0.0.5 2011.10.13 Trojan.Gen
Prevx 3.0 2011.10.16 -
Rising 23.79.03.02 2011.10.13 Trojan.Win32.Generic.129B1DFF
Sophos 4.70.0 2011.10.13 Mal/Behav-116
SUPERAntiSpyware 4.40.0.1006 2011.10.13 -
Symantec 20111.2.0.82 2011.10.13 Trojan.Gen
TheHacker 6.7.0.1.322 2011.10.13 -
TrendMicro 9.500.0.1008 2011.10.13 TROJ_GEN.RC1C1J5
TrendMicro-HouseCall 9.500.0.1008 2011.10.13 TROJ_GEN.RC1C1J5
VBA32 3.12.16.4 2011.10.13 -
VIPRE 10749 2011.10.13 Trojan.Win32.Generic!BT
ViRobot 2011.10.13.4717 2011.10.13 -
VirusBuster 14.1.11.0 2011.10.13 Trojan.Agent!7BilVbEstL0

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:41 PM

Posted 16 October 2011 - 08:04 AM

Hi Amie,



Delete your copy of Combofix and download a fresh one from here.

Save it your desktop but do not run it yet ! <--- important !!!



We need to execute a CFScript to clean some remnants.


Please do this:


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic423647.html

KILLALL::
Collect::
C:\Windows\system32\winsett.exe
DirLook::
C:\Users\Astrantia\AppData\Roaming\Xilom
C:\Users\Astrantia\AppData\Roaming\Kewuxy
c:\windows\temp
c:\windows\system32\config\systemprofile\appdata\local
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Cleanup"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Cleanup"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"System Cleanup"=-
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

3. Close any open browsers.

4. Referring to the picture above, drag CFScript into ComboFix.exe

5. When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.
  • Important: Ensure you are connected to the internet before clicking OK on the message box.
  • A blue-screen would appear auto-uploading the zipped file I requested.
  • After the uploading is done you should see a message near the bottom saying "Upload was Successful".

**NOTE**
  • IF for some reason Combofix fails to upload anything you will see that message:
    Posted Image
  • Please double-click this file: C:\CF-Submit.htm and follow the instructions there to upload that zipped file.


6. When Combifix finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Also reply back to let me know how things are going.


Regards,
Georgi

cXfZ4wS.png


#9 Amie L

Amie L
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 16 October 2011 - 08:56 AM

Hi again Georgi,

Thank you for your continued help.

Combofix log:

ComboFix 11-10-15.04 - Astrantia 16/10/2011 14:18:26.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1918.1154 [GMT 1:00]
Running from: c:\users\Astrantia\Desktop\ComboFix.exe
Command switches used :: c:\users\Astrantia\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\windows\system32\winsett.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\winsett.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-16 to 2011-10-16 )))))))))))))))))))))))))))))))
.
.
2011-10-16 13:38 . 2011-10-16 13:42 -------- d-----w- c:\users\Astrantia\AppData\Local\temp
2011-10-16 13:38 . 2011-10-16 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-16 12:13 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-14 10:12 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-14 10:12 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-14 10:12 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-14 10:12 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-14 10:12 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-14 10:03 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-14 10:03 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-14 10:03 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-14 10:03 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-14 10:03 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-08 14:49 . 2011-10-08 14:49 -------- d-----w- C:\found.000
2011-10-08 00:22 . 2011-10-12 14:53 -------- d-----w- c:\users\Astrantia\AppData\Roaming\Xilom
2011-10-08 00:22 . 2011-10-11 14:03 -------- d-----w- c:\users\Astrantia\AppData\Roaming\Kewuxy
2011-10-07 23:31 . 2011-10-07 23:31 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2011-09-27 17:22 . 2011-09-27 17:24 -------- d-----w- c:\programdata\AVG Security Toolbar(211)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 13:41 . 2011-10-16 13:41 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F59D23B4-5802-41B9-AE21-E70076CB06C0}\offreg.dll
2011-09-21 08:00 . 2011-10-16 12:13 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F59D23B4-5802-41B9-AE21-E70076CB06C0}\mpengine.dll
2011-09-08 22:01 . 2011-06-29 14:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 23:31 . 2011-08-11 20:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Astrantia\AppData\Roaming\Kewuxy ----
.
.
---- Directory of c:\users\Astrantia\AppData\Roaming\Xilom ----
.
.
---- Directory of c:\windows\system32\config\systemprofile\appdata\local ----
.
.
---- Directory of c:\windows\temp ----
.
2011-10-16 13:44 . 2011-10-16 13:44 524288 ----atw- c:\windows\temp\TMP0000000986A456674249E922
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-06-13 339984]
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-02 12008296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-27 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SMkNNTC1TUzdGVy1NT1hGUi1UUlU4Vi0zRU1CUg&inst=NzYtOTQyNzE5MjcyLUZJKzEtVklQKzEtRkwxMCsxLVRVRyszLUZPSSsxLUREVCsxMzg3LUREMTArMS1TVDEwQVBQKzEtRDM4MUwrNi1JMTArMQ&prod=94&ver=10.0.1410" [?]
.
c:\users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-6-28 2278240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 589824]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Astrantia\AppData\Roaming\Mozilla\Firefox\Profiles\36h43r1i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e43f6cc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-GB&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-16 14:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
.
**************************************************************************
.
Completion time: 2011-10-16 14:51:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-16 13:50
ComboFix2.txt 2011-10-15 23:19
.
Pre-Run: 15,191,642,112 bytes free
Post-Run: 15,082,504,192 bytes free
.
- - End Of File - - D2FA35708C9015DBA2C930B2B5EB6763
Upload was successful

#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:41 PM

Posted 16 October 2011 - 09:59 AM

Great work Amie, :)



Run Scan with Malwarebytes


I see you have Malwarebytes' Anti-Malware installed on your computer.
Please start the application by double-click on it's icon.
Once the program has loaded go to the UPDATE tab and check for updates.
When the update is complete, select the Scanner tab
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to a convenient location and post the results in your next reply.



We need to run an OTL Custom Scan



  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\GAC_32\*.* /S /MD5
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler /s
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s
    SAVEMBR:0
    %SystemDrive%\PhysicalMBR.bin /md5 
    /md5start
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    volsnap.sys
    disk.sys
    afd.sys
    redbook.sys
    i8042prt.sys
    serial.sys
    ndis.sys
    mup.sys
    beep.sys
    acpi.sys
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Regards,
Georgi

cXfZ4wS.png


#11 Amie L

Amie L
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 16 October 2011 - 01:59 PM

Hi Georgi,

Results as follows.

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7961

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

16/10/2011 19:33:54
mbam-log-2011-10-16 (19-33-54).txt

Scan type: Quick scan
Objects scanned: 164178
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL:

OTL logfile created on: 16/10/2011 19:38:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Astrantia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 58.23% Memory free
3.99 Gb Paging File | 2.99 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.41 Gb Total Space | 13.60 Gb Free Space | 20.79% Space Free | Partition Type: NTFS
Drive D: | 11.72 Gb Total Space | 5.90 Gb Free Space | 50.37% Space Free | Partition Type: NTFS
Drive E: | 32.70 Gb Total Space | 24.99 Gb Free Space | 76.42% Space Free | Partition Type: NTFS

Computer Name: ASTRANTIA-PC | User Name: Astrantia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 19:35:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Astrantia\Desktop\OTL.exe
PRC - [2011/10/08 00:31:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/06/28 00:00:00 | 002,278,240 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2011/03/02 21:35:24 | 012,008,296 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2010/02/03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/09/29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/09/29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/11/28 15:12:40 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdncoms.exe
PRC - [2007/06/13 09:34:46 | 000,339,984 | ---- | M] (Fujitsu Siemens Computers) -- C:\ProgramData\fsc-reg\fscreg.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/29 11:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/12/26 19:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2006/12/15 00:53:28 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2006/12/08 18:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006/11/18 04:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2006/08/29 17:26:32 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
PRC - [2005/07/25 21:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 23:08:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 23:07:52 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/14 23:05:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/14 21:23:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/14 21:22:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/14 21:22:36 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/14 21:18:19 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 21:18:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/08 00:31:23 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/28 00:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files\Trillian\libspeex.dll
MOD - [2011/06/28 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Trillian\libungif.dll
MOD - [2011/06/28 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Trillian\zlib1.dll
MOD - [2011/06/28 00:00:00 | 000,011,264 | ---- | M] () -- c:\Program Files\Trillian\languages\en\buddy.dll
MOD - [2011/06/28 00:00:00 | 000,008,704 | ---- | M] () -- c:\Program Files\Trillian\languages\en\talk.dll
MOD - [2011/06/28 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\trillian.dll
MOD - [2011/06/28 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\events.dll
MOD - [2011/06/28 00:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files\Trillian\languages\en\toolkit.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/05/22 18:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/04/21 13:32:29 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/03/02 21:34:56 | 002,748,416 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5.1\libmysqld.dll
MOD - [2011/03/02 21:34:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Symlib.dll
MOD - [2010/02/10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010/02/10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2009/09/29 12:24:24 | 000,139,264 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2007/06/30 12:52:08 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2536.35577__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/06/30 12:52:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2536.35576__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/06/30 12:52:08 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2536.35589__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/06/30 12:51:56 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2564.39164__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/06/30 12:51:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2536.35581__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/06/30 12:51:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2536.35591__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/06/30 12:51:55 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2564.39162__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/06/30 12:51:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2564.39163__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/01/11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
MOD - [2007/01/08 12:08:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/08/29 17:26:32 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
MOD - [2005/07/25 21:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 15:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/08 18:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006/11/18 04:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/07/13 08:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/01/08 12:16:50 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/07/14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2003/04/28 19:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1147877497-84825695-3507218712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1147877497-84825695-3507218712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1147877497-84825695-3507218712-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e43f6cc&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/08 00:31:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/22 23:28:39 | 000,000,000 | ---D | M]

[2011/04/10 19:00:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrantia\AppData\Roaming\Mozilla\Extensions
[2011/09/27 14:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Astrantia\AppData\Roaming\Mozilla\Firefox\Profiles\36h43r1i.default\extensions
[2011/08/11 21:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/21 13:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ASTRANTIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\36H43R1I.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/04/19 21:08:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/08 00:31:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/10/08 00:31:18 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/08 00:31:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/08 00:31:18 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/08 00:31:18 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/08 00:31:18 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/10/16 14:42:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1147877497-84825695-3507218712-1000..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1147877497-84825695-3507218712-1000..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKU\S-1-5-21-1147877497-84825695-3507218712-1000..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1147877497-84825695-3507218712-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1147877497-84825695-3507218712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1147877497-84825695-3507218712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1C76507-27D6-416B-A818-4AEB658EC76E}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 90 Days ==========

