Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue AV Product - PC Performance & Stability Analysis Report


  • This topic is locked This topic is locked
94 replies to this topic

#1 DnDer

DnDer

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 28 January 2012 - 11:45 PM

Computer is showing signs of being infected with a fake AV, as well as irregular BSOD throwing an error code of 0x00000050 "Page Fault in Non-Page Area." It's Vista Home for it's OS.

Based on a similar thread in the "Am I Infected" forum, I ran the following logs: MBAM, SuperAntiSpyware and GMER. (Here.)

Before the scans were run, computer would open multiple error windows saying that it could not write to a file. I apologize for not writing it down. But each file was a random series of letters and numbers, making me think they might be temp files or page files of some sort that the computer was trying to write to that the virus wouldn't allow. Those error messages have disappeared. However, there are no items on the desktop except for SAS and GMER that I've put there. The Start menu is empty, and I have to use Explorer in order to access the drives, or the computer. (I have not tried using the run command, to see if that was functioning, while Explorer was still working for me.)

Please let me know anything else you need, and I'll respond as quickly as I can.

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:53 PM

Posted 31 January 2012 - 03:42 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 31 January 2012 - 08:36 PM

1. QUESTIONS: The user has no discs for recovery. There are three drives listed for the computer, however: factory image (1.3 free of 9.59), hp_pavillion (294 free of 298), and c: (166 free of 288). Is it possible to build a recovery and reinstallation disc for this computer, from those drives, on a system infected with the malware you listed? Or are those considered corrupted and gone, as well? At the moment, if I nuke the machine, I have no way to reinstall Vista on this computer despite having the license stickered onto the case.

