Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Is Acting Odd


  • This topic is locked This topic is locked
21 replies to this topic

#1 selfmade64856

selfmade64856

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 28 February 2012 - 02:24 PM

Hello,

I was told to post my OTL logs here. I attempted to download and run DDS but had to download the file from a different computer and then transfer the file to a flash drive so that I could run it on my computer....however after running DDS nothing happened. The only thing that it did was open and then close a cmd window. No logs were created.

So here is the OTL.txt log:


OTL logfile created on: 2/28/2012 9:05:10 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.75 Gb Total Physical Memory | 11.30 Gb Available Physical Memory | 71.77% Memory free
31.50 Gb Paging File | 26.84 Gb Available in Paging File | 85.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.95 Gb Total Space | 406.16 Gb Free Space | 29.31% Space Free | Partition Type: NTFS
Drive D: | 11.22 Gb Total Space | 1.37 Gb Free Space | 12.21% Space Free | Partition Type: NTFS
Drive J: | 3.72 Gb Total Space | 2.32 Gb Free Space | 62.29% Space Free | Partition Type: FAT32
Drive M: | 184.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MEAT_BOY | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Courtney\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (SBAMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
SRV - (SBPIMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
SRV - (UltiDev Web Server Pro) -- C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe (UltiDev LLC)
SRV - (UWS LoPriv Services) -- C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe (UltiDev LLC)
SRV - (UWS HiPriv Services) -- C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe (UltiDev LLC)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (AswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LVUVC64) Logitech Webcam 120(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={B8218AA0-9C3B-4B79-8850-575DA8F59990}&mid=d02e972a329747d1aa87fd6e91ccf2e9-0c8d9b0229efda51ca3de1d30e462d404174446e&lang=en&ds=ft011&pr=sa&d=2012-02-27 23:59:16&v=10.0.0.7&sap=hp
IE - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/21 23:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 09:08:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/25 19:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/02/27 23:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/28 08:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/21 23:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/28 17:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2012/02/18 18:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\ch8r15m0.default\extensions
[2012/02/18 18:28:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\ch8r15m0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/21 23:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CH8R15M0.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/02/21 23:17:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/27 23:59:07 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/08 15:11:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 15:11:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Cooliris (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.2.44674_0\lib/cooliris.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Flash Video Download = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.2_0\
CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\1.0.3_0\
CHR - Extension: YouTube = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Google Search = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Ripple Mobile Environment Emulator (Beta) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc\0.9.2_0\
CHR - Extension: AVG Safe Search = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Cooliris = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.2.44674_0\
CHR - Extension: Gmail = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/14 20:37:21 | 000,443,338 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 15180 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2115698326-2706961171-367882499-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\S-1-5-21-2115698326-2706961171-367882499-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files (x86)\Advanced JPEG Compressor\ajcieex.htm ()
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files (x86)\Advanced JPEG Compressor\ajcieex.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{592352AE-8CFF-4574-9953-18AD7BFFDA1E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{59204bbc-fc70-11e0-893d-2c27d7281b1a}\Shell - "" = AutoRun
O33 - MountPoints2\{59204bbc-fc70-11e0-893d-2c27d7281b1a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 08:51:39 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/02/28 08:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/28 08:46:55 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/28 08:46:51 | 000,335,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/28 08:46:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/28 08:46:14 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/28 08:45:59 | 000,817,496 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/28 08:45:34 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/28 08:45:33 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/28 08:44:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/28 08:44:50 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/28 08:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/28 08:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/27 23:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/27 23:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/02/27 23:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/02/27 23:57:47 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2012/02/27 23:02:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Courtney\Desktop\dds.scr
[2012/02/26 00:10:17 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Kiwoo
[2012/02/24 20:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/02/24 20:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/02/24 20:06:45 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/02/24 20:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/02/24 20:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/02/24 20:03:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\GFI Software