[2011/10/16 19:35:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Astrantia\Desktop\OTL.exe
[2011/10/16 19:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/16 19:28:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/16 19:27:17 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Astrantia\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/16 14:53:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/16 14:53:30 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\temp
[2011/10/16 14:42:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/16 14:16:28 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/16 14:13:50 | 004,261,887 | R--- | C] (Swearware) -- C:\Users\Astrantia\Desktop\ComboFix.exe
[2011/10/16 13:13:23 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/10/16 00:00:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/16 00:00:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/16 00:00:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/16 00:00:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/16 00:00:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/15 23:48:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/10/15 22:42:50 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\Desktop\erunt
[2011/10/15 22:41:46 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Astrantia\Desktop\tdsskiller.exe
[2011/10/15 19:46:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Astrantia\Desktop\dds.scr
[2011/10/14 21:23:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/14 21:23:21 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/14 21:23:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/14 21:23:15 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/14 21:23:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/14 21:23:14 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/14 21:23:14 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/14 21:23:13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/14 21:23:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/14 21:23:13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/14 21:23:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/14 21:23:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/14 21:23:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/14 21:23:11 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/14 21:23:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/14 21:23:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/14 21:23:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/14 21:23:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/14 11:12:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/14 11:12:19 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/14 11:12:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/14 11:12:18 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/14 11:12:08 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/14 11:03:06 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/14 11:03:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/08 15:49:07 | 000,000,000 | ---D | C] -- C:\found.000
[2011/10/08 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\Xilom
[2011/10/08 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\Kewuxy
[2011/09/27 18:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar(211)
[2011/09/12 23:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/09/12 23:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/12 21:36:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/09/12 03:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\kH01610MkOmK01610
[2011/09/07 01:06:49 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KingJackpot
[2011/09/07 01:05:33 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\KingJackpot
[2011/09/07 00:47:08 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\coupons
[2011/09/05 03:33:28 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\WinRAR
[2011/09/05 03:33:27 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/05 03:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/05 03:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/02 17:40:31 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F8C2FABB-C433-4268-9654-8332C59BADD7}
[2011/09/02 17:39:42 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{FFEF269A-402B-4562-8975-5B3CFF3B6D75}
[2011/09/02 15:25:27 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{8C6D56B5-570E-4090-B85A-2303516F541B}
[2011/09/02 14:26:20 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{85FDA155-E51F-49A3-8311-770A195E92C9}
[2011/09/02 14:25:48 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{E7A3E7DD-DDF4-4740-91CF-D15A66E29C9D}
[2011/09/02 14:20:58 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{3CCB4629-C36D-484D-9902-0BE0A581DA5E}
[2011/09/02 14:20:46 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F93B7919-EAE7-46C0-B754-6F941F3316E9}
[2011/09/01 23:26:20 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{342B9529-4FA7-47D0-BD6F-261B6639DE59}
[2011/09/01 23:22:34 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{6F796B3F-05E0-4D5E-AC47-401BD66B7191}
[2011/09/01 19:11:51 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{EF326297-278B-4D9B-AAFF-F29D4A11CCF2}
[2011/09/01 18:17:44 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{75EFD8EF-FE8E-462B-A2C8-E12D8BE77966}
[2011/09/01 18:17:24 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{E4BBDBC1-2084-444B-8ED3-5E89BB55D705}
[2011/09/01 17:07:50 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{4DEFFC92-DEC9-4234-A14B-63BC65DF1F8D}
[2011/09/01 13:31:25 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{97491FCA-A28A-4EF3-BB94-144C1774E1B7}
[2011/09/01 01:29:12 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{EE42F725-BAB0-48BA-8C83-A838BB7F7280}
[2011/09/01 01:28:26 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{C2F54732-3658-46D5-BDD0-DB46AB18294F}
[2011/09/01 00:24:18 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{E8B08A50-D96A-4406-BC6D-DDF47B0E4102}
[2011/09/01 00:23:57 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{64C93B7F-A5F8-42BA-B876-4FE770B61A20}
[2011/08/31 23:30:03 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\Desktop\Design & Business
[2011/08/31 19:13:15 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\Desktop\Ebay
[2011/08/31 15:04:51 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{27B8FFF5-EE22-4617-910A-B71C3D7B109C}
[2011/08/31 15:04:28 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{AEBEB4B7-A4DB-4CC2-B8EE-2C723FB971DD}
[2011/08/31 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{8682DF2B-CAA0-4B11-97DB-E2A84B274F6E}
[2011/08/30 11:31:01 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{5074DCB6-D937-4449-8658-1A14B5DC8C41}
[2011/08/30 11:29:21 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{D13F8F2A-67F5-4E8E-B05E-0FE78A7DB974}
[2011/08/29 22:49:22 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{E3766137-F305-40CD-9F4F-93497CD81F18}
[2011/08/29 22:46:08 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{6B749C0C-8EAB-473F-8561-CFF5196C7471}
[2011/08/28 12:18:25 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{5494BAC9-D32A-4CCC-8FBB-2F1F16FC575C}
[2011/08/28 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{CE4E4122-7153-4ED2-AEC5-18B58BB0321B}
[2011/08/27 23:06:11 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{490159E4-FF79-44BD-A135-717C24B8EEE4}
[2011/08/27 23:02:39 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{0F10E10C-E654-4FFF-B85F-241417BFADB3}
[2011/08/26 20:35:30 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{3AFE88BB-BD5E-4839-B85E-6F4C1211CB7E}
[2011/08/26 20:35:18 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{5BE20EF9-40CA-46FA-B7F0-AF35ED86E637}
[2011/08/25 21:39:47 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{72000BF3-13CF-465B-9D9F-4729EB3478B0}
[2011/08/25 21:39:34 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{68AF2260-E40D-46D9-A381-5CC4A272C6F6}
[2011/08/24 23:44:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/24 23:38:05 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F1C9231D-9452-43D1-B57B-4A61FD657A23}
[2011/08/24 23:37:52 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{83A7F40C-E149-465E-B6F3-AB2384A52F4D}
[2011/08/24 23:16:14 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{FD5068BC-DF0D-4253-BB42-992DB26F146E}
[2011/08/24 23:14:36 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{522C05CE-AD63-46D4-BD32-6BDD3983CD6C}
[2011/08/24 23:05:44 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{ACF08A7F-D41D-49E6-92C9-72725BD69776}
[2011/08/24 23:05:27 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{CFF153F9-D6A3-4446-BBE2-2A6C08751642}
[2011/08/24 15:19:17 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{1D0B8492-16B5-424F-B7D4-B310975304CC}
[2011/08/24 15:18:38 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{3C8B698D-A35B-44A1-B847-09C4EA31EDF7}
[2011/08/24 14:42:38 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{2AF2285B-B8B9-4B7A-99BA-8F6FD38016B9}
[2011/08/23 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{8B65E14D-8CCA-4CDD-A84E-A79BAEE2FA9A}
[2011/08/23 20:53:29 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{1C9EA7C5-FDDF-4694-BC6C-D0A93127AA60}
[2011/08/22 22:28:10 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F6C70F4C-67E4-4A8E-BAF5-DD7731986FF6}
[2011/08/22 22:26:02 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{D22D8C39-307D-42FB-8D0C-0D80A7EBC643}
[2011/08/21 23:01:00 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{88546D31-84A5-4277-8F43-BA0F9D99BFA3}
[2011/08/21 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{6CFFF91F-A63E-49BB-8A00-FD5E46E9229E}
[2011/08/21 17:16:15 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{FC0AA03C-62FC-44D4-B3A8-2746B56671ED}
[2011/08/21 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{BED8DF25-5A61-4503-8D46-29143FB5B0E1}
[2011/08/20 12:58:40 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F770DA52-BFD1-4706-9B31-D310ECFBD08B}
[2011/08/19 21:43:53 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{5B6C3E0E-9ED8-413B-AF84-260205AF4700}
[2011/08/19 21:43:16 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{02251F4C-A3D1-4FF5-877A-1873DEEB8378}
[2011/08/18 21:44:55 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{378FBC3C-7A9B-4188-9F8C-19FA46F738DF}
[2011/08/18 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{DEAAEA7A-9F7A-4E40-BE69-17080A9D7532}
[2011/08/18 20:35:21 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{6B688287-170E-40CC-89FA-A0FE93468449}
[2011/08/18 20:34:02 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{CFD70FC1-8F0E-4DD3-A7EF-100808EF9C38}
[2011/08/18 17:56:24 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{B12620B3-7809-465C-8815-D349CACC3262}
[2011/08/18 16:26:23 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{111CC31D-2E94-4B5D-9324-AD728664E97C}
[2011/08/18 16:26:07 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{63A23058-7DFB-48F4-BBD0-03869E2CBE66}
[2011/08/18 14:52:29 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{82C39DC0-6D6E-416F-A4BA-36AEBD7FBC63}
[2011/08/18 13:34:30 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{7F58F1FC-F20F-4AF2-B818-AE0C1687619D}
[2011/08/18 13:33:45 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{34626F23-B4A3-4C98-8C25-A8584194F563}
[2011/08/18 13:30:20 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{5570175C-9AB2-4659-BF20-093B260A7A0B}
[2011/08/17 22:53:31 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F507BCE7-BDD0-4D98-A4F1-3932D31DA139}
[2011/08/17 22:51:24 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F20D4C5E-6E1D-4F21-8D57-EBE26BD8D50C}
[2011/08/17 22:25:27 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{14955C6F-E7B4-4CEB-91FD-7B3BFD528027}
[2011/08/17 20:07:29 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{DF47A1DD-37CC-498E-96DE-DC6DE0B74A55}
[2011/08/17 20:07:15 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{661FB03C-94E3-4A40-841B-AAD0B5DCACF1}
[2011/08/17 19:41:45 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{8EAF7FB5-7CE7-4BC2-8425-9B6D847F41E3}
[2011/08/17 19:41:31 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{978E0ED4-7BDB-4990-9727-A5EA7C6CA45C}
[2011/08/17 17:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/08/17 15:27:13 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{E6B627FA-6199-48C8-AA41-6CE3D9F62030}
[2011/08/17 15:25:24 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{3E41640A-546B-4336-9741-920BE737429E}
[2011/08/17 11:16:20 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{D25D28AB-AA1D-476A-873A-544A32AA3CC1}
[2011/08/16 21:40:55 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{91188322-735B-4B53-BD5F-08174607B1D5}
[2011/08/16 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{53492114-43C4-4CC7-B9C9-9BBE58A6B048}
[2011/08/16 21:35:44 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{AFD42AA3-D8BE-44AA-9279-B41A3D8C7FDF}
[2011/08/14 23:47:23 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\MusicNet
[2011/08/14 23:44:07 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\PackageAware
[2011/08/14 23:07:26 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{8559B631-91CA-4B6B-9C40-1FF622F199FC}
[2011/08/14 23:07:08 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{9C7A498A-7672-473C-9DD4-D04092AAB0A3}
[2011/08/13 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{59254412-C7B3-41EE-8190-BFE546EE7114}
[2011/08/13 13:59:31 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{D014D019-E5F0-4B80-AE30-7EDE20616BA3}
[2011/08/13 13:23:19 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{D0574FBE-78C8-44C9-A60D-D2969B362941}
[2011/08/13 13:22:59 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{E95DF74B-AF04-4DCA-8DB3-F9330AF81EDD}
[2011/08/12 18:49:36 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{FE629C0A-A7C9-4908-B6D8-F626F29493C1}
[2011/08/12 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{E639B25D-A3E2-4ECC-A0BE-5A036F1BCD41}
[2011/08/12 18:14:08 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{0ED7A72C-84D6-43FF-A38A-F38AF41DB4E1}
[2011/08/12 18:13:53 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{2F3BABC1-5BC1-4EDD-A0CD-3BF22409B6C2}
[2011/08/12 16:01:28 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{1F2F5810-E6F2-464D-B0F3-39A453D2E0A7}
[2011/08/11 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F62F5762-DE8B-4023-AE9D-067706B4B0DA}
[2011/08/11 20:58:10 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{DE61ADF8-0FAA-43D9-AB8D-DADC6153EAFE}
[2011/08/11 18:04:17 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{19492C19-6C65-40C0-9439-AA8976B11CE7}
[2011/08/11 16:20:27 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{08342AFD-BC4F-4862-8890-523FDEAFBA24}
[2011/08/11 16:16:49 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{39ECABAA-8C26-4F35-B3D6-621093A7AAB6}
[2011/08/11 14:59:38 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{B22F69FA-890A-4FA2-9445-E83FC289E4CC}
[2011/08/11 14:45:16 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{1A2773B1-F5F9-4D9D-839C-B2AFE6C1D4B4}
[2011/08/11 14:43:06 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{6CACBBC2-C858-4D8A-B628-27833EC36191}
[2011/08/11 13:23:37 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{E2F92D09-6B10-4DA4-A052-98214AF03253}
[2011/08/11 13:23:05 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{DA531AA2-28E3-401D-97A4-96FFED59E5B7}
[2011/08/10 15:56:58 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 15:56:29 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 15:56:29 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 15:47:34 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{A0114F15-C4F5-4666-B2EB-F687FC3337C5}
[2011/08/10 15:46:56 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{1461A959-3956-4D45-84F0-95BFB48C6E38}
[2011/08/09 20:13:53 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{65B08AC0-80B0-43C6-A8D3-4FD824FF0113}
[2011/08/09 20:12:42 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{41A89F0E-7673-4B76-81D8-32D041F17B49}
[2011/08/08 05:40:14 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{FE2ADC37-EF44-4FE7-A941-90EA21AB892A}
[2011/08/08 05:40:03 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{099239F2-E39C-462E-8BCD-A3FAE1503777}
[2011/08/06 23:10:15 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{33EE8DE9-B072-4533-9524-9C6C0BB68FE3}
[2011/08/06 23:09:49 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{0623B898-C3AF-4584-A462-6C82AFF5F56A}
[2011/08/06 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\Desktop\Adobe Dreamweaver CS5.5
[2011/08/06 17:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2011/08/06 17:12:48 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\Last.fm
[2011/08/06 17:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2011/08/06 17:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2011/08/06 16:54:04 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\Desktop\Adobe Photoshop CS5.1
[2011/08/06 14:36:41 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{BC635763-0509-433C-903A-98A526F7B8A2}
[2011/08/06 00:18:03 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\FileZilla
[2011/08/06 00:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/08/06 00:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/08/05 22:52:25 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{4304FC9F-35D6-41B6-B297-950416BFAB14}
[2011/08/05 22:51:38 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F68C3B99-7098-4300-AA7F-132D942BAB1D}
[2011/08/05 00:35:20 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/05 00:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2011/08/04 11:34:25 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{03DA8719-54F6-4337-A15B-D06E47381F35}
[2011/08/04 11:33:36 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{B15D9309-A627-424F-A1CF-C97FD51F7CE9}
[2011/08/03 13:03:53 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\Trillian
[2011/08/03 13:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian
[2011/08/03 13:00:23 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{D243C4B6-4898-4862-B9D4-05683605D04A}
[2011/08/03 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{FD1D2957-BF7E-4376-8DD6-79773C3B3CEB}
[2011/08/02 11:01:37 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{0CDAB48B-8684-4078-8025-FC8BFCA90FCC}
[2011/08/02 11:01:16 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F8D628CB-1FAF-414B-91CC-FDD81490435A}
[2011/08/01 01:51:31 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{ACE64912-547B-40B7-AF42-1D791D499357}
[2011/07/31 13:49:28 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{985799E7-4D03-4A52-B322-1F18AE749A91}
[2011/07/29 10:24:20 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{06B2591F-EFA0-42B9-8CBD-50749355C6C3}
[2011/07/29 10:13:25 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\Audacity
[2011/07/29 10:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2011/07/28 22:21:39 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{5FD9DD65-EBF8-44EF-922F-14AE73187867}
[2011/07/27 07:39:14 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{ECF33E7F-3943-45F9-9356-3D4484228F64}
[2011/07/26 20:56:09 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\gtk-2.0
[2011/07/26 20:56:04 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\.thumbnails
[2011/07/26 13:59:43 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{799FB97E-94F4-4E91-A5A2-F098137FBE31}
[2011/07/26 13:45:30 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{A3857120-0DF7-464F-8D7B-815E30BAF677}
[2011/07/25 22:37:40 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{2A85FA51-259D-4B31-8327-3F84B77E9CE6}
[2011/07/25 10:32:05 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{6BB956B6-C885-4174-8615-127809CB4501}
[2011/07/24 22:36:57 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{DC6C6F14-0A2F-41F2-83DB-0BFB239DD437}
[2011/07/24 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{9EF02FB4-E6A1-490F-9CF0-423D5F6FF4BC}
[2011/07/23 16:34:10 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{F6917875-148C-40D9-BE2E-2B8BFE933ACD}
[2011/07/22 22:42:53 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{C94F366F-7DE8-48C0-A28B-FE936487B11C}
[2011/07/22 10:39:03 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{FE448BF9-31E5-4A1E-B690-F41E091D63BB}
[2011/07/21 10:58:00 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{AE25582D-3D7E-4B4B-A1C8-4D47F77ACA73}
[2011/07/20 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{A9C142B2-C961-40EC-9CE6-14337DCB2724}
[2011/07/19 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{106E14FF-2D79-4034-A2E9-58C91C1A1508}
[2011/07/19 00:23:05 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Local\{D6CE1324-E37F-4B31-AE92-BDFB27675134}
[2009/10/20 17:59:04 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdncoin.dll
[2007/11/28 15:19:08 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2007/11/28 15:16:04 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2007/11/28 15:13:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2007/11/28 15:13:30 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2007/11/28 15:13:22 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
[2007/11/28 15:13:08 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdncfg.exe
[2007/11/28 15:12:54 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\lxdnih.exe
[2007/11/28 15:12:40 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxdncoms.exe
[2007/11/28 15:12:26 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2007/11/28 15:12:08 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2007/11/28 15:11:48 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2007/11/28 15:10:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2007/11/28 15:09:18 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll

========== Files - Modified Within 90 Days ==========

[2011/10/16 19:40:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/10/16 19:35:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Astrantia\Desktop\OTL.exe
[2011/10/16 19:28:06 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 19:27:21 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Astrantia\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/16 19:24:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 19:24:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/16 19:24:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/16 19:23:59 | 2011,414,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/16 14:42:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/16 14:13:53 | 004,261,887 | R--- | M] (Swearware) -- C:\Users\Astrantia\Desktop\ComboFix.exe
[2011/10/15 22:41:47 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Astrantia\Desktop\tdsskiller.exe
[2011/10/15 22:40:35 | 000,513,320 | ---- | M] () -- C:\Users\Astrantia\Desktop\erunt.zip
[2011/10/15 20:15:02 | 155,072,905 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/15 20:00:29 | 000,302,592 | ---- | M] () -- C:\Users\Astrantia\Desktop\1zevslcb.exe
[2011/10/15 19:47:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Astrantia\Desktop\dds.scr
[2011/10/14 21:19:13 | 000,007,376 | ---- | M] () -- C:\Users\Astrantia\AppData\Local\d3d9caps.dat
[2011/10/14 21:16:06 | 003,635,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/14 21:10:59 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/10/14 21:03:27 | 000,604,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/14 21:03:26 | 000,107,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 16:02:41 | 000,000,655 | ---- | M] () -- C:\Users\Astrantia\Desktop\Launch Manager - Shortcut.lnk
[2011/10/04 20:45:58 | 000,166,150 | ---- | M] () -- C:\Users\Astrantia\Desktop\705593862.pdf
[2011/10/03 21:40:53 | 000,014,809 | ---- | M] () -- C:\Users\Astrantia\Desktop\Vanquis.odt
[2011/10/03 21:40:53 | 000,000,131 | -H-- | M] () -- C:\Users\Astrantia\Desktop\.~lock.Vanquis.odt#
[2011/10/03 21:19:28 | 000,065,041 | ---- | M] () -- C:\Users\Astrantia\Desktop\Finances - For Creditors.ods
[2011/10/03 21:19:26 | 000,000,131 | -H-- | M] () -- C:\Users\Astrantia\Desktop\.~lock.Finances - For Creditors.ods#
[2011/10/01 19:28:08 | 000,068,988 | ---- | M] () -- C:\Users\Astrantia\Desktop\Finances - As Is Now.ods
[2011/10/01 19:12:51 | 000,068,886 | ---- | M] () -- C:\Users\Astrantia\Desktop\Finances.ods
[2011/10/01 00:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/01 00:03:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/01 00:02:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/01 00:02:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/01 00:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/01 00:01:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/01 00:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/01 00:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/01 00:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/01 00:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/01 00:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/01 00:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/01 00:01:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/30 23:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/30 22:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/30 22:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/30 22:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/30 22:28:36 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/09/12 22:15:55 | 000,017,795 | ---- | M] () -- C:\Users\Astrantia\Desktop\Anne.odt
[2011/09/11 15:30:28 | 000,002,117 | ---- | M] () -- C:\Users\Astrantia\.recently-used.xbel
[2011/09/10 20:09:00 | 000,261,731 | ---- | M] () -- C:\Users\Astrantia\Desktop\campbells-coupon.pdf
[2011/09/09 02:09:17 | 000,034,972 | ---- | M] () -- C:\Users\Astrantia\Desktop\FuturaLight.ttf
[2011/09/08 23:01:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/07 01:06:49 | 000,000,815 | ---- | M] () -- C:\Users\Astrantia\Desktop\KingJackpot.lnk
[2011/09/06 14:30:12 | 002,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/09/02 17:47:31 | 000,000,848 | ---- | M] () -- C:\Users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/25 17:15:04 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/08/25 14:31:01 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/08/17 17:44:04 | 000,208,896 | ---- | M] (www.mp3dev.org) -- C:\Users\Astrantia\Desktop\lame_enc.dll
[2011/08/11 21:54:41 | 000,000,876 | ---- | M] () -- C:\Users\Astrantia\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/11 13:57:00 | 000,000,806 | ---- | M] () -- C:\Users\Astrantia\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/08/07 01:17:58 | 000,004,608 | ---- | M] () -- C:\Users\Astrantia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 17:48:16 | 000,001,204 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts.sam
[2011/08/04 19:18:02 | 000,000,924 | ---- | M] () -- C:\Users\Astrantia\Application Data\Microsoft\Internet Explorer\Quick Launch\Trillian.lnk
[2011/07/29 17:01:34 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/07/29 17:01:33 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/07/29 17:00:14 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/07/29 17:00:05 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