2. TDSS Log


18:38:42.0449 0768 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
18:38:42.0486 0768 ============================================================
18:38:42.0486 0768 Current date / time: 2012/01/31 18:38:42.0486
18:38:42.0486 0768 SystemInfo:
18:38:42.0486 0768
18:38:42.0487 0768 OS Version: 6.0.6002 ServicePack: 2.0
18:38:42.0487 0768 Product type: Workstation
18:38:42.0487 0768 ComputerName: BRIAN-PC
18:38:42.0487 0768 UserName: Brian
18:38:42.0487 0768 Windows directory: C:\Windows
18:38:42.0487 0768 System windows directory: C:\Windows
18:38:42.0487 0768 Processor architecture: Intel x86
18:38:42.0487 0768 Number of processors: 4
18:38:42.0487 0768 Page size: 0x1000
18:38:42.0487 0768 Boot type: Normal boot
18:38:42.0487 0768 ============================================================
18:38:50.0654 0768 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
18:38:50.0661 0768 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:38:50.0685 0768 Drive \Device\Harddisk6\DR6 - Size: 0xF0D89000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:38:50.0687 0768 \Device\Harddisk0\DR0:
18:38:50.0687 0768 MBR used
18:38:50.0687 0768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x240FBEA1
18:38:50.0687 0768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x240FBEE0, BlocksNum 0x1331430
18:38:50.0687 0768 \Device\Harddisk1\DR1:
18:38:50.0687 0768 MBR used
18:38:50.0687 0768 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
18:38:50.0687 0768 \Device\Harddisk6\DR6:
18:38:50.0688 0768 MBR used
18:38:50.0688 0768 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x786C09
18:38:51.0008 0768 Initialize success
18:38:51.0009 0768 ============================================================
18:39:10.0354 0756 ============================================================
18:39:10.0354 0756 Scan started
18:39:10.0354 0756 Mode: Manual; SigCheck; TDLFS;
18:39:10.0354 0756 ============================================================
18:39:12.0331 0756 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:39:12.0492 0756 ACPI - ok
18:39:13.0338 0756 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:39:13.0375 0756 adp94xx - ok
18:39:13.0780 0756 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:39:13.0809 0756 adpahci - ok
18:39:14.0056 0756 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:39:14.0105 0756 adpu160m - ok
18:39:14.0411 0756 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:39:14.0434 0756 adpu320 - ok
18:39:15.0050 0756 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:39:15.0186 0756 AFD - ok
18:39:15.0697 0756 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:39:15.0776 0756 agp440 - ok
18:39:16.0297 0756 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:39:16.0317 0756 aic78xx - ok
18:39:17.0065 0756 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:39:17.0112 0756 aliide - ok
18:39:17.0518 0756 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:39:17.0575 0756 amdagp - ok
18:39:18.0359 0756 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:39:18.0400 0756 amdide - ok
18:39:18.0827 0756 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:39:18.0935 0756 AmdK7 - ok
18:39:19.0075 0756 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:39:19.0177 0756 AmdK8 - ok
18:39:19.0345 0756 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:39:19.0366 0756 arc - ok
18:39:19.0581 0756 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:39:19.0611 0756 arcsas - ok
18:39:19.0861 0756 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:19.0957 0756 AsyncMac - ok
18:39:20.0168 0756 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:39:20.0186 0756 atapi - ok
18:39:20.0462 0756 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:39:20.0546 0756 Beep - ok
18:39:20.0778 0756 blbdrive - ok
18:39:21.0018 0756 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:39:21.0069 0756 bowser - ok
18:39:21.0289 0756 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:39:21.0335 0756 BrFiltLo - ok
18:39:21.0537 0756 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:39:21.0573 0756 BrFiltUp - ok
18:39:21.0688 0756 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:39:21.0785 0756 Brserid - ok
18:39:21.0943 0756 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:39:22.0061 0756 BrSerWdm - ok
18:39:22.0187 0756 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:39:22.0289 0756 BrUsbMdm - ok
18:39:22.0574 0756 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:39:22.0679 0756 BrUsbSer - ok
18:39:22.0899 0756 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:39:23.0001 0756 BTHMODEM - ok
18:39:23.0161 0756 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:39:23.0239 0756 cdfs - ok
18:39:23.0351 0756 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:39:23.0418 0756 cdrom - ok
18:39:23.0459 0756 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:39:23.0541 0756 circlass - ok
18:39:23.0740 0756 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:39:23.0774 0756 CLFS - ok
18:39:24.0034 0756 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:39:24.0051 0756 cmdide - ok
18:39:24.0272 0756 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
18:39:24.0298 0756 Compbatt - ok
18:39:24.0477 0756 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:39:24.0495 0756 crcdisk - ok
18:39:24.0511 0756 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:39:24.0593 0756 Crusoe - ok
18:39:24.0727 0756 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:39:24.0798 0756 DfsC - ok
18:39:24.0933 0756 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:39:24.0953 0756 disk - ok
18:39:25.0051 0756 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
18:39:25.0179 0756 Dot4 - ok
18:39:25.0234 0756 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:39:25.0292 0756 Dot4Print - ok
18:39:25.0386 0756 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
18:39:25.0433 0756 dot4usb - ok
18:39:25.0521 0756 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:39:25.0582 0756 drmkaud - ok
18:39:25.0696 0756 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:39:25.0742 0756 DXGKrnl - ok
18:39:25.0780 0756 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:39:25.0896 0756 E1G60 - ok
18:39:25.0999 0756 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:39:26.0024 0756 Ecache - ok
18:39:26.0065 0756 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:39:26.0091 0756 elxstor - ok
18:39:26.0198 0756 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:39:26.0241 0756 exfat - ok
18:39:26.0320 0756 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:39:26.0402 0756 fastfat - ok
18:39:26.0457 0756 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:39:26.0522 0756 fdc - ok
18:39:26.0627 0756 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:39:26.0638 0756 FileInfo - ok
18:39:26.0690 0756 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:39:26.0744 0756 Filetrace - ok
18:39:26.0781 0756 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:39:26.0890 0756 flpydisk - ok
18:39:26.0970 0756 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:39:26.0986 0756 FltMgr - ok
18:39:27.0077 0756 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
18:39:27.0103 0756 fssfltr - ok
18:39:27.0153 0756 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:39:27.0225 0756 Fs_Rec - ok
18:39:27.0325 0756 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:39:27.0353 0756 gagp30kx - ok
18:39:27.0431 0756 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:39:27.0526 0756 HdAudAddService - ok
18:39:27.0637 0756 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:39:27.0750 0756 HDAudBus - ok
18:39:27.0794 0756 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:39:27.0882 0756 HidBth - ok
18:39:28.0046 0756 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:39:28.0109 0756 HidIr - ok
18:39:28.0172 0756 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:39:28.0224 0756 HidUsb - ok
18:39:28.0276 0756 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:39:28.0288 0756 HpCISSs - ok
18:39:28.0391 0756 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
18:39:28.0466 0756 HSF_DP ( UnsignedFile.Multi.Generic ) - warning
18:39:28.0466 0756 HSF_DP - detected UnsignedFile.Multi.Generic (1)
18:39:28.0601 0756 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
18:39:28.0669 0756 HSXHWBS2 ( UnsignedFile.Multi.Generic ) - warning
18:39:28.0669 0756 HSXHWBS2 - detected UnsignedFile.Multi.Generic (1)
18:39:29.0059 0756 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:39:29.0109 0756 HTTP - ok
18:39:29.0177 0756 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:39:29.0210 0756 i2omp - ok
18:39:29.0303 0756 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:39:29.0386 0756 i8042prt - ok
18:39:29.0521 0756 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:39:29.0557 0756 iaStorV - ok
18:39:29.0613 0756 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:39:29.0631 0756 iirsp - ok
18:39:30.0022 0756 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
18:39:30.0332 0756 IntcAzAudAddService - ok
18:39:30.0928 0756 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
18:39:30.0968 0756 intelide - ok
18:39:31.0534 0756 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
18:39:31.0625 0756 intelppm - ok
18:39:32.0312 0756 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:32.0417 0756 IpFilterDriver - ok
18:39:32.0910 0756 IpInIp - ok
18:39:33.0635 0756 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:39:33.0763 0756 IPMIDRV - ok
18:39:34.0386 0756 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:39:34.0522 0756 IPNAT - ok
18:39:34.0671 0756 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:39:34.0760 0756 IRENUM - ok
18:39:35.0031 0756 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:39:35.0048 0756 isapnp - ok
18:39:35.0147 0756 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:39:35.0161 0756 iScsiPrt - ok
18:39:35.0183 0756 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:39:35.0199 0756 iteatapi - ok
18:39:35.0240 0756 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:39:35.0253 0756 iteraid - ok
18:39:35.0344 0756 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:39:35.0355 0756 kbdclass - ok
18:39:35.0515 0756 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
18:39:35.0579 0756 kbdhid - ok
18:39:35.0808 0756 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:39:35.0851 0756 KSecDD - ok
18:39:36.0027 0756 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:36.0082 0756 lltdio - ok
18:39:36.0125 0756 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:39:36.0140 0756 LSI_FC - ok
18:39:36.0164 0756 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:39:36.0178 0756 LSI_SAS - ok
18:39:36.0216 0756 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:39:36.0229 0756 LSI_SCSI - ok
18:39:36.0274 0756 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:39:36.0312 0756 luafv - ok
18:39:36.0449 0756 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\Windows\system32\DRIVERS\lvuvc.sys
18:39:36.0662 0756 LVUVC - ok
18:39:36.0964 0756 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
18:39:37.0003 0756 MBAMProtector - ok
18:39:37.0028 0756 MBAMSwissArmy - ok
18:39:37.0065 0756 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:39:37.0083 0756 mdmxsdk - ok
18:39:37.0120 0756 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:39:37.0163 0756 megasas - ok
18:39:37.0219 0756 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:39:37.0277 0756 Modem - ok
18:39:37.0347 0756 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:39:37.0406 0756 monitor - ok
18:39:37.0470 0756 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:39:37.0482 0756 mouclass - ok
18:39:37.0535 0756 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
18:39:37.0557 0756 moufiltr - ok
18:39:37.0616 0756 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:37.0672 0756 mouhid - ok
18:39:37.0735 0756 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:39:37.0757 0756 MountMgr - ok
18:39:37.0803 0756 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:39:37.0824 0756 mpio - ok
18:39:37.0925 0756 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:39:37.0990 0756 mpsdrv - ok
18:39:38.0177 0756 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:39:38.0210 0756 Mraid35x - ok
18:39:38.0267 0756 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:39:38.0321 0756 MRxDAV - ok
18:39:38.0404 0756 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:38.0477 0756 mrxsmb - ok
18:39:38.0525 0756 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:38.0577 0756 mrxsmb10 - ok
18:39:38.0602 0756 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:38.0651 0756 mrxsmb20 - ok
18:39:38.0696 0756 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:39:38.0714 0756 msahci - ok
18:39:38.0732 0756 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:39:38.0753 0756 msdsm - ok
18:39:38.0812 0756 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:39:38.0878 0756 Msfs - ok
18:39:38.0924 0756 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:39:38.0936 0756 msisadrv - ok
18:39:38.0977 0756 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:39.0054 0756 MSKSSRV - ok
18:39:39.0122 0756 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:39.0187 0756 MSPCLOCK - ok
18:39:39.0240 0756 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:39:39.0309 0756 MSPQM - ok
18:39:39.0374 0756 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:39:39.0392 0756 MsRPC - ok
18:39:39.0440 0756 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:39:39.0457 0756 mssmbios - ok
18:39:39.0554 0756 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:39:39.0613 0756 MSTEE - ok
18:39:39.0640 0756 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:39:39.0653 0756 Mup - ok
18:39:39.0732 0756 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:39.0777 0756 NativeWifiP - ok
18:39:39.0965 0756 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:39:40.0028 0756 NDIS - ok
18:39:40.0099 0756 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:40.0170 0756 NdisTapi - ok
18:39:40.0221 0756 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:40.0273 0756 Ndisuio - ok
18:39:40.0340 0756 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:40.0425 0756 NdisWan - ok
18:39:40.0474 0756 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:39:40.0539 0756 NDProxy - ok
18:39:40.0624 0756 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:39:40.0700 0756 NetBIOS - ok
18:39:40.0762 0756 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:39:40.0822 0756 netbt - ok
18:39:40.0896 0756 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:39:40.0930 0756 nfrd960 - ok
18:39:41.0025 0756 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:39:41.0082 0756 Npfs - ok
18:39:41.0154 0756 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:39:41.0264 0756 nsiproxy - ok
18:39:41.0374 0756 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:39:41.0450 0756 Ntfs - ok
18:39:41.0656 0756 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:39:41.0731 0756 ntrigdigi - ok
18:39:41.0772 0756 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:39:41.0833 0756 Null - ok
18:39:41.0934 0756 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:39:42.0066 0756 NVENETFD - ok
18:39:43.0120 0756 nvlddmkm (d9099ed7cf688b131c5b0fcdae1a48fa) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:39:43.0652 0756 nvlddmkm - ok
18:39:43.0790 0756 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:39:43.0823 0756 nvraid - ok
18:39:43.0856 0756 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:39:43.0884 0756 nvstor - ok
18:39:43.0922 0756 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
18:39:43.0969 0756 nvstor32 - ok
18:39:44.0013 0756 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:39:44.0034 0756 nv_agp - ok
18:39:44.0044 0756 NwlnkFlt - ok
18:39:44.0057 0756 NwlnkFwd - ok
18:39:44.0129 0756 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:39:44.0178 0756 ohci1394 - ok
18:39:44.0225 0756 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:39:44.0408 0756 Parport - ok
18:39:44.0570 0756 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:39:44.0589 0756 partmgr - ok
18:39:44.0629 0756 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:39:44.0737 0756 Parvdm - ok
18:39:44.0951 0756 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:39:44.0999 0756 pci - ok
18:39:45.0034 0756 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:39:45.0059 0756 pciide - ok
18:39:45.0096 0756 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:39:45.0143 0756 pcmcia - ok
18:39:45.0227 0756 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:39:45.0340 0756 PEAUTH - ok
18:39:45.0450 0756 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:39:45.0557 0756 PptpMiniport - ok
18:39:45.0618 0756 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
18:39:45.0763 0756 Processor - ok
18:39:45.0839 0756 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
18:39:45.0890 0756 Ps2 - ok
18:39:45.0978 0756 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:39:46.0032 0756 PSched - ok
18:39:46.0107 0756 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:39:46.0209 0756 ql2300 - ok
18:39:46.0299 0756 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:39:46.0336 0756 ql40xx - ok
18:39:46.0400 0756 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:39:46.0462 0756 QWAVEdrv - ok
18:39:46.0539 0756 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:39:46.0633 0756 RasAcd - ok
18:39:46.0745 0756 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:46.0827 0756 Rasl2tp - ok
18:39:46.0894 0756 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:46.0933 0756 RasPppoe - ok
18:39:47.0003 0756 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:39:47.0052 0756 RasSstp - ok
18:39:47.0106 0756 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:39:47.0178 0756 rdbss - ok
18:39:47.0233 0756 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:47.0305 0756 RDPCDD - ok
18:39:47.0504 0756 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:39:47.0620 0756 rdpdr - ok
18:39:47.0847 0756 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:39:47.0915 0756 RDPENCDD - ok
18:39:48.0205 0756 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:39:48.0264 0756 RDPWD - ok
18:39:48.0348 0756 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:39:48.0414 0756 rspndr - ok
18:39:48.0493 0756 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:39:48.0531 0756 SASDIFSV - ok
18:39:48.0619 0756 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:39:48.0657 0756 SASKUTIL - ok
18:39:48.0869 0756 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:39:48.0903 0756 sbp2port - ok
18:39:48.0948 0756 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:39:49.0025 0756 secdrv - ok
18:39:49.0056 0756 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:39:49.0176 0756 Serenum - ok
18:39:49.0257 0756 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:39:49.0361 0756 Serial - ok
18:39:49.0434 0756 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:39:49.0515 0756 sermouse - ok
18:39:49.0583 0756 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
18:39:49.0619 0756 sffdisk - ok
18:39:49.0657 0756 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
18:39:49.0804 0756 sffp_mmc - ok
18:39:49.0839 0756 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
18:39:49.0900 0756 sffp_sd - ok
18:39:49.0940 0756 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:39:50.0164 0756 sfloppy - ok
18:39:50.0295 0756 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:39:50.0307 0756 sisagp - ok
18:39:50.0332 0756 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:39:50.0344 0756 SiSRaid2 - ok
18:39:50.0365 0756 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:39:50.0378 0756 SiSRaid4 - ok
18:39:50.0446 0756 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:39:50.0490 0756 Smb - ok
18:39:50.0564 0756 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:39:50.0593 0756 spldr - ok
18:39:50.0651 0756 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:39:50.0715 0756 srv - ok
18:39:50.0777 0756 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:39:50.0815 0756 srv2 - ok
18:39:50.0882 0756 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:39:50.0918 0756 srvnet - ok
18:39:50.0949 0756 ssfs0bbc (1097fe3528c825e54c1d52ed8c0eac0f) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
18:39:50.0988 0756 ssfs0bbc - ok
18:39:51.0039 0756 SSHRMD (e97911c0ac7d26d1a2a782869f264e9e) C:\Windows\system32\Drivers\SSHRMD.SYS
18:39:51.0076 0756 SSHRMD - ok
18:39:51.0130 0756 SSIDRV (80997508996f9d2a662502238fbcb1d7) C:\Windows\system32\Drivers\SSIDRV.SYS
18:39:51.0196 0756 SSIDRV - ok
18:39:51.0264 0756 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\Windows\system32\Drivers\sskbfd.sys
18:39:51.0292 0756 SSKBFD - ok
18:39:51.0366 0756 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:39:51.0377 0756 swenum - ok
18:39:51.0476 0756 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:39:51.0493 0756 Symc8xx - ok
18:39:51.0503 0756 SymIM - ok
18:39:51.0516 0756 SymIMMP - ok
18:39:51.0530 0756 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:39:51.0548 0756 Sym_hi - ok
18:39:51.0569 0756 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:39:51.0588 0756 Sym_u3 - ok
18:39:51.0756 0756 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:39:51.0826 0756 Tcpip - ok
18:39:51.0854 0756 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:39:51.0917 0756 Tcpip6 - ok
18:39:51.0969 0756 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:39:52.0017 0756 tcpipreg - ok
18:39:52.0056 0756 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:39:52.0107 0756 TDPIPE - ok
18:39:52.0136 0756 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:39:52.0193 0756 TDTCP - ok
18:39:52.0245 0756 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:39:52.0257 0756 TermDD - ok
18:39:52.0442 0756 tmactmon (939859aeaabf9e9e921dcd66d19ca6a4) C:\Windows\system32\DRIVERS\tmactmon.sys
18:39:52.0482 0756 tmactmon - ok
18:39:52.0534 0756 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\Windows\system32\DRIVERS\tmcomm.sys
18:39:52.0567 0756 tmcomm - ok
18:39:52.0583 0756 tmevtmgr (f29a67e4245bcad26d33c10a4dfcd992) C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:39:52.0620 0756 tmevtmgr - ok
18:39:52.0760 0756 tmpreflt (0c89809f1df614bd42093a446b222a32) C:\Windows\system32\DRIVERS\tmpreflt.sys
18:39:52.0788 0756 tmpreflt - ok
18:39:52.0903 0756 tmtdi (c9b16b4f9f063b527cddbb76fb946dfd) C:\Windows\system32\DRIVERS\tmtdi.sys
18:39:52.0933 0756 tmtdi - ok
18:39:53.0105 0756 tmxpflt (3d473e97ff805dab903aa66f08286c90) C:\Windows\system32\DRIVERS\tmxpflt.sys
18:39:53.0146 0756 tmxpflt - ok
18:39:53.0275 0756 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:53.0336 0756 tssecsrv - ok
18:39:53.0381 0756 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:39:53.0426 0756 tunmp - ok
18:39:53.0488 0756 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:39:53.0538 0756 tunnel - ok
18:39:53.0603 0756 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:39:53.0627 0756 uagp35 - ok
18:39:53.0697 0756 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:39:53.0736 0756 udfs - ok
18:39:53.0767 0756 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:39:53.0779 0756 uliagpkx - ok
18:39:53.0806 0756 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:39:53.0822 0756 uliahci - ok
18:39:53.0849 0756 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:39:53.0863 0756 UlSata - ok
18:39:53.0884 0756 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:39:53.0898 0756 ulsata2 - ok
18:39:53.0947 0756 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:39:53.0983 0756 umbus - ok
18:39:54.0039 0756 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
18:39:54.0084 0756 usbbus - ok
18:39:54.0157 0756 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:54.0220 0756 usbccgp - ok
18:39:54.0279 0756 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:39:54.0357 0756 usbcir - ok
18:39:54.0398 0756 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
18:39:54.0435 0756 UsbDiag - ok
18:39:54.0488 0756 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:39:54.0554 0756 usbehci - ok
18:39:54.0641 0756 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:39:54.0718 0756 usbhub - ok
18:39:54.0801 0756 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
18:39:54.0840 0756 USBModem - ok
18:39:54.0903 0756 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:39:54.0965 0756 usbohci - ok
18:39:55.0025 0756 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:39:55.0084 0756 usbprint - ok
18:39:55.0167 0756 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:39:55.0249 0756 usbscan - ok
18:39:55.0328 0756 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:55.0375 0756 USBSTOR - ok
18:39:55.0409 0756 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
18:39:55.0498 0756 usbuhci - ok
18:39:55.0567 0756 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:39:55.0637 0756 usbvideo - ok
18:39:55.0672 0756 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:55.0723 0756 vga - ok
18:39:55.0777 0756 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:39:55.0828 0756 VgaSave - ok
18:39:55.0966 0756 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:39:55.0998 0756 viaagp - ok
18:39:56.0015 0756 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:39:56.0087 0756 ViaC7 - ok
18:39:56.0196 0756 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:39:56.0222 0756 viaide - ok
18:39:56.0292 0756 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:39:56.0311 0756 volmgr - ok
18:39:56.0417 0756 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:39:56.0458 0756 volmgrx - ok
18:39:56.0547 0756 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:39:56.0590 0756 volsnap - ok
18:39:56.0757 0756 vsapint (50e1ea1dd3ea74919d7a1c5d6c9c0b56) C:\Windows\system32\DRIVERS\vsapint.sys
18:39:56.0858 0756 vsapint - ok
18:39:56.0931 0756 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:39:56.0962 0756 vsmraid - ok
18:39:57.0002 0756 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:39:57.0084 0756 WacomPen - ok
18:39:57.0136 0756 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:57.0173 0756 Wanarp - ok
18:39:57.0188 0756 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:57.0214 0756 Wanarpv6 - ok
18:39:57.0233 0756 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:39:57.0244 0756 Wd - ok
18:39:57.0310 0756 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:39:57.0334 0756 Wdf01000 - ok
18:39:57.0409 0756 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:39:57.0509 0756 winachsf ( UnsignedFile.Multi.Generic ) - warning
18:39:57.0509 0756 winachsf - detected UnsignedFile.Multi.Generic (1)
18:39:57.0846 0756 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
18:39:58.0055 0756 WmiAcpi - ok
18:39:58.0268 0756 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:39:58.0319 0756 WpdUsb - ok
18:39:58.0509 0756 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:39:58.0601 0756 ws2ifsl - ok
18:39:58.0713 0756 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:58.0791 0756 WUDFRd - ok
18:39:59.0039 0756 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:39:59.0074 0756 XAudio ( UnsignedFile.Multi.Generic ) - warning
18:39:59.0074 0756 XAudio - detected UnsignedFile.Multi.Generic (1)
18:39:59.0326 0756 xcbdaNtsc (da57c74aaeabd6f97f404151069be42e) C:\Windows\system32\DRIVERS\xcbda.sys
18:39:59.0643 0756 xcbdaNtsc - ok
18:39:59.0688 0756 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
18:40:00.0071 0756 \Device\Harddisk0\DR0 - ok
18:40:00.0075 0756 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
18:40:00.0152 0756 \Device\Harddisk1\DR1 - ok
18:40:00.0158 0756 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk6\DR6
18:40:03.0100 0756 \Device\Harddisk6\DR6 - ok
18:40:03.0198 0756 Boot (0x1200) (e45ce8304640417ec1aad2251d489160) \Device\Harddisk0\DR0\Partition0
18:40:03.0215 0756 \Device\Harddisk0\DR0\Partition0 - ok
18:40:03.0245 0756 Boot (0x1200) (5d0c9b59ecac2763a4fe12f5cae06a86) \Device\Harddisk0\DR0\Partition1
18:40:03.0277 0756 \Device\Harddisk0\DR0\Partition1 - ok
18:40:03.0288 0756 Boot (0x1200) (c27d86533d223aece6bc046049e2a7b9) \Device\Harddisk1\DR1\Partition0
18:40:03.0290 0756 \Device\Harddisk1\DR1\Partition0 - ok
18:40:03.0294 0756 Boot (0x1200) (20695277155ffeb46a55f057cf50510c) \Device\Harddisk6\DR6\Partition0
18:40:03.0295 0756 \Device\Harddisk6\DR6\Partition0 - ok
18:40:03.0297 0756 ============================================================
18:40:03.0297 0756 Scan finished
18:40:03.0297 0756 ============================================================
18:40:03.0312 0760 Detected object count: 4
18:40:03.0312 0760 Actual detected object count: 4
18:40:11.0252 0760 HSF_DP ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:11.0252 0760 HSF_DP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:11.0256 0760 HSXHWBS2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:11.0256 0760 HSXHWBS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:11.0259 0760 winachsf ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:11.0259 0760 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:11.0261 0760 XAudio ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:11.0262 0760 XAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:20.0413 2744 Deinitialize success