[2012/02/24 19:17:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/24 18:57:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/24 18:55:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 17:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012/02/22 13:29:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Outlook Files
[2012/02/21 17:08:33 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Comodo
[2012/02/21 17:02:15 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Mozenda
[2012/02/21 17:02:15 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozenda
[2012/02/21 14:59:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\rat-trap2
[2012/02/21 03:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/21 02:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/21 02:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/02/21 02:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/21 02:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/02/20 22:36:21 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\Rat TRap
[2012/02/20 21:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebExtractor360
[2012/02/20 21:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebExtractor360
[2012/02/20 16:20:42 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\SugarCRM
[2012/02/18 19:34:54 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey
[2012/02/18 19:34:52 | 000,000,000 | ---D | C] -- C:\Prey
[2012/02/18 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2012/02/18 16:06:52 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Cooliris
[2012/02/16 03:01:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/02/15 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Kevin
[2012/02/15 03:04:06 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/02/15 01:13:26 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 01:13:24 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 01:13:24 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 01:13:12 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 01:12:56 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 01:12:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 01:12:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 01:12:55 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 01:12:55 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 01:12:55 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 01:12:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/13 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\new-pan-example
[2012/02/13 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/13 12:10:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\PACE Anti-Piracy
[2012/02/13 12:10:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\PACE Anti-Piracy
[2012/02/13 12:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012/02/13 12:10:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Adobe
[2012/02/13 11:35:06 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Flash Clock
[2012/02/13 04:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
[2012/02/13 04:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SourceTec
[2012/02/13 03:42:27 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\SourceTec
[2012/02/13 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SourceTec
[2012/02/12 07:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flashificator
[2012/02/12 04:41:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\Loaders
[2012/02/09 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\PictoColor
[2012/02/08 22:34:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\website-set-up
[2012/02/08 21:34:27 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\website-set-up-tutorial
[2012/02/08 09:57:48 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\AutoPlay Media Studio 8
[2012/02/08 09:57:35 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\IndigoRose
[2012/02/08 09:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Indigo Rose Corporation
[2012/02/08 09:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\IndigoRose
[2012/02/08 09:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoPlay Media Studio 8
[2012/02/07 23:33:50 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2012/02/07 23:33:36 | 000,000,000 | ---D | C] -- C:\New Folder
[2012/02/06 14:06:29 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/06 14:00:30 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/02/06 14:00:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/02/06 14:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/02/06 14:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/02/06 14:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/02/06 13:36:42 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/06 13:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/06 13:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/06 13:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/05 21:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/02/05 21:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/02/05 13:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2
[2012/02/05 01:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/05 01:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/05 01:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/03 19:35:57 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SYSINFO.OCX
[2012/02/03 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Easy Macro Recorder
[2012/02/03 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Easy Macro Recorder
[2012/02/03 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Macro Recorder
[2012/02/03 19:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Macro Recorder
[2012/02/03 16:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JitBit
[2012/02/02 12:45:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\Windward Mall
[2012/01/30 05:01:33 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/30 05:01:33 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/30 05:01:33 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/30 05:01:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/30 05:01:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/30 05:01:33 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/30 02:39:31 | 000,000,000 | ---D | C] -- C:\temp