========== Files Created - No Company Name ==========

[2011/10/16 19:40:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/10/16 19:28:06 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/16 00:00:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/16 00:00:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/16 00:00:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/16 00:00:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/16 00:00:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/15 22:40:30 | 000,513,320 | ---- | C] () -- C:\Users\Astrantia\Desktop\erunt.zip
[2011/10/15 20:00:21 | 000,302,592 | ---- | C] () -- C:\Users\Astrantia\Desktop\1zevslcb.exe
[2011/10/14 10:30:43 | 000,065,536 | ---- | C] () -- C:\Users\Astrantia\Desktop\WisWBSet.exe
[2011/10/12 16:02:41 | 000,000,655 | ---- | C] () -- C:\Users\Astrantia\Desktop\Launch Manager - Shortcut.lnk
[2011/10/04 20:45:49 | 000,166,150 | ---- | C] () -- C:\Users\Astrantia\Desktop\705593862.pdf
[2011/10/03 21:17:18 | 000,000,131 | -H-- | C] () -- C:\Users\Astrantia\Desktop\.~lock.Finances - For Creditors.ods#
[2011/10/03 21:17:16 | 000,065,041 | ---- | C] () -- C:\Users\Astrantia\Desktop\Finances - For Creditors.ods
[2011/10/03 20:55:11 | 000,000,131 | -H-- | C] () -- C:\Users\Astrantia\Desktop\.~lock.Vanquis.odt#
[2011/10/03 20:55:09 | 000,014,809 | ---- | C] () -- C:\Users\Astrantia\Desktop\Vanquis.odt
[2011/10/01 21:02:45 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/10/01 19:14:05 | 000,068,988 | ---- | C] () -- C:\Users\Astrantia\Desktop\Finances - As Is Now.ods
[2011/09/12 21:41:28 | 000,017,795 | ---- | C] () -- C:\Users\Astrantia\Desktop\Anne.odt
[2011/09/11 15:30:28 | 000,002,117 | ---- | C] () -- C:\Users\Astrantia\.recently-used.xbel
[2011/09/10 20:08:58 | 000,261,731 | ---- | C] () -- C:\Users\Astrantia\Desktop\campbells-coupon.pdf
[2011/09/09 02:09:16 | 000,034,972 | ---- | C] () -- C:\Users\Astrantia\Desktop\FuturaLight.ttf
[2011/09/07 01:06:49 | 000,000,815 | ---- | C] () -- C:\Users\Astrantia\Desktop\KingJackpot.lnk
[2011/09/02 17:47:31 | 000,000,848 | ---- | C] () -- C:\Users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2011/08/07 01:17:57 | 000,004,608 | ---- | C] () -- C:\Users\Astrantia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 19:02:22 | 000,001,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2011/08/06 18:56:31 | 000,000,980 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2011/08/06 17:32:48 | 000,001,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2011/08/06 17:29:46 | 000,000,984 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2011/08/06 17:29:05 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2011/08/06 17:27:20 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2011/08/06 17:27:10 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2011/08/06 17:26:04 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/08/05 00:35:13 | 000,000,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2011/08/04 19:18:02 | 000,000,924 | ---- | C] () -- C:\Users\Astrantia\Application Data\Microsoft\Internet Explorer\Quick Launch\Trillian.lnk
[2011/08/03 13:03:53 | 000,000,924 | ---- | C] () -- C:\Users\Astrantia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2011/07/29 10:13:14 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/07/22 23:43:30 | 000,068,886 | ---- | C] () -- C:\Users\Astrantia\Desktop\Finances.ods
[2011/05/16 23:41:31 | 000,000,132 | ---- | C] () -- C:\Users\Astrantia\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/05/16 23:38:48 | 000,001,456 | ---- | C] () -- C:\Users\Astrantia\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/16 23:37:44 | 000,000,132 | ---- | C] () -- C:\Users\Astrantia\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/05/16 23:00:15 | 000,134,084 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe
[2011/05/12 20:35:22 | 000,007,376 | ---- | C] () -- C:\Users\Astrantia\AppData\Local\d3d9caps.dat
[2011/04/19 23:03:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/04/19 23:02:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/04/19 23:02:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/23 19:49:04 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
[2009/07/14 09:02:58 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2009/05/14 13:46:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
[2008/03/31 19:47:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2007/10/02 14:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
[2007/06/30 13:10:16 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2007/06/30 12:54:54 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/06/30 12:47:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/06/30 12:47:54 | 000,145,112 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 003,635,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,604,280 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/11 17:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

========== LOP Check ==========

[2011/10/06 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\Audacity
[2011/04/10 17:10:23 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\AVG10
[2011/08/05 00:35:20 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/07 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\coupons
[2011/08/17 21:37:36 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\FileZilla
[2011/10/01 07:45:35 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\gtk-2.0
[2011/10/11 15:03:07 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\Kewuxy
[2011/08/14 23:47:23 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\MusicNet
[2011/05/25 00:43:18 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\OpenOffice.org
[2011/05/16 22:56:09 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/07/03 19:03:09 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\Teleca
[2011/08/03 13:09:50 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\Trillian
[2011/10/08 15:56:43 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\uTorrent
[2011/10/12 15:53:58 | 000,000,000 | ---D | M] -- C:\Users\Astrantia\AppData\Roaming\Xilom
[2011/10/16 19:13:49 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/09/21 16:01:54 | 000,001,416 | ---- | M] () -- C:\aaw7boot.log
[2006/12/06 09:23:32 | 000,000,015 | ---- | M] () -- C:\appinst.cmd
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2007/01/05 12:29:34 | 000,000,030 | ---- | M] () -- C:\batch.wtc
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/06/30 13:10:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/10/16 14:53:26 | 000,010,357 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/10/16 19:23:59 | 2011,414,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 20:35:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/12 20:35:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/16 19:23:56 | 2325,237,760 | -HS- | M] () -- C:\pagefile.sys
[2011/10/16 19:40:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2007/06/30 15:07:37 | 000,005,216 | ---- | M] () -- C:\Prodlog.txt
[2006/11/09 15:05:25 | 000,000,042 | ---- | M] () -- C:\sort-d.txt
[2011/10/15 22:46:59 | 000,070,650 | ---- | M] () -- C:\TDSSKiller.2.6.9.0_15.10.2011_22.44.33_log.txt
[2006/11/14 08:42:32 | 000,000,015 | ---- | M] () -- C:\vtype.cmd

< %USERPROFILE%\*.* >
[2011/09/11 15:30:28 | 000,002,117 | ---- | M] () -- C:\Users\Astrantia\.recently-used.xbel
[2011/10/16 19:36:34 | 002,359,296 | -HS- | M] () -- C:\Users\Astrantia\ntuser.dat
[2011/10/16 19:36:34 | 000,262,144 | -H-- | M] () -- C:\Users\Astrantia\ntuser.dat.LOG1
[2011/04/10 16:44:51 | 000,000,000 | -H-- | M] () -- C:\Users\Astrantia\ntuser.dat.LOG2
[2011/09/12 17:15:40 | 000,065,536 | -HS- | M] () -- C:\Users\Astrantia\ntuser.dat{3197305c-dd57-11e0-a6f2-0016d38ebf18}.TM.blf
[2011/09/12 17:15:40 | 000,524,288 | -HS- | M] () -- C:\Users\Astrantia\ntuser.dat{3197305c-dd57-11e0-a6f2-0016d38ebf18}.TMContainer00000000000000000001.regtrans-ms
[2011/09/12 17:15:40 | 000,524,288 | -HS- | M] () -- C:\Users\Astrantia\ntuser.dat{3197305c-dd57-11e0-a6f2-0016d38ebf18}.TMContainer00000000000000000002.regtrans-ms
[2011/10/16 19:14:06 | 000,065,536 | -HS- | M] () -- C:\Users\Astrantia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011/10/16 19:14:06 | 000,524,288 | -HS- | M] () -- C:\Users\Astrantia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011/04/10 17:11:24 | 000,524,288 | -HS- | M] () -- C:\Users\Astrantia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011/04/10 16:44:51 | 000,000,020 | -HS- | M] () -- C:\Users\Astrantia\ntuser.ini