3. Farbar Log

Farbar Service Scanner Version: 31-01-2012 01
Ran by Brian (administrator) on 31-01-2012 at 18:41:37
MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.
Checking LEGACY_tdx: Attention! Unable to open LEGACY_tdx\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
Attention! C:\Windows\system32\Drivers\tdx.sys is missing.
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-09-10 17:10] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2009-09-10 17:10] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

4. OTL & Extras Logs

OTL logfile created on: 1/31/2012 6:43:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.88% Memory free
6.21 Gb Paging File | 4.69 Gb Available in Paging File | 75.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.49 Gb Total Space | 166.45 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
Drive D: | 9.60 Gb Total Space | 1.30 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 294.69 Gb Free Space | 98.86% Space Free | Partition Type: NTFS
Drive F: | 627.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 3.76 Gb Total Space | 1.78 Gb Free Space | 47.40% Space Free | Partition Type: FAT32

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 07:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/31 02:44:46 | 000,353,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/01/12 20:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/13 17:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2008/11/12 16:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/29 14:28:12 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2008/07/29 14:28:10 | 000,698,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/03 19:26:14 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/01/12 19:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 19:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/09/22 21:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009/04/22 15:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 17:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 16:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 16:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 16:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 16:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 16:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 16:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 16:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 16:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 16:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/13 17:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2008/11/12 16:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/29 14:28:10 | 000,698,888 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/02/26 13:10:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2007/12/24 16:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/01/04 15:38:08 | 000,024,652 | -H-- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/01 04:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009/06/26 20:01:00 | 009,777,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/26 17:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 17:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 17:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/11/12 16:02:28 | 000,170,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2008/11/12 16:02:26 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/11/12 16:02:26 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/15 22:37:50 | 000,065,936 | -H-- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/04 19:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/12/24 16:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 16:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/12/24 16:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/10/26 05:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 08:36:08 | 000,156,928 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xcbda.sys -- (xcbdaNtsc) ViXS Tuner Card (NTSC)
DRV - [2007/01/09 08:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/?wl=true
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1301.mail.yahoo.com/mc/welcome?.gx=1&.tm=1298500297&.rand=2mdnkkdg330ab"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.621.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/04/17 15:56:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/04/17 15:56:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Brian\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/30 21:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 19:18:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/09 20:58:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/30 21:46:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Brian\AppData\Roaming\Move Networks [2009/10/09 01:34:05 | 000,000,000 | -H-D | M]

[2010/07/19 19:22:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2010/07/19 19:22:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/10 23:34:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions
[2009/09/29 00:57:51 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 17:26:19 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/10 23:34:24 | 000,000,000 | -H-D | M] (Zynga Community Toolbar) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/16 22:12:41 | 000,000,000 | -H-D | M] (XUL Cache) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{e7f8be29-a175-4cfd-ba47-70adabc00ba6}
[2011/03/26 11:13:41 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\engine@conduit.com
[2009/01/31 14:36:30 | 000,001,739 | -H-- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\searchplugins\aim-search.xml
[2010/04/21 04:08:10 | 000,001,836 | -H-- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\searchplugins\bing-ff.xml
[2011/11/10 03:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/19 16:41:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/21 04:08:06 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{407ee510-6937-d1bd-8a95-f53758a8b72a}
[2011/11/09 19:18:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 19:18:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000..\Run: [limewire plus+] "C:\Program Files\Limewire Plus+\limewire.exe" -h File not found
O4 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O7 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab (CPlayFirstmsiControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4773AC35-5EC9-4C86-82AA-78F3BE563194} http://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--eeb2cde8-d5c7-4ea9-9313-d539fd2149bd/online/aquacade/en/aquacade.cab (AtlBoxWordCtlAttrib Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} http://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab (DVCDownloadControl)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36937FF7-1F22-4576-8665-B5965D4D3BCC}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/01 08:56:33 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/23 13:55:35 | 000,929,851 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/07/21 13:12:28 | 000,000,105 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{baaae694-aacd-11dc-be02-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{baaae694-aacd-11dc-be02-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2004/03/23 13:55:35 | 000,929,851 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 18:42:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/01/31 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{46352E32-5E93-43BA-A705-B223E278A8E4}
[2012/01/31 18:36:25 | 002,059,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe
[2012/01/27 21:08:46 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{BEBB5502-B73E-4548-ADEA-6DDA1D082B56}
[2012/01/26 23:28:37 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{E94866AC-DD02-4392-80C3-344191CFC945}
[2012/01/26 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{CC783A9C-6E9B-46D8-8C14-2772B6032C46}
[2012/01/24 22:24:37 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/24 22:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/24 22:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/24 22:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/24 22:19:56 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{D80B1AB8-CF82-415F-9A5F-DEEAFA25A422}
[2012/01/23 22:25:18 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Roaming\WildTangent
[2012/01/23 22:19:16 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{7D2FA195-E5C3-4635-8E0D-B0770AB8DD8A}
[2012/01/22 21:50:17 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{3C80FD9D-2C29-4715-AFBB-8B82B42836B0}
[2012/01/22 21:49:42 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{A0EB7B61-11FA-4688-8DEC-B6CA09F1B888}
[2012/01/22 13:50:29 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/22 13:44:21 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{8C328050-BDE4-4806-B5BC-3523B2B563C9}
[2012/01/18 00:56:19 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{AC2B4FA9-B26C-4047-A360-9A76098961FD}
[2012/01/16 09:28:41 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{35F8C363-C985-49B6-BD46-034DE96AAAE6}
[2012/01/16 03:18:18 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{F5137F09-E98D-4E3A-94DA-3BBC2CAC79CD}
[2012/01/15 22:15:08 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{1025BBAC-2E9E-4246-BBE1-DC7372DD9A9E}
[2012/01/12 22:14:25 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{B8A55813-C3AF-4188-B4AA-570357D054B7}
[2012/01/12 22:14:02 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{4D6C8D33-83C4-4878-982B-0FA673B09B72}
[2012/01/10 19:44:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/10 19:44:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/10 19:44:42 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/10 19:44:15 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/10 19:44:15 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/07 16:56:17 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Roaming\Akhra
[2012/01/07 09:43:26 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{44254D6D-710A-46F7-8AAF-CC06A7C7DF67}
[2012/01/04 09:41:55 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{00654727-E12E-42A9-B8BF-5F26F237C30E}
[2012/01/03 19:19:53 | 000,000,000 | -H-D | C] -- C:\Users\Brian\AppData\Local\{F842CEB1-FBBB-4729-8F4E-94E54BE5F3DA}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/31 18:44:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 18:44:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 18:43:08 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/31 18:43:08 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/31 18:35:26 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/31 18:35:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/31 18:35:18 | 3219,525,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/31 18:35:16 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/01/31 16:31:12 | 000,334,787 | ---- | M] () -- C:\Users\Brian\Desktop\FSS.exe
[2012/01/30 08:19:08 | 002,059,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe
[2012/01/28 12:53:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 21:04:36 | 305,530,158 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/24 22:23:40 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/24 22:20:16 | 000,000,416 | ---- | M] () -- C:\ProgramData\4AWqPrGQfgjRXX
[2012/01/23 19:43:44 | 000,302,592 | ---- | M] () -- C:\Users\Brian\Desktop\p987e0jf.exe
[2012/01/22 21:50:37 | 000,000,456 | -H-- | M] () -- C:\ProgramData\F91gsImir9sBqL
[2012/01/22 21:49:27 | 000,000,272 | -H-- | M] () -- C:\ProgramData\~F91gsImir9sBqL
[2012/01/22 21:49:27 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~F91gsImir9sBqLr
[2012/01/22 21:49:26 | 000,000,631 | -H-- | M] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/22 21:48:16 | 000,031,871 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/22 21:48:09 | 000,031,871 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2012/01/22 13:50:29 | 000,000,607 | -H-- | M] () -- C:\Users\Brian\Desktop\System Check.lnk
[2012/01/19 01:24:28 | 000,011,956 | -H-- | M] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2012/01/16 17:18:41 | 000,061,886 | -H-- | M] () -- C:\Users\Brian\Desktop\401601_239276532813063_126894987384552_555080_1347960388_n.jpg
[2012/01/15 17:28:55 | 000,025,880 | -H-- | M] () -- C:\Users\Brian\Desktop\375331_10150527434333794_375427338793_8752781_728642651_n.jpg
[2012/01/11 03:08:36 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/01/03 08:47:52 | 000,008,618 | -HS- | M] () -- C:\Users\Brian\AppData\Local\1a43147cf26
[2012/01/03 08:47:52 | 000,008,618 | -HS- | M] () -- C:\ProgramData\1a43147cf26
[2012/01/01 21:31:25 | 000,047,968 | -H-- | M] () -- C:\Users\Brian\Desktop\297159_140756329354809_120724954691280_208810_53458456_n.jpg
[2012/01/01 21:30:06 | 000,046,655 | -H-- | M] () -- C:\Users\Brian\Desktop\166931_149910458439396_120724954691280_242134_696252315_n.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/31 18:41:08 | 000,334,787 | ---- | C] () -- C:\Users\Brian\Desktop\FSS.exe
[2012/01/27 21:02:14 | 000,302,592 | ---- | C] () -- C:\Users\Brian\Desktop\p987e0jf.exe
[2012/01/26 18:08:40 | 3219,525,632 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/24 22:23:40 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/24 22:19:59 | 000,000,416 | ---- | C] () -- C:\ProgramData\4AWqPrGQfgjRXX
[2012/01/22 21:49:26 | 000,000,631 | -H-- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/22 13:50:30 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~F91gsImir9sBqLr
[2012/01/22 13:50:29 | 000,000,607 | -H-- | C] () -- C:\Users\Brian\Desktop\System Check.lnk
[2012/01/22 13:50:29 | 000,000,272 | -H-- | C] () -- C:\ProgramData\~F91gsImir9sBqL
[2012/01/22 13:44:27 | 000,000,456 | -H-- | C] () -- C:\ProgramData\F91gsImir9sBqL
[2012/01/16 17:18:39 | 000,061,886 | -H-- | C] () -- C:\Users\Brian\Desktop\401601_239276532813063_126894987384552_555080_1347960388_n.jpg
[2012/01/15 17:28:54 | 000,025,880 | -H-- | C] () -- C:\Users\Brian\Desktop\375331_10150527434333794_375427338793_8752781_728642651_n.jpg
[2012/01/11 03:08:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/01/03 08:36:31 | 000,008,618 | -HS- | C] () -- C:\Users\Brian\AppData\Local\1a43147cf26
[2012/01/03 08:36:31 | 000,008,618 | -HS- | C] () -- C:\ProgramData\1a43147cf26
[2012/01/01 21:31:25 | 000,047,968 | -H-- | C] () -- C:\Users\Brian\Desktop\297159_140756329354809_120724954691280_208810_53458456_n.jpg
[2012/01/01 21:30:04 | 000,046,655 | -H-- | C] () -- C:\Users\Brian\Desktop\166931_149910458439396_120724954691280_242134_696252315_n.jpg
[2011/12/09 00:32:02 | 000,011,008 | -HS- | C] () -- C:\Users\Brian\AppData\Local\mfxohs1i3ayd7dmt3eyg4j022m8l
[2011/12/09 00:32:02 | 000,011,008 | -HS- | C] () -- C:\ProgramData\mfxohs1i3ayd7dmt3eyg4j022m8l
[2011/07/12 01:48:30 | 000,000,552 | -H-- | C] () -- C:\Users\Brian\AppData\Local\d3d8caps.dat
[2011/04/21 11:43:24 | 000,004,608 | -H-- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/11/11 01:18:37 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/11 01:18:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/20 23:30:48 | 000,139,152 | -H-- | C] () -- C:\Users\Brian\AppData\Roaming\PnkBstrK.sys
[2010/08/20 23:30:48 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/20 23:30:37 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/08/20 23:30:32 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/08/20 23:30:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/06 14:40:48 | 000,000,506 | ---- | C] () -- C:\Windows\Rtcw.INI
[2010/07/24 17:17:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/09 20:04:18 | 000,031,871 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2010/06/09 19:48:52 | 000,031,871 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/28 11:23:58 | 000,000,740 | ---- | C] () -- C:\Windows\eReg.dat
[2009/09/10 17:10:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 17:10:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/14 20:19:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/05/08 11:02:16 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/11/12 16:02:20 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2008/11/12 16:02:12 | 000,016,240 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2008/08/19 16:44:11 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/08/19 16:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/30 02:01:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/14 23:35:14 | 000,139,759 | ---- | C] () -- C:\Windows\hpoins15.dat
[2008/04/14 23:35:14 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2008/03/17 20:30:25 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/03/17 20:30:25 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/03/17 20:30:25 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/03/15 13:28:42 | 000,036,038 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2008/03/15 13:18:39 | 000,006,747 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2008/03/12 12:45:41 | 000,011,956 | -H-- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2007/01/01 08:49:19 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/01/01 08:34:53 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/01/01 08:31:56 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/01/01 08:31:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,289,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9FFNYTKBRVLNGCMPV42519K9SG5MVMJV7JF5VPJKK
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89VFN4TKBRVDNJCMLNJKKB6K414EMVXGFMV8JFPJVT
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CE5C755D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:7D6E8689
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:EB3A09D6
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:65AAB2AD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:639BB5E9
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6F8A3AB1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:269822E7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FD11E093
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CE07D0EE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:39CC5718
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:32531105
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DA9D42A5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FC70A22A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AC733A73
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:02387389
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5690D76E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:14A7EC62
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EE88D186
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E99B7847
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:57B374AB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:08628477
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E913CC27
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:CEBA48CB
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAD88AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B00FB034
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:609CAC7C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A0921B2C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6BEDD5B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A7BF72D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8F4D7D6C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2ADC9FB3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C0DFB793
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AD727397
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3EA1C214
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:124B94C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FFD9E05D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5025C6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:77271429
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:63210866
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5AC256BC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3EEF684
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:ED2998F5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:96C9689F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:96AFAB10
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1CDEDE11
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:072F1F69
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B190BE3A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7B2BB690
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:58481C6F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0DAD93FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C8F88A8F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C3C72D5F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:63CFD724
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35A81752
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3539CD43
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EB40BC91
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:00D5EBC2
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:78802203
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4A77A28B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9F50A55A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:880F0FEF
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:BA05E0C4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F2AF86D9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A4076A3B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:31106FCB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:059167AF