< %USERPROFILE%\AppData\Local\*.* >
[2011/05/19 01:05:02 | 000,001,456 | ---- | M] () -- C:\Users\Astrantia\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/14 21:19:13 | 000,007,376 | ---- | M] () -- C:\Users\Astrantia\AppData\Local\d3d9caps.dat
[2011/08/07 01:17:58 | 000,004,608 | ---- | M] () -- C:\Users\Astrantia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/09 18:06:58 | 000,062,480 | ---- | M] () -- C:\Users\Astrantia\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/10/16 19:13:37 | 002,929,861 | -H-- | M] () -- C:\Users\Astrantia\AppData\Local\IconCache.db

< %USERPROFILE%\AppData\Roaming\*.* >
[2011/05/16 23:38:07 | 000,000,132 | ---- | M] () -- C:\Users\Astrantia\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/05/16 23:41:31 | 000,000,132 | ---- | M] () -- C:\Users\Astrantia\AppData\Roaming\Adobe PNG Format CS5 Prefs

< %ProgramData%\*.* >

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >
[2011/04/19 22:53:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2009/08/13 12:02:22 | 000,147,968 | ---- | M] () -- C:\Windows\system32\Spool\prtprocs\w32x86\lxdndrpp.dll

< %systemroot%\*. /mp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >
[2009/04/10 23:29:30 | 000,144,384 | ---- | M] () MD5=F2DED1ED348E6C2397A14BCAB7E3CD7D -- C:\Windows\assembly\GAC_32\BDATunePIA\6.0.6000.0__31bf3856ad364e35\BDATunePIA.dll
[2011/04/21 13:30:37 | 000,064,000 | ---- | M] () MD5=AEE629029E04E11301668DD5D259F5C8 -- C:\Windows\assembly\GAC_32\cli_cppuhelper\1.0.21.0__ce2cb7e279207b9e\cli_cppuhelper.dll
[2009/03/29 21:42:12 | 000,069,120 | ---- | M] () MD5=8607A3AE9C287A8E3CDF6E410A1426A7 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
[2009/03/29 21:42:14 | 000,072,192 | ---- | M] () MD5=92DB3D1348F73D25CA503205AEBEE73E -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
[2009/04/10 23:31:12 | 000,079,872 | ---- | M] () MD5=A74F40FE3781A88D2B1F6CAA758EF0B2 -- C:\Windows\assembly\GAC_32\mcstoredb\6.0.6000.0__31bf3856ad364e35\mcstoredb.dll
[2009/04/10 23:31:12 | 000,141,312 | ---- | M] () MD5=38B2955792561C5A1E1E712551BD7ACC -- C:\Windows\assembly\GAC_32\mcupdate\6.0.6000.0__31bf3856ad364e35\mcupdate.exe
[2009/04/10 23:31:12 | 000,106,496 | ---- | M] () MD5=546CD69B747D7ACB84FBE4FB8603EE68 -- C:\Windows\assembly\GAC_32\Mcx2Dvcs\6.0.6000.0__31bf3856ad364e35\Mcx2Dvcs.dll
[2009/04/10 23:31:18 | 000,507,904 | ---- | M] () MD5=F20BA0C9DCD43D7A1E8586D5919AA5E1 -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Microsoft.Ink.dll
[2006/11/02 10:47:01 | 000,077,824 | ---- | M] () MD5=7AAFBF522A988D2A093A4CEFBE5633FE -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
[2009/02/18 11:38:44 | 000,163,840 | ---- | M] () MD5=C2F066D62ADF52D9EEED2E721AC6C101 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
[2011/04/19 21:09:49 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
[2011/04/19 21:09:49 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
[2011/04/19 21:09:51 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
[2011/07/08 12:53:06 | 004,550,656 | ---- | M] () MD5=E9EE2B2F1EB50E9D7B9CEEC5F3F4D303 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
[2011/04/19 21:09:50 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
[2011/04/19 21:09:52 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
[2011/04/19 21:09:52 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
[2011/04/19 21:09:50 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
[2011/04/19 21:09:50 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
[2011/04/19 21:09:51 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
[2011/04/19 21:09:51 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
[2011/04/19 21:09:52 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
[2011/04/19 21:09:49 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
[2011/04/19 21:09:51 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
[2008/01/18 23:38:44 | 000,046,080 | ---- | M] () MD5=18A24D038910FB55AC04EDC30B95BEC3 -- C:\Windows\assembly\GAC_32\napcrypt\6.0.0.0__31bf3856ad364e35\NAPCRYPT.DLL
[2008/01/18 23:38:46 | 000,103,936 | ---- | M] () MD5=B621CEA9D376BB8E85D6F65807068281 -- C:\Windows\assembly\GAC_32\naphlpr\6.0.0.0__31bf3856ad364e35\NAPHLPR.DLL
[2011/04/21 13:30:45 | 000,000,382 | ---- | M] () MD5=3BAF2A374186AB711B5A34EE5B2F44EC -- C:\Windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\21.0.0.0__ce2cb7e279207b9e\cli_cppuhelper.config
[2011/04/21 13:30:45 | 000,003,072 | ---- | M] () MD5=1559D82D88D5A0CA92EF9B173EDAB795 -- C:\Windows\assembly\GAC_32\policy.1.0.cli_cppuhelper\21.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll
[2006/11/02 13:35:24 | 000,000,446 | ---- | M] () MD5=41D1BF747E31A9FE5B313795C341ED17 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
[2006/11/02 13:35:24 | 000,005,632 | ---- | M] () MD5=F5941E3CF5909022C3AD6AC4D2804669 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
[2006/09/18 22:34:47 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
[2006/11/02 10:47:07 | 000,005,632 | ---- | M] () MD5=F516E8DFA7E2538E03B383635840F698 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
[2006/09/18 22:34:47 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
[2006/11/02 10:47:07 | 000,005,632 | ---- | M] () MD5=25BFE1285DED18CB7F5BFF465795E056 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
[2006/11/02 13:35:24 | 000,000,446 | ---- | M] () MD5=41D1BF747E31A9FE5B313795C341ED17 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
[2006/11/02 13:35:24 | 000,005,632 | ---- | M] () MD5=C057BC981DF01192671FDFDCCC200241 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.0.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
[2010/04/05 13:19:06 | 004,214,784 | ---- | M] () MD5=2A4CF3BE9DE790B458FD03F2F58C9411 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
[2011/04/19 13:28:12 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config
[2009/02/18 11:39:22 | 001,737,064 | ---- | M] () MD5=2375A14D4F181E0535C5C32FB4C55F26 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
[2009/03/29 21:42:18 | 000,486,400 | ---- | M] () MD5=8571264244AB71C45DDDD5091FA79EB0 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
[2009/03/29 21:42:18 | 002,933,760 | ---- | M] () MD5=506B6592BF6116521F152DCCB39A6143 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
[2009/03/29 21:42:20 | 000,258,048 | ---- | M] () MD5=70891F0ED183AC39BE4C5E43666A35C7 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
[2009/04/10 19:04:16 | 000,113,664 | ---- | M] () MD5=296AACAE51A6995D2016C2C3E4774D81 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
[2009/02/18 11:39:20 | 000,368,640 | ---- | M] () MD5=D538EFF8D1C41E096CAF22C65F60BDA7 -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
[2009/03/29 21:42:20 | 000,261,632 | ---- | M] () MD5=B74BB4FA1CB68892CAF2E3A586A55E23 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
[2010/09/25 19:34:21 | 005,242,880 | ---- | M] () MD5=7D5693B76B5146060B7A16DD704B30EF -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler /s >
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" = Component Categories cache daemon

< HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s >
"RtHDVCpl" = RtHDVCpl.exe -- [2006/12/29 11:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor)
"LMgrVolOSD" = C:\Program Files\Launch Manager\OSD.exe -- [2006/12/26 19:23:34 | 000,180,224 | ---- | M] (Wistron Corp.)
"LMgrOSD" = C:\Program Files\Launch Manager\OSDCtrl.exe -- [2006/08/29 17:26:32 | 000,241,664 | ---- | M] ()
"NeroFilterCheck" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe -- [2007/02/27 04:46:56 | 000,153,136 | ---- | M] (Nero AG)
"SunJavaUpdateSched" = "C:\Program Files\Common Files\Java\Java Update\jusched.exe" -- [2010/05/14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.)
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" -- [2011/07/11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.)
"AdobeAAMUpdater-1.0" = "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" -- [2011/03/15 17:42:18 | 000,499,608 | ---- | M] (Adobe Systems Incorporated)
"SwitchBoard" = C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated)
"AdobeCS5ServiceManager" = "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin -- [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated)
"Mobile Connectivity Suite" = "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions -- [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB)
"AdobeCS5.5ServiceManager" = "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"HotkeyApp" = C:\Program Files\Launch Manager\HotkeyApp.exe -- [2006/12/15 00:53:28 | 000,192,512 | ---- | M] (Wistron)
"LaunchAp" = C:\Program Files\Launch Manager\LaunchAp.exe -- [2005/07/25 21:36:40 | 000,032,768 | ---- | M] ()
"Malwarebytes' Anti-Malware (reboot)" = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript -- [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation)

< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009/04/10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation)
"StartCCC" = c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -- [2006/11/10 20:35:24 | 000,090,112 | ---- | M] ()
"fsc-reg" = C:\ProgramData\fsc-reg\fscreg.exe -- [2007/06/13 09:34:46 | 000,339,984 | ---- | M] (Fujitsu Siemens Computers)
"AdobeBridge" = "C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth -- [2011/03/02 21:35:24 | 012,008,296 | ---- | M] (Adobe Systems, Inc.)