< End of report >


OTL Extras logfile created on: 1/31/2012 6:43:20 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.88% Memory free
6.21 Gb Paging File | 4.69 Gb Available in Paging File | 75.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.49 Gb Total Space | 166.45 Gb Free Space | 57.70% Space Free | Partition Type: NTFS
Drive D: | 9.60 Gb Total Space | 1.30 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 294.69 Gb Free Space | 98.86% Space Free | Partition Type: NTFS
Drive F: | 627.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 3.76 Gb Total Space | 1.78 Gb Free Space | 47.40% Space Free | Partition Type: FAT32

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0913CE52-1A98-474F-B520-7B0DB3A20A69}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{79A520CB-8099-41D6-BD5A-07A26F3776B8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E1659718-EFB7-4C3A-99C2-2D4E4AA0AE6E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF152462-3B2D-4A2E-9BD7-70764D4FBD4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021EC74F-1CD2-43CF-AE93-5CC8604FD40E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{15497A1B-979A-4CFA-B0B3-8702675CFCFC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1AF0C643-52C5-4AFD-9A0E-C372A869C9D3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{233AF2D7-42DA-4848-8524-A2C1B596B819}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{28A81B72-21A1-4836-9BC2-EBA57CDCE98D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{32309D6F-37A6-4894-9184-2A2BB65A1AC7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{348FAC05-372F-4BD6-A562-0CB5F5FA4058}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3B8696B8-F51E-4761-A25E-5DFCF7B5907C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{456BA322-ED86-48EE-8FC4-9E1476BFA792}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{4E2AB3F2-9D7E-4FC3-86A0-0ACB877D4728}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{52D9830E-4EA8-4923-A9DA-4FBFB957E73D}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6E8CE4C0-7EF4-4BE8-9263-D00418994111}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{74D6355A-7FB0-4F1F-9F0F-4786C964A8FC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{76B2CE34-8107-4C5D-92EF-1F61A6884C16}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{7D3BBB2C-9406-4F87-A3EB-68B3D5E34450}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{92F347ED-D3B8-46A7-9D63-C2E332FAB842}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{93693D21-2639-41C1-8C36-56A7AA79E6B5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{97228128-9C6E-4DDA-8DBD-DAF6D0EAF922}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9D382BD2-0A41-49CF-B9AD-8EF5062CFFA6}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{A34CDCB3-74D6-442C-87B1-48353353E774}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{AD4FB733-679F-433C-9C45-A05C8CAC95B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD7C2CAE-6EC9-4494-84F1-AB9FBD844FA7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe |
"{BA2BE577-AE86-4C80-B887-C91AA93D72EE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{BB588A75-248E-4231-884E-ED327DB03632}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C0136822-69D5-40FB-B27D-D504A772820E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{CEDAC59A-E37D-4C8C-90CB-B07B0A3979DB}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{E073820C-F42B-454F-880A-45EB992DE92B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EF98D49E-B55A-49E9-83E7-595B2079DA2C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F0E6B955-0F19-4AA6-8837-911E63C54525}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F15D811C-BBF5-4F1A-8406-BFFB34757AE2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F5D3F2CD-0940-4686-B7AB-2DBCD412467D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{FE39A969-ED7E-49AC-B337-C18FC1BC05D8}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{0F22FA71-E72A-4BF6-A15F-174ECEB0944A}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{1AB1A42C-419B-4DFC-9B78-E1F68A3EF066}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{1E4E13E0-0DC3-44CC-A5BC-54A4D7C0A4B5}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{2FBDBA38-4305-4DA7-A145-21EB31D9D2C2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{588049F9-0CC8-40C1-AE99-8C51C7B1C8E2}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{7BB3CE95-BA31-4126-83C2-BB07FD13562B}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{84D2D548-932A-4EA6-A516-EB45E3666BE2}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{84E6C4B4-0033-45AF-9721-46D4D723CFE0}C:\program files\limewire plus+\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire plus+\limewire.exe |
"TCP Query User{94F0B62C-E408-49EE-AB85-2D6D960C2E97}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9EC5898F-CCFC-4CA5-9F48-3570817FC6B0}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{E0ACFA88-310D-40B4-B530-E9ABA6ACE89D}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{E5EB0A20-F5E7-4D96-9796-321EFEE3323E}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{F1C85ADD-C062-437F-914C-E66DC0857EB1}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{01A7516D-FD46-4B5D-BB87-EA53CAA83248}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{259C3E0F-8244-46A3-BAD6-FD15191DE00A}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{2921B9AB-F2D3-4D7A-831A-F411C9032CEA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{3CDA3B7E-6279-4D7A-B10D-D4C20828CB35}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{66C380B9-D217-4F64-B6C1-AAA0A8C0746A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7B9A5EDA-3277-49B5-BD4B-F70B4CC0E070}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{A18A0BF1-61D5-41FF-A7DC-09599B1BE249}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{AEA9BB7A-DF7E-4624-B66A-21286596B5A2}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"UDP Query User{C5B2DA2B-B820-408A-A5E5-ED88496427C7}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{D2B95A91-1AAA-4D6C-AF74-C31B2F8FF4FF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E07F926D-1C23-45C1-8CD8-841D0B67489D}C:\program files\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\program files\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{EF3F7508-9988-414C-9D80-E50C699B25B9}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{F0B446EE-A71C-418F-8092-B2696A332D9C}C:\program files\limewire plus+\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire plus+\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster for Battlefield 1942
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F535C04-86BE-47D1-98C6-8AB26D28482B}" = Singlesnet
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{597728B2-C911-48CB-8C4E-97B2154B4FB1}_is1" = Limewire Plus+ 1.0.1.8082
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117088490}" = The Clockwork Man
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118522773}" = Asamis Sushi Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118531567}" = Curse of the Pharaoh 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119460670}" = Snark Busters - Welcome to the Club
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119733717}" = Tamara the 13th
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119821443}" = Ancient Secrets
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119839970}" = Enlightenus II - The Timeless Tower
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119923937}" = Eternal Night - Realm of Souls
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11994487}" = Vesuvia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119951100}" = Once Upon a Farm
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119966953}" = Echoes of Sorrow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11996780}" = Amazing Adventures - The Forgotten Dynasty
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-12002687}" = Haunted Legends - The Queen of Spades
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-120062600}" = Jewelry Secret - Mystery Stones
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005122}" = 20.000 Leagues Under the Sea - ExtdEd
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005150}" = Snark Busters 2 All Revved Up
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005163}" = The Treasures of Montezuma 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005277}" = Campfire Legends Bundle 2-in-1
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005316}" = Akhra - The Treasures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005373}" = Princess Isabella II
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005434}" = Tearstone
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005458}" = 4 Elements II
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005537}" = 7 Wonders 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005597}" = Cradle of Egypt CE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro AntiVirus
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9DC9256-709F-4BEA-B39D-4F11D90585AA}" = HP Smart Web Printing
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E714FCCA-36FD-FCED-7C9C-4AB6CEFAE051}" = Hide & Secret
"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE39D366-B156-2FF5-1A70-C2E045B54B85}" = Glyph
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Airport Mania - First Flight" = Airport Mania - First Flight (remove only)
"Alabama Smith in Escape from Pompeii" = Alabama Smith in Escape from Pompeii (remove only)
"Amazing Adventures The Lost Tomb" = Amazing Adventures The Lost Tomb
"am-princessisabellaawitchscurse" = Princess Isabella - A Witch's Curse
"BFG-10 Days To Save the World - The Adventures of Diana Salinger" = 10 Days To Save the World: The Adventures of Diana Salinger
"BFG-10 Days Under The Sea" = 10 Days Under The Sea
"BFG-3 Cards to Midnight" = 3 Cards to Midnight
"BFG-Alexandra Fortune - Mystery of the Lunar Archipelago" = Alexandra Fortune: Mystery of the Lunar Archipelago
"BFG-Autumn's Treasures - The Jade Coin" = Autumn's Treasures: The Jade Coin
"BFG-Babylonia" = Babylonia
"BFG-Be a King" = Be a King
"BFG-Big Kahuna Reef" = Big Kahuna Reef
"BFG-Big Kahuna Reef 2 - Chain Reaction" = Big Kahuna Reef 2 - Chain Reaction
"BFGC" = Big Fish Games: Game Manager
"BFG-Cradle of Rome" = Cradle of Rome
"BFG-CSI - NY - The Game" = CSI: NY - The Game &reg;
"BFG-Curse of the Pharaoh - Tears of Sekhmet" = Curse of the Pharaoh: Tears of Sekhmet
"BFG-Department 42 - The Mystery of the Nine" = Department 42: The Mystery of the Nine
"BFG-Detective Agency" = Detective Agency
"BFG-Dragon Empire" = Dragon Empire
"BFG-Echoes of the Past - Royal House of Stone" = Echoes of the Past: Royal House of Stone
"BFG-Escape the Museum" = Escape the Museum
"BFG-G.H.O.S.T. Hunters - The Haunting of Majesty Manor" = G.H.O.S.T. Hunters: The Haunting of Majesty Manor
"BFG-Hallowed Legends - Samhain" = Hallowed Legends: Samhain
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Haunted Hotel II - Believe the Lies" = Haunted Hotel II: Believe the Lies
"BFG-Hidden Expedition - Devils Triangle" = Hidden Expedition &reg; - Devil's Triangle
"BFG-Hidden Secrets - The Nightmare" = Hidden Secrets: The Nightmare
"BFG-Hidden Wonders of the Depths 2" = Hidden Wonders of the Depths 2
"BFG-Hide & Secret 3 - Pharaoh's Quest" = Hide & Secret 3: Pharaoh's Quest
"BFG-Island - The Lost Medallion" = Island: The Lost Medallion
"BFG-Laura Jones and the Secret Legacy of Nikola Tesla" = Laura Jones and the Secret Legacy of Nikola Tesla
"BFG-Liong - The Lost Amulets" = Liong: The Lost Amulets
"BFG-Lost City of Z - Special Edition" = Lost City of Z: Special Edition
"BFG-Lost in Reefs" = Lost in Reefs
"BFG-Lost Secrets - Bermuda Triangle" = Lost Secrets: Bermuda Triangle
"BFG-Lost Secrets - Caribbean Explorer Secrets of the Sea" = Lost Secrets: Caribbean Explorer Secrets of the Sea
"BFG-Maestro - Music of Death" = Maestro: Music of Death
"BFG-Magic Academy II" = Magic Academy II
"BFG-Margrave Manor 2 - The Lost Ship" = Margrave Manor 2: The Lost Ship
"BFG-Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries: The Edgar Allan Poe Conspiracy
"BFG-Monster Quest" = Monster Quest
"BFG-Mystery Age - The Imperial Staff" = Mystery Age: The Imperial Staff
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files&reg;: Dire Grove™
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Mystery Legends - Sleepy Hollow" = Mystery Legends: Sleepy Hollow
"BFG-Mystery Legends - The Phantom of the Opera" = Mystery Legends: The Phantom of the Opera
"BFG-Mystery Masterpiece - The Moonstone" = Mystery Masterpiece: The Moonstone
"BFG-Mystery of Unicorn Castle" = Mystery of Unicorn Castle
"BFG-Pahelika - Secret Legends" = Pahelika: Secret Legends
"BFG-Paranormal Agency" = Paranormal Agency
"BFG-Princess Isabella - A Witch's Curse" = Princess Isabella: A Witch's Curse
"BFG-Private Eye - Greatest Unsolved Mysteries" = Private Eye: Greatest Unsolved Mysteries
"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville ™
"BFG-Real Crimes - The Unicorn Killer" = Real Crimes: The Unicorn Killer
"BFG-Redrum" = Redrum ™
"BFG-Rescue at Rajini Island" = Rescue at Rajini Island
"BFG-Romance of Rome" = Romance of Rome
"BFG-Romopolis" = Romopolis
"BFG-Samantha Swift and the Golden Touch" = Samantha Swift and the Golden Touch
"BFG-Samantha Swift and the Hidden Roses of Athena" = Samantha Swift and the Hidden Roses of Athena
"BFG-Save Our Spirit" = Save Our Spirit
"BFG-Shaolin Mystery - Revenge of the Terracotta Warriors" = Shaolin Mystery: Revenge of the Terracotta Warriors
"BFG-Space Strike" = Space Strike
"BFG-Steve The Sheriff" = Steve The Sheriff ™
"BFG-Steve the Sheriff - The Case of the Missing Thing" = Steve the Sheriff 2: The Case of the Missing Thing ™
"BFG-Strange Cases - The Tarot Card Mystery" = Strange Cases: The Tarot Card Mystery
"BFG-The Count of Monte Cristo" = The Count of Monte Cristo
"BFG-The Dark Hills of Cherai" = The Dark Hills of Cherai
"BFG-The Enchanting Islands" = The Enchanting Islands
"BFG-The Lost Cases of 221B Baker St" = The Lost Cases of 221B Baker St.
"BFG-The Lost Inca Prophecy" = The Lost Inca Prophecy
"BFG-The Mystery of the Mary Celeste" = The Mystery of the Mary Celeste
"BFG-The Secret of Margrave Manor" = The Secret of Margrave Manor
"BFG-Trapped - The Abduction" = Trapped: The Abduction
"BFG-Travel League - The Missing Jewels" = Travel League: The Missing Jewels
"BFG-Treasure Seekers - Follow the Ghosts" = Treasure Seekers: Follow the Ghosts
"BFG-Treasure Seekers - Visions of Gold" = Treasure Seekers: Visions of Gold ™
"BFG-Vampire Saga - Pandora's Box" = Vampire Saga: Pandora's Box
"BFG-Youda Farmer" = Youda Farmer
"BFG-Zodiac Tower" = Zodiac Tower
"Call Of Atlantis_is1" = Call Of Atlantis
"CLUE Accusations and Alibis" = CLUE Accusations and Alibis (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coffee Rush 2" = Coffee Rush 2 (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo" = Diablo
"Diablo II" = Diablo II
"Dr. Lynch - Grave Secrets" = Dr. Lynch - Grave Secrets (remove only)
"Elementals - The Magic Key" = Elementals - The Magic Key (remove only)
"Empress of the Deep - The Darkest Secret" = Empress of the Deep - The Darkest Secret (remove only)
"Escape Rosecliff Island" = Escape Rosecliff Island
"Escape Rosecliff Island™" = Escape Rosecliff Island™ (remove only)
"Fishdom - Spooky Splash" = Fishdom - Spooky Splash (remove only)
"Fishdom H20 - Hidden Odyssey" = Fishdom H20 - Hidden Odyssey (remove only)
"Freedom Fighters" = Freedom Fighters
"G.H.O.S.T. Chronicles" = G.H.O.S.T. Chronicles (remove only)
"Glyph" = Glyph (remove only)
"Hide & Secret" = Hide & Secret (remove only)
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Interpol 2 - Most Wanted" = Interpol 2 - Most Wanted (remove only)
"LimeWire" = LimeWire 5.5.16
"Little Fighter 2" = Little Fighter 2 1.9c
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Magic Academy 2" = Magic Academy 2 (remove only)
"Mahjongg Dimensions Deluxe" = Mahjongg Dimensions Deluxe (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MCF Dire Grove" = MCF Dire Grove (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mirror Mysteries" = Mirror Mysteries (remove only)
"Mortimer Beckett and the Lost King" = Mortimer Beckett and the Lost King (remove only)
"Mortimer Beckett and the Secrets of Spooky Manor" = Mortimer Beckett and the Secrets of Spooky Manor
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MySpaceIM" = MySpaceIM
"Mystery Case Files - Madame Fate" = Mystery Case Files - Madame Fate (remove only)
"Mystery Case Files Dire Grove_is1" = Mystery Case Files Dire Grove
"Mystery Case Files Return to Ravenhearst" = Mystery Case Files Return to Ravenhearst (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Princess Isabella - A Witchs Curse" = Princess Isabella - A Witchs Curse (remove only)
"Princess Isabella: A Witch's Curse" = Princess Isabella: A Witch's Curse
"Princess Isabella_is1" = Princess Isabella
"PunkBusterSvc" = PunkBuster Services
"Samantha Swift and the Golden Touch" = Samantha Swift and the Golden Touch (remove only)
"Samantha Swift and the Hidden Roses of Athena" = Samantha Swift and the Hidden Roses of Athena (remove only)
"Samantha Swift and the Mystery from Atlantis" = Samantha Swift and the Mystery from Atlantis (remove only)
"Samantha Swift_is1" = Samantha Swift
"Shutter Island" = Shutter Island (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 13140" = America's Army 3
"The Clockwork Man" = The Clockwork Man (remove only)
"Trillian" = Trillian
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Wizard Land" = Wizard Land (remove only)
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Youda Farmer_is1" = Youda Farmer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2012 2:18:05 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/20/2012 2:19:41 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/20/2012 2:19:41 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/20/2012 2:22:52 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/20/2012 2:22:52 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/21/2012 12:23:43 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/21/2012 12:23:43 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/21/2012 12:23:43 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/21/2012 12:23:43 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/21/2012 12:23:43 AM | Computer Name = Brian-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