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager /s >
"CriticalSectionTimeout" = 2592000
"GlobalFlag" = 0
"HeapDeCommitFreeBlockThreshold" = 0
"HeapDeCommitTotalFreeThreshold" = 0
"HeapSegmentCommit" = 0
"HeapSegmentReserve" = 0
"ProcessorControl" = 2
"ResourceTimeoutCount" = 648000
"BootExecute" = autocheck autochk * [binary data]
"ExcludeFromKnownDlls" = [binary data]
"ObjectDirectories" = \Windows\RPC Control [binary data]
"ProtectionMode" = 1
"NumberOfInitialSessions" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCompatCache]
"AppCompatCache" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager]
"BackupCount" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\DOS Devices]
"AUX" = \DosDevices\COM1 -- [1601/01/01 01:00:00 | 000,000,000 | ---- | M] ()
"MAILSLOT" = \Device\MailSlot
"NUL" = \Device\Null
"PIPE" = \Device\NamedPipe
"PRN" = \DosDevices\LPT1 -- [1601/01/01 01:00:00 | 000,000,000 | ---- | M] ()
"UNC" = \Device\Mup
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec" = %SystemRoot%\system32\cmd.exe -- [2008/01/18 23:33:06 | 000,318,976 | ---- | M] (Microsoft Corporation)
"FP_NO_HOST_CHECK" = NO
"OS" = Windows_NT
"Path" = %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Windows Live\Shared;C:\Program Files\Common Files\Teleca Shared
"PATHEXT" = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE" = x86
"TEMP" = %SystemRoot%\TEMP -- [2011/10/16 19:36:19 | 000,000,000 | ---D | M]
"TMP" = %SystemRoot%\TEMP -- [2011/10/16 19:36:19 | 000,000,000 | ---D | M]
"USERNAME" = SYSTEM
"windir" = %SystemRoot% -- [2011/10/16 14:53:30 | 000,000,000 | ---D | M]
"PROCESSOR_LEVEL" = 6
"PROCESSOR_IDENTIFIER" = x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION" = 0e0c
"NUMBER_OF_PROCESSORS" = 2
"PSModulePath" = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ -- [2011/04/20 00:36:48 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Executive]
"AdditionalCriticalWorkerThreads" = 0
"AdditionalDelayedWorkerThreads" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\I/O System]
"AllowRemoteDASD" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]
"ObUnsecureGlobalNames" = [Binary data over 100 bytes]
"DisableExceptionChainValidation" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs]
"clbcatq" = clbcatq.dll -- [2008/01/18 23:33:54 | 000,523,776 | ---- | M] (Microsoft Corporation)
"ole32" = ole32.dll -- [2010/06/28 18:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation)
"advapi32" = advapi32.dll -- [2009/04/10 23:28:18 | 000,800,768 | ---- | M] (Microsoft Corporation)
"COMDLG32" = COMDLG32.dll -- [2009/04/10 23:28:20 | 000,450,560 | ---- | M] (Microsoft Corporation)
"DllDirectory" = %SystemRoot%\system32 -- [2011/10/16 14:38:12 | 000,000,000 | ---D | M]
"gdi32" = gdi32.dll -- [2009/04/10 23:28:20 | 000,297,472 | ---- | M] (Microsoft Corporation)
"IERTUTIL" = IERTUTIL.dll -- [2011/10/01 00:01:34 | 002,000,384 | ---- | M] (Microsoft Corporation)
"IMAGEHLP" = IMAGEHLP.dll -- [2008/01/18 23:34:34 | 000,153,088 | ---- | M] (Microsoft Corporation)
"IMM32" = IMM32.dll -- [2009/04/10 23:28:22 | 000,114,688 | ---- | M] (Microsoft Corporation)
"kernel32" = kernel32.dll -- [2011/04/12 17:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation)
"LPK" = LPK.dll -- [2011/04/19 17:48:15 | 000,023,552 | ---- | M] (Microsoft Corporation)
"MSCTF" = MSCTF.dll -- [2009/04/10 23:28:22 | 000,807,424 | ---- | M] (Microsoft Corporation)
"MSVCRT" = MSVCRT.dll -- [2009/04/10 23:28:24 | 000,679,936 | ---- | M] (Microsoft Corporation)
"NORMALIZ" = NORMALIZ.dll -- [2006/11/02 09:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation)
"NSI" = NSI.dll -- [2008/01/18 23:35:58 | 000,008,192 | ---- | M] (Microsoft Corporation)
"OLEAUT32" = OLEAUT32.dll -- [2011/08/25 17:14:01 | 000,563,712 | ---- | M] (Microsoft Corporation)
"rpcrt4" = rpcrt4.dll -- [2011/04/19 12:35:37 | 000,784,896 | ---- | M] (Microsoft Corporation)
"Setupapi" = Setupapi.dll -- [2009/04/10 23:28:26 | 001,591,296 | ---- | M] (Microsoft Corporation)
"SHELL32" = SHELL32.dll -- [2011/01/21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"SHLWAPI" = SHLWAPI.dll -- [2011/01/21 17:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation)
"URLMON" = URLMON.dll -- [2011/10/01 00:06:09 | 001,212,416 | ---- | M] (Microsoft Corporation)
"user32" = user32.dll -- [2009/04/10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation)
"USP10" = USP10.dll -- [2010/04/16 17:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation)
"WININET" = WININET.dll -- [2011/10/01 00:06:24 | 000,916,480 | ---- | M] (Microsoft Corporation)
"WLDAP32" = WLDAP32.dll -- [2009/04/10 23:28:26 | 000,287,744 | ---- | M] (Microsoft Corporation)
"WS2_32" = WS2_32.dll -- [2008/01/18 23:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown" = 0
"DisablePagingExecutive" = 0
"LargeSystemCache" = 0
"NonPagedPoolQuota" = 0
"NonPagedPoolSize" = 0
"PagedPoolQuota" = 0
"PagedPoolSize" = 0
"PhysicalAddressExtension" = 0
"SecondLevelDataCache" = 0
"SessionPoolSize" = 4
"SessionViewSize" = 48
"SystemPages" = 798720
"PagingFiles" = ?:\pagefile.sys [binary data]
"ExistingPageFiles" = \??\C:\pagefile.sys [binary data] -- [2011/10/16 19:23:56 | 2325,237,760 | -HS- | M] ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]
"BootId" = 216
"BaseTime" = 332502168
"VideoInitTime" = 15
"EnableSuperfetch" = 3
"EnablePrefetcher" = 3
"EnableBootTrace" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"AcPolicy" = [Binary data over 100 bytes]
"DcPolicy" = [Binary data over 100 bytes]
"AcProcessorPolicy" = 01 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 A0 86 01 00 A0 86 01 00 A0 86 01 00 28 32 00 00 02 00 00 00 A0 86 01 00 A0 86 01 00 A0 86 01 00 28 3C 00 00 03 00 00 00 A0 86 01 00 A0 86 01 00 A0 86 01 00 28 50 00 00 01 00 00 00 [binary data]
"DcProcessorPolicy" = 01 00 00 00 03 00 00 00 00 00 00 00 03 00 00 00 A0 86 01 00 A0 86 01 00 A0 86 01 00 0A 14 00 00 02 00 00 00 A0 86 01 00 A0 86 01 00 A0 86 01 00 14 28 00 00 03 00 00 00 A0 86 01 00 A0 86 01 00 A0 86 01 00 14 46 00 00 01 00 00 00 [binary data]
"PowerSettingProfile" = 0
"Heuristics" = 06 00 00 00 00 01 01 00 00 00 00 00 00 00 00 00 3F 42 0F 00 [binary data]
"SystemPowerPolicy" = [Binary data over 100 bytes]
"HiberElapsedTime" = 65899
"HiberIoTime" = 53590
"HiberInitTime" = 4
"HiberCopyTime" = 771
"HiberCopyBytes" = 1656761848
"HiberPagesWritten" = 136350
"HiberPagesProcessed" = 276846
"HiberDumpCount" = 136350
"HiberFileRuns" = 3
"HiberReadTime" = 64516
"HiberResumeAppTime" = 65256
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Quota System]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug" =
"" = mnmsrvc
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase" = 2137980928
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\PnP]
"seed" = 1193057078
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\WPA\SigningHash-PRCRFTFJWDC296]
"SigningHashData" = 9F 81 D2 9E 9C C3 C2 DE F9 94 55 CB E3 E3 77 46 6E 99 DA E0 22 5D 4D 05 AD FD C2 DB B3 7F 85 71 7F AB AF 6F 72 32 FC B6 96 DC F7 1D 04 B1 C8 D3 7B FB B3 93 0B 11 CF B2 [binary data]

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s >
"ServerAdminUI" = 0
"Hidden" = 1
"ShowCompColor" = 1
"HideFileExt" = 0
"DontPrettyPath" = 0
"ShowInfoTip" = 1
"HideIcons" = 0
"MapNetDrvBtn" = 0
"WebView" = 1
"Filter" = 0
"SuperHidden" = 0
"SeparateProcess" = 0
"AutoCheckSelect" = 0
"IconsOnly" = 0
"ShowTypeOverlay" = 1
"ListviewAlphaSelect" = 1
"ListviewShadow" = 1
"ListviewWatermark" = 1
"TaskbarAnimations" = 1
"StartMenuInit" = 3
"AlwaysShowMenus" = 0
"FolderContentsInfoTip" = 1
"FriendlyTree" = 1
"ShowSuperHidden" = 1
"ClassicViewState" = 0
"PersistBrowsers" = 0
"ShowPreviewHandlers" = 1
"SharingWizardOn" = 1
"TypeAhead" = 0
"TaskbarSizeMove" = 1
"TaskbarGlomming" = 1

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011/10/16 19:40:59 | 000,000,512 | ---- | M] () MD5=441A0471FFAE190A78C402E7E3712180 -- C:\PhysicalMBR.bin


< MD5 for: ACPI.SYS >
[2006/11/02 10:51:30 | 000,255,592 | ---- | M] (Microsoft Corporation) MD5=192BDBD1540645C4A2AA69F24CCE197F -- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.sys
[2011/04/19 17:18:53 | 000,258,232 | ---- | M] (Microsoft Corporation) MD5=2F9073FDE68F6CD623EC6340DB0763BE -- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\acpi.sys
[2009/04/10 23:32:48 | 000,265,688 | ---- | M] (Microsoft Corporation) MD5=82B296AE1892FE3DBEE00C9CF92F8AC7 -- C:\Windows\System32\drivers\acpi.sys
[2009/04/10 23:32:48 | 000,265,688 | ---- | M] (Microsoft Corporation) MD5=82B296AE1892FE3DBEE00C9CF92F8AC7 -- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_62085e44\acpi.sys
[2009/04/10 23:32:48 | 000,265,688 | ---- | M] (Microsoft Corporation) MD5=82B296AE1892FE3DBEE00C9CF92F8AC7 -- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6002.18005_none_24743d0fcb299a94\acpi.sys
[2011/04/19 17:18:55 | 000,258,232 | ---- | M] (Microsoft Corporation) MD5=84FC6DF81212D16BE5C4F441682FECCC -- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\acpi.sys
[2011/04/19 17:18:55 | 000,258,232 | ---- | M] (Microsoft Corporation) MD5=84FC6DF81212D16BE5C4F441682FECCC -- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\acpi.sys
[2008/01/18 23:43:04 | 000,266,808 | ---- | M] (Microsoft Corporation) MD5=FCB8C7210F0135E24C6580F7F649C73C -- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_cae6072a\acpi.sys
[2008/01/18 23:43:04 | 000,266,808 | ---- | M] (Microsoft Corporation) MD5=FCB8C7210F0135E24C6580F7F649C73C -- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6001.18000_none_2288c403ce07cf48\acpi.sys