[ Media Center Events ]
Error - 8/21/2008 2:15:07 AM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 11:10:50 AM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/18/2008 10:53:40 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/23/2009 10:44:54 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/29/2009 11:34:36 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 1:41:23 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/13/2009 1:50:06 AM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/31/2012 8:38:05 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/31/2012 8:38:05 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/31/2012 8:39:59 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/31/2012 8:39:59 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/31/2012 8:39:59 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/31/2012 8:39:59 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/31/2012 8:39:59 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/31/2012 8:39:59 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/31/2012 8:40:00 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/31/2012 8:40:00 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >


5. Current Status
Still no internet connection, and nothing on the start menu. Computer still attempts to run "Microsoft Window Malicious Software Removal Tool (KB890830)" once it gets to the desktop. The UAC prompts to accept or cancel. I've canceled through the entire process, even before posting the original logs.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:53 PM

Posted 01 February 2012 - 03:56 AM

Hi!

The user has no discs for recovery. There are three drives listed for the computer, however: factory image (1.3 free of 9.59), hp_pavillion (294 free of 298), and c: (166 free of 288). Is it possible to build a recovery and reinstallation disc for this computer, from those drives, on a system infected with the malware you listed?

You know, that's a really good question. As far as I know ZeroAccess does not mess with the Recovery Partition, but that's not to say that it isn't possible. I'm very hesitant to have you create a recovery disk now, as I'm not too sure how exactly this infection is going to interfere with the creation of the disc. I'd prefer to get started on cleaning things up and removing the malware, and then if you'd like to we can create the recovery disc later.

If this is okay with you, please do the following.

We're going to work on getting your internet connection back in this post.

----------

Lets run this utility below to unhide your files and folders.

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



We will need to run a few registry fixes, but before we do that, we need to create a back-up of your registry.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!



NEXT:


Please download the following attached files to your Desktop.

Attached File  tdx.reg   1.46KB   3 downloads
Attached File  bfe.reg   1.46KB   1 downloads
Attached File  wscsvc.reg   5.44KB   1 downloads
Attached File  mpssvc.reg   3.29KB   1 downloads
Attached File  Legacy_tdx.reg   1.1KB   1 downloads
Attached File  legacy_mpssvc.reg   880bytes   1 downloads
Attached File  legacy_wscsvc.reg   866bytes   1 downloads

Please double click on tdx.reg and when you get prompted with a message asking if you want to merge the file with the registry, please select YES.

Repeat for mpssvc.reg, bfe.reg, and wscsvc.reg.

---------

Manual method for Windows Vista and above:
Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: SweetTech(SweetTech-PC\SweetTech)
Put a check mark next to Replace owner on subcontainers and objects and click Apply.(You will get notified: " Registry Editor could not set owner on the key currently selected, or some of its subkeys")
Repeat this step, this time select Administrators(your pc name\your user name).
Put a check mark next to Replace owner on subcontainers and objects and click Apply (You will get notified: " Registry Editor could not set owner on the key currently selected, or some of its subkeys").
Click OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Now double-click LEGACY_tdx.reg and confirm the prompt. Then repeat for the following files as well: LEGACY_MpsSvc.reg, LEGACY_bfe.reg, and LEGACY_wscsvc.reg
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry editor.

____________________________________________________

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the custom scan box paste the following:
    "%WinDir%\$NtUninstallKB*$." /30
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    xaudio.sys
    /md5stop
    net start Dnscache /c
    net start Dhcp /c
    net start tdx /c
    net start mpsdrv /c
    net start MpsSvc /c
    net start bfe /c
    net start wscsvc /c
    NETSH WINSOCK RESET CATALOG /c
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 02 February 2012 - 12:34 AM

I should be able to run these instructions by this time tomorrow. That is my current goal, at any rate.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:53 PM

Posted 02 February 2012 - 01:36 AM

Okay, that's fine. Thanks for letting me know.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 02 February 2012 - 10:58 PM

We will need to run a few registry fixes, but before we do that, we need to create a back-up of your registry.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.


This portion seems to have completed successfully. Only the first two boxes were checked by default, so that's how I left it, which was noted as acceptable in your instructions.


Run:

  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


An error message was generated here, when I attempted to run the program. "c:\windows\erdnt\2-2-2012 could not be completely deleted!"

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:53 PM

Posted 03 February 2012 - 02:50 AM

Hi!

Sorry to hear you experienced issues with the second part of the registry back-up.

Run:

  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


An error message was generated here, when I attempted to run the program. "c:\windows\erdnt\2-2-2012 could not be completely deleted!"


Can you please try to create a new back-up and see if it will work for you this time?

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 04 February 2012 - 01:00 PM

I received another error message when I ran ERUNT this morning.

WARNING
Error saving file
C:\Windows\ERDNT\2-4-2012\security!
Continue with the next file?
[RegCreateKeyEx: - Access is denied]

I've left it right there, with the error message still up, instead of closing down and trying one more time.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:53 PM

Posted 05 February 2012 - 05:56 AM

Hi!

Can you just confirm that when you are running ERUNT you are running it as an Administrator?

In the mean time I'm going to be looking into that error message some more.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 05 February 2012 - 11:50 PM

You were right. I had not run it as administrator. It created a backup successfully with today's date on it. Should I continue on with the original steps? Or is there something else you'd like me to verify?

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:53 PM

Posted 06 February 2012 - 03:46 AM

Please proceed with the previous instructions after creating the registry back-up.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 06 February 2012 - 10:46 PM

I was able to follow all the instructions except one. There was no LEGACY_bfe.reg file available for download in the links you gave me above, but it was mentioned in the instructions to run it. I don't know if the OTL results will reflect this. I can follow the procedures again, if you can offer me the file, for that one reg key and re-run OTL at that time.