< MD5 for: AFD.SYS >
[2011/04/21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2006/11/02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2011/04/21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/18 21:57:04 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 21:47:04 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011/04/19 14:57:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011/04/19 14:57:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011/04/19 14:57:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: BEEP.SYS >
[2008/01/18 21:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\ERDNT\cache\beep.sys
[2008/01/18 21:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/18 21:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006/11/02 09:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

< MD5 for: DISK.SYS >
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/10 23:32:32 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 23:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EXPLORER.EXE >
[2011/04/19 14:55:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/04/19 14:55:31 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/04/19 14:55:30 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/04/19 17:18:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/04/19 17:18:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/04/19 14:55:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: I8042PRT.SYS >
[2006/11/02 09:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 09:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2011/04/19 14:32:28 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
[2011/04/19 14:32:29 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
[2011/04/19 14:32:28 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2011/04/19 14:32:29 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/01/18 21:49:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\drivers\i8042prt.sys
[2008/01/18 21:49:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys
[2008/01/18 21:49:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys
[2008/01/18 21:49:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_8b7c4328\i8042prt.sys
[2008/01/18 21:49:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008/01/18 21:49:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\i8042prt.sys
[2008/01/18 21:49:20 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2011/04/19 14:32:27 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2011/04/19 14:32:27 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2006/05/11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\drivers\iaStor.sys
[2006/05/11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c3369af\iaStor.sys
[2006/05/11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0d20ce62\iaStor.sys

< MD5 for: LSASS.EXE >
[2011/04/19 14:47:31 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2011/04/19 17:07:39 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2011/04/19 14:47:32 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\ERDNT\cache\lsass.exe
[2011/04/19 14:47:32 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2011/04/19 14:47:32 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2011/04/19 14:16:05 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2006/11/02 10:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=6A0E382E74280E4CC0DF17FE2661D003 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[2011/04/19 14:47:27 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2011/04/19 14:47:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2011/04/19 14:16:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2011/04/19 14:47:35 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2011/04/19 14:47:36 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2011/04/19 17:07:36 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2011/04/19 17:07:42 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2011/04/19 14:16:01 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2011/04/19 14:16:01 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2011/04/19 14:16:01 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2011/04/19 14:16:00 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: MUP.SYS >
[2009/04/10 23:32:32 | 000,048,104 | ---- | M] (Microsoft Corporation) MD5=6A57B5733D4CB702C8EA4542E836B96C -- C:\Windows\System32\drivers\mup.sys
[2009/04/10 23:32:32 | 000,048,104 | ---- | M] (Microsoft Corporation) MD5=6A57B5733D4CB702C8EA4542E836B96C -- C:\Windows\winsxs\x86_microsoft-windows-mup_31bf3856ad364e35_6.0.6002.18005_none_aeddc23a55a59404\mup.sys
[2008/01/18 23:42:16 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6DFD1D322DE55B0B7DB7D21B90BEC49C -- C:\Windows\winsxs\x86_microsoft-windows-mup_31bf3856ad364e35_6.0.6001.18000_none_acf2492e5883c8b8\mup.sys
[2006/11/02 10:50:24 | 000,046,696 | ---- | M] (Microsoft Corporation) MD5=FA7AA70050CF5E2D15DE00941E5665E5 -- C:\Windows\winsxs\x86_microsoft-windows-mup_31bf3856ad364e35_6.0.6000.16386_none_aabb87325b98b7e4\mup.sys

< MD5 for: NDIS.SYS >
[2009/04/10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009/04/10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/10 23:32:50 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006/11/02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/18 23:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: SERIAL.SYS >
[2008/01/18 21:49:36 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_33048ac2\serial.sys
[2008/01/18 21:49:36 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_44880ea7\serial.sys
[2008/01/18 21:49:36 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_hiddigi.inf_31bf3856ad364e35_6.0.6001.18000_none_955c449145dbf667\serial.sys
[2008/01/18 21:49:36 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=6D663022DB3E7058907784AE14B69898 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.0.6001.18000_none_f897b0b1b85e4433\serial.sys
[2006/11/02 09:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\drivers\serial.sys
[2006/11/02 09:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_9d4661e2\serial.sys
[2006/11/02 09:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=C70D69A918B178D3C3B06339B40C2E1B -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_ac874de4\serial.sys

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 10:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 23:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/10 23:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 23:32:56 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2011/04/19 14:57:39 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2011/04/19 14:57:39 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2011/04/19 14:57:39 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/18 23:42:50 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/18 23:42:50 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >

Extras:

OTL Extras logfile created on: 16/10/2011 19:38:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Astrantia\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 58.23% Memory free
3.99 Gb Paging File | 2.99 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.41 Gb Total Space | 13.60 Gb Free Space | 20.79% Space Free | Partition Type: NTFS
Drive D: | 11.72 Gb Total Space | 5.90 Gb Free Space | 50.37% Space Free | Partition Type: NTFS
Drive E: | 32.70 Gb Total Space | 24.99 Gb Free Space | 76.42% Space Free | Partition Type: NTFS

Computer Name: ASTRANTIA-PC | User Name: Astrantia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1147877497-84825695-3507218712-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3D1BF6CB-81AD-49BB-AC98-EE7E80DAD8BB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{787DEB55-778D-447C-8C68-DCDCB62F72C0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{125EB21C-0E01-4501-92DD-BD40692DC010}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{16AEBF08-EB1B-47A0-87B0-47D5FEA4EA4A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1AD6ED14-EBAC-4813-B3A6-9CA11CA8AAE5}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{1B3BD6D8-AB0E-4DB4-A44F-2D14154839F5}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{26F10D38-D56B-4846-ACD3-35F0C2E394DF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{34EE033C-E940-4582-8888-0937EE7E5706}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4A172803-CFCA-475C-9020-A641D4E69E95}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{5B639DCB-16B4-4641-95EA-B3ADD4077F99}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{77A537DF-3E80-4016-B665-EE24247D4234}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{859A46E0-E336-42BB-A6B7-FD17A9FE9128}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{87517C06-DBC3-4D2A-AD23-EC66B50F54CF}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{94E3D01D-F9EC-4B0A-9711-3B3D0A32FAE7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{99716699-A117-464C-9905-D4F45A175B06}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{A788AF20-39BD-4E11-B3A6-B7F754D6F586}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B2F75AE3-AB77-4016-B252-8FF4F8CD910E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D283690F-E09C-4213-8AE4-B244351F2B96}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{D7EA3683-6A38-417F-A650-2683A8E3D409}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D9B5F51C-50B8-4041-B3B5-BEAAE2844AF9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{DC3DC02B-FC8A-4945-B0A8-A798EC721F17}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{DE0CE3FC-9E4C-4FFE-934E-C7543E1ED22A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DE9D8503-6479-45BE-9A50-2212C8D99B3B}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{DFAF9292-4469-4FEE-A030-3124656C54B6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EA2D5A42-604D-42D1-A17F-C1C4C4CD3CDF}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019749A1-F9BC-476C-2614-58D9ED0A6F40}" = ccc-core-static
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A21003A-E0A8-6042-F307-C7FBAE836794}" = Catalyst Control Center Localization Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFCEDD8-5F43-A2FF-E63B-2FE3650C9A02}" = CCC Help English
"{0E19D441-0A05-EA5A-4158-BFBC2B24C564}" = ccc-utility
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10FDD3F5-EFE7-2B75-B2CC-7AC661CA09DE}" = CCC Help Swedish
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C8808D1-CE58-18DA-3B21-CDEF8D9B0BED}" = CCC Help Turkish
"{1D787FAC-0ABE-FD00-660C-B880A31166C0}" = Catalyst Control Center Localization Arabic
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FF5B839-C9A3-79EB-49E7-5D1952776664}" = Catalyst Control Center Localization French
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{260DAAF9-00EB-D2AA-4D83-24C1EB34C6FA}" = CCC Help Norwegian
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2E932A07-F5F6-CCC5-4854-97DB9A3AFB2E}" = Catalyst Control Center Localization Chinese Standard
"{319B3AD0-8B75-8D34-9C19-3F9AEB064C88}" = Catalyst Control Center Localization German
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33D56EDB-EC6B-2B62-1F31-FDEF7BDF941A}" = Catalyst Control Center Localization Hungarian
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{357CEB93-ED71-2916-CD74-4F8F7376542B}" = ccc-localization-da
"{361D1727-5203-D58A-5A00-98E29585207D}" = Catalyst Control Center Core Implementation
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FF9C945-3D49-6EF5-9EC3-D89A89FD1AE6}" = CCC Help Thai
"{404B19DC-6955-44B9-9DEA-0990A5146554}" = CCC Help Korean
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4516D595-253A-1EF2-B2C5-2A43785B3B8E}" = CCC Help Danish
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47E8C7A1-4D23-80FD-2A74-A81AB9690F05}" = Catalyst Control Center Localization Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F5CF93-3F01-E826-0147-59815335CBB2}" = CCC Help Japanese
"{5C2498DD-BE37-86F7-354D-34E3101BAB74}" = Catalyst Control Center Localization Arabic
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64CC0986-62C9-EE7B-AEC4-C029247340D8}" = CCC Help Russian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70C68C2A-E081-16C6-7366-3CCBD6E2028A}" = Catalyst Control Center Localization Arabic
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{745EBF89-814D-1693-6778-7E6722D089B9}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788FCF58-A22D-AC6A-0422-085E5EEDC41B}" = CCC Help Czech
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81CD6232-10F5-4832-B3DA-1B88B1571033}" = Nero 7 Essentials
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84991F86-23E3-016E-F6C1-5072D1707558}" = Catalyst Control Center Localization Korean
"{858847DC-C7A9-CA65-D84E-194CFAB1176D}" = Catalyst Control Center Graphics Previews Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{91F3F438-C591-037B-BC98-A0FE7481CB2A}" = Catalyst Control Center Localization Arabic
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9817BBF0-C642-D820-B3B1-5BBB6D55EABF}" = Catalyst Control Center Localization Arabic
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A757784B-4562-C19D-18FD-2810B76348BD}" = CCC Help Spanish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC768D91-EC0E-1401-62D6-1E09D42B82FF}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0020AAE-255D-9AFA-F076-C19B07E47AF4}" = CCC Help Finnish
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C552F65D-7DCA-6542-7E0A-17EA07513FED}" = Catalyst Control Center Localization Finnish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9EC23BB-9AE0-8C29-B6E4-4B8CF5AE535E}" = Catalyst Control Center Localization Spanish
"{CC7F87A1-95A9-83FC-D65C-4CA675526DC2}" = CCC Help Chinese Traditional
"{CCE41B2F-0516-AB46-3BBC-6B691634A66B}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7C6234-D304-0C9C-4EA4-0C07B85021FD}" = Catalyst Control Center Localization Czech
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.4
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7824725-F3EB-9940-6311-F39D5F7732E1}" = Catalyst Control Center Graphics Full Existing
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBED4E6A-BB0E-8D0A-FA4C-A60856A62F64}" = Catalyst Control Center Localization Arabic
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE822D87-23EB-C65D-8FC4-752391F0B257}" = Skins
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12335FC-16B4-D2C6-3209-AAA8BB661F77}" = CCC Help Polish
"{E4C2DEEC-E608-6962-D97C-2FAB04046CD2}" = CCC Help German
"{E68A9B61-EFE8-C7B3-0D2C-0B221FA8EC6A}" = CCC Help Greek
"{E793B1DE-7542-F473-460A-8A8F7AF0D47D}" = CCC Help Dutch
"{E8E3E4B7-6A0C-EEE2-83AB-B23B421181E6}" = CCC Help Chinese Standard
"{EB196FD0-1019-D772-C266-3F7E5F5EE1FB}" = Catalyst Control Center Localization Arabic
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDF31891-87A1-C665-E72A-5D6C15C36F02}" = Catalyst Control Center Localization Arabic
"{EFB59A8A-BCE7-7FEB-EB54-A687088B02FC}" = Catalyst Control Center Localization Chinese Traditional
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0B9C15C-6804-892C-310E-8B11BD585A76}" = Catalyst Control Center Localization Greek
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26129FD-925E-5752-E674-96F06AC82310}" = CCC Help Hungarian
"{FBAD116A-A763-810D-A843-6D09D265773F}" = CCC Help Portuguese
"{FCE3FA3F-411C-CF5C-98B6-8B968E27D393}" = CCC Help Italian
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorPic" = ColorPic
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"FileZilla Client" = FileZilla Client 3.5.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"Trillian" = Trillian
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1147877497-84825695-3507218712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"KingJackpot" = KingJackpot
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/10/2011 15:58:42 | Computer Name = Astrantia-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14/10/2011 15:58:42 | Computer Name = Astrantia-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14/10/2011 16:00:54 | Computer Name = Astrantia-PC | Source = SPP | ID = 16387
Description =

Error - 14/10/2011 16:00:54 | Computer Name = Astrantia-PC | Source = System Restore | ID = 8193
Description =

Error - 14/10/2011 16:01:11 | Computer Name = Astrantia-PC | Source = SPP | ID = 16387
Description =

Error - 14/10/2011 16:01:11 | Computer Name = Astrantia-PC | Source = System Restore | ID = 8193
Description =

Error - 14/10/2011 16:01:54 | Computer Name = Astrantia-PC | Source = MsiInstaller | ID = 11704
Description =

Error - 14/10/2011 16:35:33 | Computer Name = Astrantia-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0x69c, application
start time 0x01cc8aadf94f3116.

Error - 14/10/2011 19:34:07 | Computer Name = Astrantia-PC | Source = Application Error | ID = 1000
Description = Faulting application winsett.exe, version 0.0.0.0, time stamp 0x4e876e67,
faulting module ieframe.dll, version 8.0.6001.19120, time stamp 0x4e2aa9b8, exception
code 0xc0000005, fault offset 0x0012bddc, process id 0x18ec, application start time
0x01cc8ac98c539b26.

Error - 14/10/2011 19:34:47 | Computer Name = Astrantia-PC | Source = Application Error | ID = 1000
Description = Faulting application winsett.exe, version 0.0.0.0, time stamp 0x4e876e67,
faulting module winsett.exe, version 0.0.0.0, time stamp 0x4e876e67, exception
code 0xc0000005, fault offset 0x00001c45, process id 0x458, application start time
0x01cc8aae3c24c8b1.


< End of report >

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:41 PM

Posted 16 October 2011 - 04:29 PM

Hi Amie,



We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    [2011/10/08 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\Xilom
    [2011/10/08 01:22:08 | 000,000,000 | ---D | C] -- C:\Users\Astrantia\AppData\Roaming\Kewuxy
    :files
    dir /s /a "C:\ProgramData\kH01610MkOmK01610" /c
    ipconfig /flushdns /c
    :commands
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.



I'd like us to scan your machine with ESET OnlineScan



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Regards,
Georgi

cXfZ4wS.png


#13 Amie L

Amie L
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 17 October 2011 - 05:21 PM

Hi Georgi,

I really appreciate all the help you're giving me!

OLT File:

========== OTL ==========
C:\Users\Astrantia\AppData\Roaming\Xilom folder moved successfully.
C:\Users\Astrantia\AppData\Roaming\Kewuxy folder moved successfully.
========== FILES ==========
< dir /s /a "C:\ProgramData\kH01610MkOmK01610" /c >
Volume in drive C is System
Volume Serial Number is 9466-8740
Directory of C:\ProgramData\kH01610MkOmK01610
12/09/2011 03:49 <DIR> .
12/09/2011 03:49 <DIR> ..
12/09/2011 16:41 208 kH01610MkOmK01610
1 File(s) 208 bytes
Total Files Listed:
1 File(s) 208 bytes
2 Dir(s) 13,916,983,296 bytes free
C:\Users\Astrantia\Desktop\cmd.bat deleted successfully.
C:\Users\Astrantia\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Astrantia\Desktop\cmd.bat deleted successfully.
C:\Users\Astrantia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 10172011_201424

ESET Scan:

C:\ISP\AOL\stdnet_updater.exe probably a variant of Win32/StartPage.LWOOMNQ trojan
C:\ISP\AOL\comps\acs\acssetup.exe probably a variant of Win32/StartPage.LWOOMNQ trojan
C:\Qoobox\Quarantine\[4]-Submit_2011-10-16_14.18.01.zip probably a variant of Win32/Agent.SDL trojan
C:\Users\Astrantia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WKJFSDG\ni[1].htm HTML/Iframe.B.Gen virus
C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\18733b4b-1ad41e84 multiple threats
C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2a533cb0-40f05f4d a variant of Win32/Kryptik.SSF trojan
C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-14af104d a variant of Java/Agent.DT trojan
C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-37f468be a variant of Java/Agent.DT trojan
C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-48efe788 a variant of Java/Agent.DT trojan
C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-54f170ca a variant of Java/Agent.DT trojan
C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-5ad87be4 a variant of Java/Agent.DT trojan
C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-65d0f3a2 a variant of Java/Agent.DT trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UGZVNL7\info[1].exe a variant of Win32/Kryptik.TWH trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UGZVNL7\soft_be_tc[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1GVB9Z8\calc[1].exe a variant of Win32/Kryptik.TWH trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK02UTFN\lazkano_net[1].htm JS/Kryptik.CK trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPNHO8MC\cfdd8[1].pdf JS/Exploit.Pdfka.PES trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJESNZAF\36539[1].pdf JS/Exploit.Pdfka.PES trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJESNZAF\soft_be_tc[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWPFG7Q1\c83a1[1].pdf JS/Exploit.Pdfka.PEN trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBH969LU\info[1].exe a variant of Win32/Kryptik.TUH trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBH969LU\soft_be_tc[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ9PX5VQ\soft_be_tc[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPRREWOY\soft_be_tc[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XR96EIYD\networkuj8_eu[1].htm HTML/Iframe.B.Gen virus
C:\Windows\System32\config\systemprofile\AppData\Local\rppeklve\avhqulfu.exe a variant of Win32/Kryptik.TIY trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\30ae780-256c5e23 multiple threats
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\a6ae259-40f49984 a variant of Java/Agent.DM trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2094afae-4919a437 a variant of Java/Agent.DN trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-3c47394c a variant of Java/Agent.DT trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-50d27751 a variant of Java/Agent.DT trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-529a67f2 a variant of Java/Agent.DT trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-5499bed6 a variant of Java/Agent.DT trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-7681454c a variant of Java/Agent.DT trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-782fc641 a variant of Java/Agent.DT trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\208216b8-722154e5 multiple threats

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:41 PM

Posted 17 October 2011 - 06:42 PM

Hi Amie, :)


We are almost done.


We need to run an OTL Fix


  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :files
    C:\ProgramData\kH01610MkOmK01610
    C:\ISP\AOL\stdnet_updater.exe
    C:\ISP\AOL\comps\acs\acssetup.exe
    C:\Users\Astrantia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WKJFSDG\ni[1].htm
    C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\18733b4b-1ad41e84
    C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2a533cb0-40f05f4d
    C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-14af104d
    C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-37f468be
    C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-48efe788
    C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-54f170ca
    C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-5ad87be4
    C:\Users\Astrantia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-65d0f3a2
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UGZVNL7\info[1].exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UGZVNL7\soft_be_tc[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1GVB9Z8\calc[1].exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HK02UTFN\lazkano_net[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPNHO8MC\cfdd8[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJESNZAF\36539[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJESNZAF\soft_be_tc[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWPFG7Q1\c83a1[1].pdf
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBH969LU\info[1].exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NBH969LU\soft_be_tc[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJ9PX5VQ\soft_be_tc[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPRREWOY\soft_be_tc[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XR96EIYD\networkuj8_eu[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\rppeklve\avhqulfu.exe
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\30ae780-256c5e23
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\a6ae259-40f49984
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2094afae-4919a437
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-3c47394c
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-50d27751
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-529a67f2
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-5499bed6
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-7681454c
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\43b8adf4-782fc641
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\208216b8-722154e5
    :commands
    [reboot]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.




Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Let me know how the things are now.


Regards,
Georgi

cXfZ4wS.png


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:41 PM

Posted 21 October 2011 - 07:33 AM

Hi Amie,


It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.
Thank you for your understanding.


Regards,
Georgi

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users