OTL logfile created on: 2/6/2012 9:11:17 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 50.91% Memory free
6.22 Gb Paging File | 4.62 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.49 Gb Total Space | 165.13 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
Drive D: | 9.60 Gb Total Space | 1.30 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 294.69 Gb Free Space | 98.86% Space Free | Partition Type: NTFS
Drive F: | 627.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 3.76 Gb Total Space | 1.78 Gb Free Space | 47.32% Space Free | Partition Type: FAT32

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 07:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/31 02:44:46 | 000,353,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/01/12 20:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/13 17:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2008/11/12 16:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/29 14:28:12 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2008/07/29 14:28:10 | 000,698,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/03/22 22:56:40 | 000,687,448 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/03/03 19:26:14 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/01/12 19:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2011/01/12 19:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2009/04/22 15:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 17:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 16:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 16:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 16:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 16:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 16:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 16:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 16:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 16:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 16:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/13 17:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2008/11/12 16:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/29 14:28:10 | 000,698,888 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/02/26 13:10:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2007/12/24 16:41:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/01 04:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 120(UVC)
DRV - [2009/06/26 20:01:00 | 009,777,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/11/26 17:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 17:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 17:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/11/12 16:02:28 | 000,170,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2008/11/12 16:02:26 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/11/12 16:02:26 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/15 22:37:50 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/04 19:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/12/24 16:37:20 | 000,052,496 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2007/12/24 16:37:12 | 000,052,240 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/12/24 16:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/10/26 05:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 08:36:08 | 000,156,928 | ---- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\xcbda.sys -- (xcbdaNtsc) ViXS Tuner Card (NTSC)
DRV - [2007/01/09 08:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/?wl=true
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\InprocServer32 File not found
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Search Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mc1301.mail.yahoo.com/mc/welcome?.gx=1&.tm=1298500297&.rand=2mdnkkdg330ab"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.621.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/04/17 15:56:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/04/17 15:56:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Brian\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/30 21:46:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 19:18:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/09 20:58:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videofinder@veoh.com: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/30 21:46:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Brian\AppData\Roaming\Move Networks [2009/10/09 01:34:05 | 000,000,000 | ---D | M]

[2010/07/19 19:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2010/07/19 19:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/10 23:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions
[2009/09/29 00:57:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 17:26:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/10 23:34:24 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/16 22:12:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{e7f8be29-a175-4cfd-ba47-70adabc00ba6}
[2011/03/26 11:13:41 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\engine@conduit.com
[2009/01/31 14:36:30 | 000,001,739 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\searchplugins\aim-search.xml
[2010/04/21 04:08:10 | 000,001,836 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\searchplugins\bing-ff.xml
[2011/11/10 03:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/19 16:41:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/21 04:08:06 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{407ee510-6937-d1bd-8a95-f53758a8b72a}
[2011/11/09 19:18:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 19:18:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000..\Run: [limewire plus+] "C:\Program Files\Limewire Plus+\limewire.exe" -h File not found
O4 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O7 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {226ACC34-3194-70E2-5AE7-864FCFE9E80D} http://zone.msn.com/bingame/mosi/default/msi.1.0.0.9.cab (CPlayFirstmsiControl Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab (WebGameLoader Class)
O16 - DPF: {4773AC35-5EC9-4C86-82AA-78F3BE563194} http://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--eeb2cde8-d5c7-4ea9-9313-d539fd2149bd/online/aquacade/en/aquacade.cab (AtlBoxWordCtlAttrib Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} http://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab (DVCDownloadControl)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36937FF7-1F22-4576-8665-B5965D4D3BCC}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/01 08:56:33 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/23 13:55:35 | 000,929,851 | R--- | M] () - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/07/21 13:12:28 | 000,000,105 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{baaae694-aacd-11dc-be02-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{baaae694-aacd-11dc-be02-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2004/03/23 13:55:35 | 000,929,851 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3610810185-2351398481-2695849998-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/02 21:46:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 21:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/02 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/02 21:44:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Brian\Desktop\erunt-setup.exe
[2012/01/31 19:32:00 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{F97B7CC7-DD91-4537-B864-BA9DB985881E}
[2012/01/31 18:42:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/01/31 18:38:33 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{46352E32-5E93-43BA-A705-B223E278A8E4}
[2012/01/31 18:36:25 | 002,059,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe
[2012/01/27 21:08:46 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{BEBB5502-B73E-4548-ADEA-6DDA1D082B56}
[2012/01/26 23:28:37 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{E94866AC-DD02-4392-80C3-344191CFC945}
[2012/01/26 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{CC783A9C-6E9B-46D8-8C14-2772B6032C46}
[2012/01/24 22:24:37 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/24 22:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/24 22:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/24 22:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/24 22:19:56 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{D80B1AB8-CF82-415F-9A5F-DEEAFA25A422}
[2012/01/23 22:25:18 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\WildTangent
[2012/01/23 22:19:16 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{7D2FA195-E5C3-4635-8E0D-B0770AB8DD8A}
[2012/01/22 21:50:17 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{3C80FD9D-2C29-4715-AFBB-8B82B42836B0}
[2012/01/22 21:49:42 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{A0EB7B61-11FA-4688-8DEC-B6CA09F1B888}
[2012/01/22 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/22 13:44:21 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{8C328050-BDE4-4806-B5BC-3523B2B563C9}
[2012/01/18 00:56:19 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{AC2B4FA9-B26C-4047-A360-9A76098961FD}
[2012/01/16 09:28:41 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{35F8C363-C985-49B6-BD46-034DE96AAAE6}
[2012/01/16 03:18:18 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{F5137F09-E98D-4E3A-94DA-3BBC2CAC79CD}
[2012/01/15 22:15:08 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{1025BBAC-2E9E-4246-BBE1-DC7372DD9A9E}
[2012/01/12 22:14:25 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{B8A55813-C3AF-4188-B4AA-570357D054B7}
[2012/01/12 22:14:02 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{4D6C8D33-83C4-4878-982B-0FA673B09B72}
[2012/01/10 19:44:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/10 19:44:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/10 19:44:42 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/10 19:44:15 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/10 19:44:15 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/06 19:29:11 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 19:29:11 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 17:53:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/05 12:53:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 21:45:23 | 000,000,735 | ---- | M] () -- C:\Users\Brian\Desktop\NTREGOPT.lnk
[2012/02/02 21:45:22 | 000,000,716 | ---- | M] () -- C:\Users\Brian\Desktop\ERUNT.lnk
[2012/02/02 21:30:52 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/02 21:30:52 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/02 20:55:22 | 000,000,880 | ---- | M] () -- C:\Users\Brian\Desktop\legacy_mpssvc.reg
[2012/02/02 20:55:22 | 000,000,866 | ---- | M] () -- C:\Users\Brian\Desktop\legacy_wscsvc.reg
[2012/02/02 20:55:20 | 000,001,130 | ---- | M] () -- C:\Users\Brian\Desktop\Legacy_tdx.reg
[2012/02/02 20:55:18 | 000,003,364 | ---- | M] () -- C:\Users\Brian\Desktop\mpssvc.reg
[2012/02/02 20:55:16 | 000,005,572 | ---- | M] () -- C:\Users\Brian\Desktop\wscsvc.reg
[2012/02/02 20:55:14 | 000,001,495 | ---- | M] () -- C:\Users\Brian\Desktop\bfe.reg
[2012/02/02 20:44:40 | 000,001,492 | ---- | M] () -- C:\Users\Brian\Desktop\tdx.reg
[2012/01/31 19:29:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/31 19:28:58 | 3219,566,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/31 19:28:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/01/31 16:31:12 | 000,334,787 | ---- | M] () -- C:\Users\Brian\Desktop\FSS.exe
[2012/01/30 08:19:08 | 002,059,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe
[2012/01/27 21:04:36 | 305,530,158 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/24 22:23:40 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/24 22:20:16 | 000,000,416 | ---- | M] () -- C:\ProgramData\4AWqPrGQfgjRXX
[2012/01/23 19:43:44 | 000,302,592 | ---- | M] () -- C:\Users\Brian\Desktop\p987e0jf.exe
[2012/01/22 21:50:37 | 000,000,456 | ---- | M] () -- C:\ProgramData\F91gsImir9sBqL
[2012/01/22 21:49:27 | 000,000,272 | ---- | M] () -- C:\ProgramData\~F91gsImir9sBqL
[2012/01/22 21:49:27 | 000,000,168 | ---- | M] () -- C:\ProgramData\~F91gsImir9sBqLr
[2012/01/22 21:48:16 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/01/22 21:48:09 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/22 13:50:29 | 000,000,631 | ---- | M] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/22 13:50:29 | 000,000,607 | ---- | M] () -- C:\Users\Brian\Desktop\System Check.lnk
[2012/01/19 01:24:28 | 000,011,956 | ---- | M] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2012/01/16 17:18:41 | 000,061,886 | ---- | M] () -- C:\Users\Brian\Desktop\401601_239276532813063_126894987384552_555080_1347960388_n.jpg
[2012/01/15 17:28:55 | 000,025,880 | ---- | M] () -- C:\Users\Brian\Desktop\375331_10150527434333794_375427338793_8752781_728642651_n.jpg
[2012/01/11 03:08:36 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/06 20:46:48 | 000,001,492 | ---- | C] () -- C:\Users\Brian\Desktop\tdx.reg
[2012/02/06 20:46:47 | 000,005,572 | ---- | C] () -- C:\Users\Brian\Desktop\wscsvc.reg
[2012/02/06 20:46:47 | 000,003,364 | ---- | C] () -- C:\Users\Brian\Desktop\mpssvc.reg
[2012/02/06 20:46:47 | 000,001,495 | ---- | C] () -- C:\Users\Brian\Desktop\bfe.reg
[2012/02/06 20:46:47 | 000,001,130 | ---- | C] () -- C:\Users\Brian\Desktop\Legacy_tdx.reg
[2012/02/06 20:46:47 | 000,000,880 | ---- | C] () -- C:\Users\Brian\Desktop\legacy_mpssvc.reg
[2012/02/06 20:46:47 | 000,000,866 | ---- | C] () -- C:\Users\Brian\Desktop\legacy_wscsvc.reg
[2012/02/02 21:45:23 | 000,000,735 | ---- | C] () -- C:\Users\Brian\Desktop\NTREGOPT.lnk
[2012/02/02 21:45:22 | 000,000,716 | ---- | C] () -- C:\Users\Brian\Desktop\ERUNT.lnk
[2012/02/02 21:42:34 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942 The Road To Rome.lnk
[2012/02/02 21:42:34 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942 Secret Weapons of WWII.lnk
[2012/02/02 21:42:34 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/02 21:42:34 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
[2012/02/02 21:42:34 | 000,001,722 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/02/02 21:42:34 | 000,001,643 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2012/02/02 21:42:34 | 000,001,505 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2012/02/02 21:42:34 | 000,000,978 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/02/02 21:42:34 | 000,000,945 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/02 21:42:34 | 000,000,940 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/02 21:42:34 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/02/02 21:42:34 | 000,000,872 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/02 21:42:34 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/02 21:42:34 | 000,000,258 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/02/02 21:42:34 | 000,000,240 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/02 21:30:51 | 000,684,297 | ---- | C] () -- C:\Users\Brian\Desktop\unhide.exe
[2012/01/31 18:41:08 | 000,334,787 | ---- | C] () -- C:\Users\Brian\Desktop\FSS.exe
[2012/01/27 21:02:14 | 000,302,592 | ---- | C] () -- C:\Users\Brian\Desktop\p987e0jf.exe
[2012/01/26 18:08:40 | 3219,566,592 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/24 22:23:40 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/24 22:19:59 | 000,000,416 | ---- | C] () -- C:\ProgramData\4AWqPrGQfgjRXX
[2012/01/22 21:49:26 | 000,000,631 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/22 13:50:30 | 000,000,168 | ---- | C] () -- C:\ProgramData\~F91gsImir9sBqLr
[2012/01/22 13:50:29 | 000,000,607 | ---- | C] () -- C:\Users\Brian\Desktop\System Check.lnk
[2012/01/22 13:50:29 | 000,000,272 | ---- | C] () -- C:\ProgramData\~F91gsImir9sBqL
[2012/01/22 13:44:27 | 000,000,456 | ---- | C] () -- C:\ProgramData\F91gsImir9sBqL
[2012/01/16 17:18:39 | 000,061,886 | ---- | C] () -- C:\Users\Brian\Desktop\401601_239276532813063_126894987384552_555080_1347960388_n.jpg
[2012/01/15 17:28:54 | 000,025,880 | ---- | C] () -- C:\Users\Brian\Desktop\375331_10150527434333794_375427338793_8752781_728642651_n.jpg
[2012/01/11 03:08:36 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/01/03 08:36:31 | 000,008,618 | -HS- | C] () -- C:\Users\Brian\AppData\Local\1a43147cf26
[2012/01/03 08:36:31 | 000,008,618 | -HS- | C] () -- C:\ProgramData\1a43147cf26
[2011/12/09 00:32:02 | 000,011,008 | -HS- | C] () -- C:\Users\Brian\AppData\Local\mfxohs1i3ayd7dmt3eyg4j022m8l
[2011/12/09 00:32:02 | 000,011,008 | -HS- | C] () -- C:\ProgramData\mfxohs1i3ayd7dmt3eyg4j022m8l
[2011/07/12 01:48:30 | 000,000,552 | ---- | C] () -- C:\Users\Brian\AppData\Local\d3d8caps.dat
[2011/04/21 11:43:24 | 000,004,608 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/11/11 01:18:37 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/11 01:18:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/08/20 23:30:48 | 000,139,152 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\PnkBstrK.sys
[2010/08/20 23:30:48 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/08/20 23:30:37 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/08/20 23:30:32 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/08/20 23:30:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/08/06 14:40:48 | 000,000,506 | ---- | C] () -- C:\Windows\Rtcw.INI
[2010/07/24 17:17:54 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/09 20:04:18 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/06/09 19:48:52 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/28 11:23:58 | 000,000,740 | ---- | C] () -- C:\Windows\eReg.dat
[2009/09/10 17:10:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 17:10:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/14 20:19:28 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/05/08 11:02:16 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/11/12 16:02:20 | 000,031,088 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2008/11/12 16:02:12 | 000,016,240 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2008/08/19 16:44:11 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/08/19 16:41:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/30 02:01:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/14 23:35:14 | 000,139,759 | ---- | C] () -- C:\Windows\hpoins15.dat
[2008/04/14 23:35:14 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2008/03/17 20:30:25 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/03/17 20:30:25 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/03/17 20:30:25 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/03/15 13:28:42 | 000,036,038 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2008/03/15 13:18:39 | 000,006,747 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2008/03/12 12:45:41 | 000,011,956 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2007/01/01 08:49:19 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/01/01 08:34:53 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/01/01 08:31:56 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/01/01 08:31:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,289,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/11/12 16:02:20 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/11/17 00:48:37 | 000,440,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys

< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 01:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/09 17:55:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/09 17:55:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/09 17:55:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/03/09 17:57:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/03/09 17:57:45 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: TDX.SYS >
[2006/11/02 02:57:35 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=AB4FDE8AF4A0270A46A001C08CBCE1C2 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6000.16386_none_e807064fdf2a97e3\tdx.sys
[2008/01/18 23:55:58 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 03:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 00:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 00:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 00:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/03/09 17:55:09 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008/03/09 17:55:09 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008/03/09 17:55:09 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/19 01:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/19 01:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/19 01:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 01:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 03:45:57 | 000,096,036 | ---- | M] () MD5=58A086B94ADDFB59A10D5A2382F24E5F -- C:\Program Files\Trend Micro\Internet Security\Quarantine\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: XAUDIO.SYS >
[2007/08/07 05:26:14 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) MD5=725E96971F22FE237E553EB35FC83564 -- C:\Windows\System32\DriverStore\FileRepository\trx200cz.inf_7621c4dd\XAudio.sys
[2006/11/28 10:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) MD5=88AF537264F2B818DA15479CEEAF5D7C -- C:\hp\DRIVERS\Conexant_TREX_Modem\xaudio.sys
[2006/11/28 10:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) MD5=88AF537264F2B818DA15479CEEAF5D7C -- C:\Windows\System32\DriverStore\FileRepository\trx200cz.inf_f0de7c5e\XAudio.sys
[2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) MD5=DAB33CFA9DD24251AAA389FF36B64D4B -- C:\Windows\System32\drivers\XAudio.sys
[2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) MD5=DAB33CFA9DD24251AAA389FF36B64D4B -- C:\Windows\System32\DriverStore\FileRepository\trx200cz.inf_d6d56f45\XAudio.sys

< net start Dnscache /c >

< net start Dhcp /c >

< net start tdx /c >

< net start mpsdrv /c >
The Windows Firewall Authorization Driver service was started successfully.

< net start MpsSvc /c >

< net start bfe /c >

< net start wscsvc /c >

< NETSH WINSOCK RESET CATALOG /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB38557$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMVF9FFNYTKBRVLNGCMPV42519K9SG5MVMJV7JF5VPJKK
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89VFN4TKBRVDNJCMLNJKKB6K414EMVXGFMV8JFPJVT
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CE5C755D
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:7D6E8689
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:EB3A09D6
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:65AAB2AD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:639BB5E9
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:123A86B5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6F8A3AB1
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0EC7A545
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:269822E7
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FD11E093
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CE07D0EE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:39CC5718
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:32531105
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DA9D42A5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:FC70A22A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:AC733A73
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:02387389
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5690D76E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:14A7EC62
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:EE88D186
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E99B7847
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:57B374AB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2A8CD561
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:08628477
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E913CC27
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:CEBA48CB
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAD88AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:737160C1
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B00FB034
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:609CAC7C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:EF0C5444
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A0921B2C
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6F0B6A5A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6BEDD5B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AA0017FD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A7BF72D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:BF6A2C54
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8F4D7D6C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:2ADC9FB3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6710EF08
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5A437AC3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C0DFB793
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:AD727397
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:95970EA3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:3EA1C214
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:25249477
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:124B94C0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FFD9E05D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5025C6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FC2D0F32
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:77271429
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:63210866
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5AC256BC
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3EEF684
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AAA06E15
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:ED2998F5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:96C9689F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:96AFAB10
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1CDEDE11
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:072F1F69
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CEF2A14E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7FD903D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B190BE3A
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7B2BB690
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:58481C6F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0DAD93FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C8F88A8F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C3C72D5F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7DA2BCD
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7ADB695A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:63CFD724
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35A81752
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3539CD43
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EB40BC91
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:00D5EBC2
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:EC0A74A1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:40D8F125
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:78802203
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DF68137
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:55E1514E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:EEB25EAE
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:4A77A28B
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:9F50A55A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:E91ADC66
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:880F0FEF
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:BA05E0C4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F2AF86D9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:E51234A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A4076A3B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:52641FBE
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3C5ABDC7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:31106FCB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:059167AF

< End of report >

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:53 PM

Posted 07 February 2012 - 03:35 AM

Hi!

I was able to follow all the instructions except one. There was no LEGACY_bfe.reg file available for download in the links you gave me above, but it was mentioned in the instructions to run it. I don't know if the OTL results will reflect this. I can follow the procedures again, if you can offer me the file, for that one reg key and re-run OTL at that time.

Sorry about that! Lets not worry about that one for right now.

Are you still without internet access?

Can you try and run this utility for me?

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 DnDer

DnDer
  • Topic Starter

  • Members
  • 646 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 07 February 2012 - 09:05 PM

When I ran ComboFix, and it said it was trying to create a restore point, ERUNT started automatically, and made a backup of my registry. That's supposed to happen, or ERUNT only makes registry backups on-demand, and something else is going on?

Also, ComboFix caught rootkit activity and had to reboot the computer. I'm sure it's noted in the log, but I thought it was noteworthy enough to highlight it here, too.


ComboFix 12-02-07.01 - Brian 02/07/2012 19:20:32.1.4 - x86
MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.1.1033.18.3070.2415 [GMT -6:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\basis.xml
c:\program files\Search Toolbar\bg.bmp
c:\program files\Search Toolbar\bing_logo.png
c:\program files\Search Toolbar\celebrity.png
c:\program files\Search Toolbar\drop_images.png
c:\program files\Search Toolbar\drop_maps.png
c:\program files\Search Toolbar\drop_news.png
c:\program files\Search Toolbar\drop_videos.png
c:\program files\Search Toolbar\drop_web.png
c:\program files\Search Toolbar\facebook.png
c:\program files\Search Toolbar\favicon.png
c:\program files\Search Toolbar\games.png
c:\program files\Search Toolbar\hotmail.png
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\images.png
c:\program files\Search Toolbar\include.xml
c:\program files\Search Toolbar\info.txt
c:\program files\Search Toolbar\lifestyle.png
c:\program files\Search Toolbar\maps.png
c:\program files\Search Toolbar\messenger.png
c:\program files\Search Toolbar\msn.png
c:\program files\Search Toolbar\news.png
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\tbcore3.dll
c:\program files\Search Toolbar\tbhelper.dll
c:\program files\Search Toolbar\twitter.png
c:\program files\Search Toolbar\uninstall.exe
c:\program files\Search Toolbar\update.exe
c:\program files\Search Toolbar\version.txt
c:\program files\Search Toolbar\video.png
c:\program files\Search Toolbar\videos.png
c:\program files\Search Toolbar\weather.png
c:\program files\Search Toolbar\web.png
c:\programdata\~F91gsImir9sBqL
c:\programdata\~F91gsImir9sBqLr
c:\programdata\4AWqPrGQfgjRXX
c:\programdata\F91gsImir9sBqL
c:\users\Brian\AppData\Local\assembly\tmp
c:\users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\3QS-6iS1
c:\users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\GLZBo_jh_ng
c:\users\Brian\AppData\Roaming\Island
c:\users\Brian\AppData\Roaming\Island\space.rgt
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{e7f8be29-a175-4cfd-ba47-70adabc00ba6}
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{e7f8be29-a175-4cfd-ba47-70adabc00ba6}\chrome.manifest
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{e7f8be29-a175-4cfd-ba47-70adabc00ba6}\chrome\xulcache.jar
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{e7f8be29-a175-4cfd-ba47-70adabc00ba6}\defaults\preferences\xulcache.js
c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\extensions\{e7f8be29-a175-4cfd-ba47-70adabc00ba6}\install.rdf
c:\users\Brian\Desktop\System Check.lnk
c:\windows\$NtUninstallKB38557$
c:\windows\$NtUninstallKB38557$\3541255566\@
c:\windows\$NtUninstallKB38557$\3541255566\bckfg.tmp
c:\windows\$NtUninstallKB38557$\3541255566\cfg.ini
c:\windows\$NtUninstallKB38557$\3541255566\Desktop.ini
c:\windows\$NtUninstallKB38557$\3541255566\keywords
c:\windows\$NtUninstallKB38557$\3541255566\kwrd.dll
c:\windows\$NtUninstallKB38557$\3541255566\L\qnbwvoto
c:\windows\$NtUninstallKB38557$\3541255566\lsflt7.ver
c:\windows\$NtUninstallKB38557$\3541255566\U\00000001.@
c:\windows\$NtUninstallKB38557$\3541255566\U\00000002.@
c:\windows\$NtUninstallKB38557$\3541255566\U\00000004.@
c:\windows\$NtUninstallKB38557$\3541255566\U\80000000.@
c:\windows\$NtUninstallKB38557$\3541255566\U\80000004.@
c:\windows\$NtUninstallKB38557$\3541255566\U\80000032.@
c:\windows\$NtUninstallKB38557$\594392926
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
c:\windows\system32\drivers\tdx.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-03 03:45 . 2012-02-03 03:45 -------- d-----w- c:\program files\ERUNT
2012-01-25 04:24 . 2012-01-25 04:24 -------- d-----w- c:\users\Brian\AppData\Roaming\SUPERAntiSpyware.com
2012-01-25 04:22 . 2012-01-25 04:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-25 04:22 . 2012-01-25 04:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-24 04:25 . 2012-01-24 04:25 -------- d-----w- c:\users\Brian\AppData\Roaming\WildTangent
2012-01-16 04:32 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-16 04:32 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-16 04:32 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-16 04:32 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-16 04:32 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-16 04:32 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 01:44 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 01:44 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 01:44 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 01:44 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 01:44 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 01:44 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 01:44 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 01:44 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 15:36 . 2011-12-14 15:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-23 13:37 . 2011-12-14 05:42 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-12-08 23:38 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C3FFEBE-8033-4437-B96D-6CE38928B328}\mpengine.dll
2011-11-15 15:13 . 2011-05-22 23:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 01:18 . 2011-03-24 08:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-02 190808]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"MRT"="c:\windows\system32\MRT.exe" [2012-01-11 52128560]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-26 21:32 13789728 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-26 21:32 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-06-26 21:32 768544 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 16:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 10:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 15:50]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-06 15:50]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {4773AC35-5EC9-4C86-82AA-78F3BE563194} - hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--eeb2cde8-d5c7-4ea9-9313-d539fd2149bd/online/aquacade/en/aquacade.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\4ss43hj2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://us.mc1301.mail.yahoo.com/mc/welcome?.gx=1&.tm=1298500297&.rand=2mdnkkdg330ab
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
HKCU-Run-limewire plus+ - c:\program files\Limewire Plus+\limewire.exe
HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-AIM Toolbar - c:\program files\AIM Toolbar\uninstall.exe
AddRemove-Airport Mania - First Flight - c:\program files\Yahoo! Games\Airport Mania - First Flight\Uninstall.exe
AddRemove-Alabama Smith in Escape from Pompeii - c:\program files\Yahoo! Games\Alabama Smith in Escape from Pompeii\Uninstall.exe
AddRemove-am-princessisabellaawitchscurse - c:\program files\RealArcade\Installer\bin\gameinstaller.exe
AddRemove-Amazing Adventures The Lost Tomb - c:\program files\PopCap Games\Amazing Adventures\PopUninstall.exe
AddRemove-BFG-10 Days To Save the World - The Adventures of Diana Salinger - c:\program files\10 Days To Save the World - The Adventures of Diana Salinger\Uninstall.exe
AddRemove-BFG-10 Days Under The Sea - c:\program files\10 Days Under The Sea\Uninstall.exe
AddRemove-BFG-3 Cards to Midnight - c:\program files\3 Cards to Midnight\Uninstall.exe
AddRemove-BFG-Alexandra Fortune - Mystery of the Lunar Archipelago - c:\program files\Alexandra Fortune - Mystery of the Lunar Archipelago\Uninstall.exe
AddRemove-BFG-Autumn's Treasures - The Jade Coin - c:\program files\Autumn's Treasures - The Jade Coin\Uninstall.exe
AddRemove-BFG-Babylonia - c:\program files\Babylonia\Uninstall.exe
AddRemove-BFG-Be a King - c:\program files\Be a King\Uninstall.exe
AddRemove-BFG-Big Kahuna Reef - c:\program files\Big Kahuna Reef\Uninstall.exe
AddRemove-BFG-Big Kahuna Reef 2 - Chain Reaction - c:\program files\Big Kahuna Reef 2 - Chain Reaction\Uninstall.exe
AddRemove-BFG-Cradle of Rome - c:\program files\Cradle of Rome\Uninstall.exe
AddRemove-BFG-CSI - NY - The Game - c:\program files\CSI - NY - The Game\Uninstall.exe
AddRemove-BFG-Curse of the Pharaoh - Tears of Sekhmet - c:\program files\Curse of the Pharaoh - Tears of Sekhmet\Uninstall.exe
AddRemove-BFG-Department 42 - The Mystery of the Nine - c:\program files\Department 42 - The Mystery of the Nine\Uninstall.exe
AddRemove-BFG-Detective Agency - c:\program files\Detective Agency\Uninstall.exe
AddRemove-BFG-Dragon Empire - c:\program files\Dragon Empire\Uninstall.exe
AddRemove-BFG-Echoes of the Past - Royal House of Stone - c:\program files\Echoes of the Past - Royal House of Stone\Uninstall.exe
AddRemove-BFG-Escape the Museum - c:\program files\Escape the Museum\Uninstall.exe
AddRemove-BFG-G.H.O.S.T. Hunters - The Haunting of Majesty Manor - c:\program files\G.H.O.S.T. Hunters - The Haunting of Majesty Manor\Uninstall.exe
AddRemove-BFG-Hallowed Legends - Samhain - c:\program files\Hallowed Legends - Samhain\Uninstall.exe
AddRemove-BFG-Haunted Hotel - c:\program files\Haunted Hotel\Uninstall.exe
AddRemove-BFG-Haunted Hotel II - Believe the Lies - c:\program files\Haunted Hotel II - Believe the Lies\Uninstall.exe
AddRemove-BFG-Hidden Expedition - Devils Triangle - c:\program files\Hidden Expedition_DevilsTriangle\Uninstall.exe
AddRemove-BFG-Hidden Secrets - The Nightmare - c:\program files\Hidden Secrets - The Nightmare\Uninstall.exe
AddRemove-BFG-Hidden Wonders of the Depths 2 - c:\program files\Hidden Wonders of the Depths 2\Uninstall.exe
AddRemove-BFG-Hide & Secret 3 - Pharaoh's Quest - c:\program files\Hide & Secret 3 - Pharaoh's Quest\Uninstall.exe
AddRemove-BFG-Island - The Lost Medallion - c:\program files\Island - The Lost Medallion\Uninstall.exe
AddRemove-BFG-Laura Jones and the Secret Legacy of Nikola Tesla - c:\program files\Laura Jones and the Secret Legacy of Nikola Tesla\Uninstall.exe
AddRemove-BFG-Liong - The Lost Amulets - c:\program files\Liong - The Lost Amulets\Uninstall.exe
AddRemove-BFG-Lost City of Z - Special Edition - c:\program files\Lost City of Z - Special Edition\Uninstall.exe
AddRemove-BFG-Lost in Reefs - c:\program files\Lost in Reefs\Uninstall.exe
AddRemove-BFG-Lost Secrets - Bermuda Triangle - c:\program files\Lost Secrets - Bermuda Triangle\Uninstall.exe
AddRemove-BFG-Lost Secrets - Caribbean Explorer Secrets of the Sea - c:\program files\Lost Secrets - Caribbean Explorer Secrets of the Sea\Uninstall.exe
AddRemove-BFG-Maestro - Music of Death - c:\program files\Maestro - Music of Death\Uninstall.exe
AddRemove-BFG-Magic Academy II - c:\program files\Magic Academy II\Uninstall.exe
AddRemove-BFG-Margrave Manor 2 - The Lost Ship - c:\program files\Margrave Manor 2 - The Lost Ship\Uninstall.exe
AddRemove-BFG-Midnight Mysteries - The Edgar Allan Poe Conspiracy - c:\program files\Midnight Mysteries - The Edgar Allan Poe Conspiracy\Uninstall.exe
AddRemove-BFG-Monster Quest - c:\program files\Monster Quest\Uninstall.exe
AddRemove-BFG-Mystery Age - The Imperial Staff - c:\program files\Mystery Age - The Imperial Staff\Uninstall.exe
AddRemove-BFG-Mystery Case Files - Dire Grove - c:\program files\Mystery Case Files - Dire Grove\Uninstall.exe
AddRemove-BFG-Mystery Case Files - Return to Ravenhearst - c:\program files\Mystery Case Files - Return to Ravenhearst\Uninstall.exe
AddRemove-BFG-Mystery Legends - Sleepy Hollow - c:\program files\Mystery Legends - Sleepy Hollow\Uninstall.exe
AddRemove-BFG-Mystery Legends - The Phantom of the Opera - c:\program files\Mystery Legends - The Phantom of the Opera\Uninstall.exe
AddRemove-BFG-Mystery Masterpiece - The Moonstone - c:\program files\Mystery Masterpiece - The Moonstone\Uninstall.exe
AddRemove-BFG-Mystery of Unicorn Castle - c:\program files\Mystery of Unicorn Castle\Uninstall.exe
AddRemove-BFG-Pahelika - Secret Legends - c:\program files\Pahelika - Secret Legends\Uninstall.exe
AddRemove-BFG-Paranormal Agency - c:\program files\Paranormal Agency\Uninstall.exe
AddRemove-BFG-Princess Isabella - A Witch's Curse - c:\program files\Princess Isabella - A Witch's Curse\Uninstall.exe
AddRemove-BFG-Private Eye - Greatest Unsolved Mysteries - c:\program files\Private Eye - Greatest Unsolved Mysteries\Uninstall.exe
AddRemove-BFG-PuppetShow - Mystery of Joyville - c:\program files\PuppetShow - Mystery of Joyville\Uninstall.exe
AddRemove-BFG-Real Crimes - The Unicorn Killer - c:\program files\Real Crimes - The Unicorn Killer\Uninstall.exe
AddRemove-BFG-Redrum - c:\program files\Redrum\Uninstall.exe
AddRemove-BFG-Rescue at Rajini Island - c:\program files\Rescue at Rajini Island\Uninstall.exe
AddRemove-BFG-Romance of Rome - c:\program files\Romance of Rome\Uninstall.exe
AddRemove-BFG-Romopolis - c:\program files\Romopolis\Uninstall.exe
AddRemove-BFG-Samantha Swift and the Golden Touch - c:\program files\Samantha Swift and the Golden Touch\Uninstall.exe
AddRemove-BFG-Samantha Swift and the Hidden Roses of Athena - c:\program files\Samantha Swift and the Hidden Roses of Athena\Uninstall.exe
AddRemove-BFG-Save Our Spirit - c:\program files\Save Our Spirit\Uninstall.exe
AddRemove-BFG-Space Strike - c:\program files\Space Strike\Uninstall.exe
AddRemove-BFG-Steve The Sheriff - c:\program files\Steve The Sheriff\Uninstall.exe
AddRemove-BFG-Steve the Sheriff - The Case of the Missing Thing - c:\program files\Steve the Sheriff - The Case of the Missing Thing\Uninstall.exe
AddRemove-BFG-Strange Cases - The Tarot Card Mystery - c:\program files\Strange Cases - The Tarot Card Mystery\Uninstall.exe
AddRemove-BFG-The Count of Monte Cristo - c:\program files\The Count of Monte Cristo\Uninstall.exe
AddRemove-BFG-The Dark Hills of Cherai - c:\program files\The Dark Hills of Cherai\Uninstall.exe
AddRemove-BFG-The Enchanting Islands - c:\program files\The Enchanting Islands\Uninstall.exe
AddRemove-BFG-The Lost Cases of 221B Baker St - c:\program files\The Lost Cases of 221B Baker St\Uninstall.exe
AddRemove-BFG-The Lost Inca Prophecy - c:\program files\The Lost Inca Prophecy\Uninstall.exe
AddRemove-BFG-The Mystery of the Mary Celeste - c:\program files\The Mystery of the Mary Celeste\Uninstall.exe
AddRemove-BFG-The Secret of Margrave Manor - c:\program files\The Secret of Margrave Manor\Uninstall.exe
AddRemove-BFG-Trapped - The Abduction - c:\program files\Trapped - The Abduction\Uninstall.exe
AddRemove-BFG-Travel League - The Missing Jewels - c:\program files\Travel League - The Missing Jewels\Uninstall.exe
AddRemove-BFG-Treasure Seekers - Follow the Ghosts - c:\program files\Treasure Seekers - Follow the Ghosts\Uninstall.exe
AddRemove-BFG-Treasure Seekers - Visions of Gold - c:\program files\Treasure Seekers - Visions of Gold\Uninstall.exe
AddRemove-BFG-Vampire Saga - Pandora's Box - c:\program files\Vampire Saga - Pandora's Box\Uninstall.exe
AddRemove-BFG-Youda Farmer - c:\program files\Youda Farmer\Uninstall.exe
AddRemove-BFG-Zodiac Tower - c:\program files\Zodiac Tower\Uninstall.exe
AddRemove-Call Of Atlantis_is1 - c:\program files\Call Of Atlantis\ReflexiveArcade\unins000.exe
AddRemove-CLUE Accusations and Alibis - c:\program files\Yahoo! Games\CLUE Accusations and Alibis\Uninstall.exe
AddRemove-Dr. Lynch - Grave Secrets - c:\program files\Yahoo! Games\Dr. Lynch - Grave Secrets\Uninstall.exe
AddRemove-Elementals - The Magic Key - c:\program files\Yahoo! Games\Elementals - The Magic Key\Uninstall.exe
AddRemove-Empress of the Deep - The Darkest Secret - c:\program files\Yahoo! Games\Empress of the Deep - The Darkest Secret\Uninstall.exe
AddRemove-Escape Rosecliff Island - c:\program files\PopCap Games\Escape Rosecliff Island\PopUninstall.exe
AddRemove-Escape Rosecliff Island™ - c:\program files\Yahoo! Games\Escape Rosecliff Island™\Uninstall.exe
AddRemove-Fishdom - Spooky Splash - c:\program files\Yahoo! Games\Fishdom - Spooky Splash\Uninstall.exe
AddRemove-Fishdom H20 - Hidden Odyssey - c:\program files\Yahoo! Games\Fishdom H20 - Hidden Odyssey\Uninstall.exe
AddRemove-G.H.O.S.T. Chronicles - c:\program files\Yahoo! Games\G.H.O.S.T. Chronicles\Uninstall.exe
AddRemove-Glyph - c:\program files\Yahoo! Games\Glyph\Uninstall.exe
AddRemove-Hide & Secret - c:\program files\Yahoo! Games\Hide & Secret\Uninstall.exe
AddRemove-Interpol 2 - Most Wanted - c:\program files\Yahoo! Games\Interpol 2 - Most Wanted\Uninstall.exe
AddRemove-Little Fighter 2 - c:\program files\LittleFighter2\LF2_v1.9c\uninst.exe
AddRemove-Magic Academy 2 - c:\program files\Yahoo! Games\Magic Academy 2\Uninstall.exe
AddRemove-Mahjongg Dimensions Deluxe - c:\program files\Yahoo! Games\Mahjongg Dimensions Deluxe\Uninstall.exe
AddRemove-MCF Dire Grove - c:\program files\Yahoo! Games\MCF Dire Grove\Uninstall.exe
AddRemove-Mirror Mysteries - c:\program files\Yahoo! Games\Mirror Mysteries\Uninstall.exe
AddRemove-Mortimer Beckett and the Lost King - c:\program files\Yahoo! Games\Mortimer Beckett and the Lost King\Uninstall.exe
AddRemove-Mortimer Beckett and the Secrets of Spooky Manor - c:\progra~1\YAHOO!~1\MORTIM~2\UNWISE.EXE
AddRemove-My HP Game Console - c:\program files\HP Games\My HP Game Console\Uninstall.exe
AddRemove-MySpaceIM - c:\program files\MySpace\IM\Uninstall.exe
AddRemove-Mystery Case Files - Madame Fate - c:\program files\Yahoo! Games\Mystery Case Files - Madame Fate\Uninstall.exe
AddRemove-Mystery Case Files Dire Grove_is1 - c:\program files\Mystery Case Files Dire Grove\ReflexiveArcade\unins000.exe
AddRemove-Mystery Case Files Return to Ravenhearst - c:\program files\Yahoo! Games\Mystery Case Files Return to Ravenhearst\Uninstall.exe
AddRemove-Princess Isabella - A Witchs Curse - c:\program files\Yahoo! Games\Princess Isabella - A Witchs Curse\Uninstall.exe
AddRemove-Princess Isabella_is1 - c:\program files\Princess Isabella\ReflexiveArcade\unins000.exe
AddRemove-Samantha Swift and the Golden Touch - c:\program files\Yahoo! Games\Samantha Swift and the Golden Touch\Uninstall.exe
AddRemove-Samantha Swift and the Hidden Roses of Athena - c:\program files\Yahoo! Games\Samantha Swift and the Hidden Roses of Athena\Uninstall.exe
AddRemove-Samantha Swift and the Mystery from Atlantis - c:\program files\Yahoo! Games\Samantha Swift and the Mystery from Atlantis\Uninstall.exe
AddRemove-Samantha Swift_is1 - c:\program files\Samantha Swift\ReflexiveArcade\unins000.exe
AddRemove-Shutter Island - c:\program files\Yahoo! Games\Shutter Island\Uninstall.exe
AddRemove-Steam App 13140 - c:\program files\Steam\steam.exe
AddRemove-The Clockwork Man - c:\program files\Yahoo! Games\The Clockwork Man\Uninstall.exe
AddRemove-Wizard Land - c:\program files\Yahoo! Games\Wizard Land\Uninstall.exe
AddRemove-Youda Farmer_is1 - c:\program files\Youda Farmer\ReflexiveArcade\unins000.exe
AddRemove-{597728B2-C911-48CB-8C4E-97B2154B4FB1}_is1 - c:\program files\Limewire Plus+\unins000.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\Root\LEGACY_TDX\0000\Control]
@DACL=(02 0000)
"ActiveService"="tdx"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2012-02-07 19:55:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-08 01:55
.
Pre-Run: 177,192,361,984 bytes free
Post-Run: 180,257,787,904 bytes free
.
- - End Of File - - 506EF971C5C4BBDE89CC134DF9A0856C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users