[2012/01/29 21:19:50 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\permissions-linux
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 09:05:44 | 000,845,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/28 09:05:44 | 000,707,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/28 09:05:44 | 000,139,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/28 09:03:06 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2115698326-2706961171-367882499-1000UA.job
[2012/02/28 09:00:42 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/02/28 08:51:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/02/28 08:46:56 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/28 08:45:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/28 08:43:35 | 000,000,512 | ---- | M] () -- C:\Users\Courtney\Desktop\MBR.dat
[2012/02/28 08:15:37 | 090,307,428 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/27 23:58:36 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2012/02/27 23:58:34 | 002,044,186 | ---- | M] () -- C:\Users\Courtney\Desktop\tdsskiller.zip
[2012/02/27 23:49:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 23:49:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/27 23:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 23:40:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/02/27 23:40:13 | 4093,075,454 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 23:39:06 | 000,008,588 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120227_233900.reg
[2012/02/27 23:27:02 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/27 23:27:02 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/27 23:24:25 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/02/27 22:58:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Courtney\Desktop\dds.scr
[2012/02/27 22:54:36 | 000,000,000 | ---- | M] () -- C:\Users\Courtney\defogger_reenable
[2012/02/27 22:44:54 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCourtney.job
[2012/02/27 22:35:47 | 000,868,154 | ---- | M] () -- C:\Users\Courtney\Desktop\Clean Listener.jsx
[2012/02/27 18:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/02/27 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/02/27 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/02/27 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/02/27 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/02/27 12:03:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2115698326-2706961171-367882499-1000Core.job
[2012/02/25 17:24:36 | 000,398,749 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/24 20:06:50 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012/02/23 06:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 06:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/23 06:23:10 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/23 06:12:43 | 000,817,496 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/23 06:12:42 | 000,335,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/23 06:11:04 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/23 06:10:43 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/23 06:10:38 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/23 06:10:19 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/22 20:36:20 | 000,023,611 | ---- | M] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/02/22 20:29:00 | 000,023,554 | ---- | M] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/02/22 13:29:05 | 000,001,103 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/21 17:02:15 | 000,002,141 | ---- | M] () -- C:\Users\Courtney\Desktop\Mozenda.lnk
[2012/02/21 02:49:27 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/20 23:32:40 | 000,000,770 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120220_233234.reg
[2012/02/20 23:23:51 | 000,012,924 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120220_232346.reg
[2012/02/20 23:12:05 | 000,002,030 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120220_231201.reg
[2012/02/20 13:12:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/02/19 19:10:08 | 000,000,986 | ---- | M] () -- C:\Users\Courtney\Desktop\knock-knock - Shortcut.lnk
[2012/02/15 03:25:23 | 004,987,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 20:37:21 | 000,443,338 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/13 18:48:46 | 000,006,760 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120213_184843.reg
[2012/02/13 17:42:00 | 008,790,363 | ---- | M] () -- C:\Users\Courtney\Desktop\scene_video_6.flv
[2012/02/13 17:21:51 | 084,987,499 | ---- | M] () -- C:\Users\Courtney\Desktop\P2134835 Panorama.tif
[2012/02/13 16:19:36 | 000,465,534 | ---- | M] () -- C:\Users\Courtney\Desktop\player.jpg
[2012/02/13 04:14:10 | 000,001,182 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2012/02/12 22:23:05 | 000,000,132 | ---- | M] () -- C:\Users\Courtney\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/11 00:46:01 | 000,012,321 | ---- | M] () -- C:\Users\Courtney\Desktop\dennie.jpg
[2012/02/11 00:19:48 | 000,035,304 | ---- | M] () -- C:\Users\Courtney\Desktop\309334_10150328259129897_554619896_7757295_1542813699_n.jpg
[2012/02/09 16:53:42 | 000,026,971 | ---- | M] () -- C:\Users\Courtney\Documents\google-contacts-2-9-12.csv
[2012/02/08 21:47:07 | 020,756,036 | ---- | M] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4.mp4
[2012/02/08 21:47:07 | 000,416,149 | ---- | M] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4_controller.swf
[2012/02/08 21:47:07 | 000,004,620 | ---- | M] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4.html
[2012/02/08 21:41:42 | 001,214,725 | ---- | M] () -- C:\Users\Courtney\Desktop\FirstFrame.png
[2012/02/08 19:56:33 | 000,006,656 | ---- | M] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 17:59:56 | 138,950,601 | ---- | M] () -- C:\Users\Courtney\Desktop\360-Resources-CD.exe
[2012/02/08 02:18:41 | 000,101,620 | ---- | M] () -- C:\Users\Courtney\Desktop\2012-calendar-4.png
[2012/02/06 14:06:29 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/06 14:06:25 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/02/06 13:29:49 | 000,007,136 | ---- | M] () -- C:\Users\Courtney\Documents\ccleaner-2-6-2012.reg
[2012/02/05 02:52:15 | 000,443,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120214-203721.backup
[2012/02/05 01:49:34 | 000,443,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120205-025215.backup
[2012/02/05 01:48:42 | 000,443,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120205-014934.backup
[2012/02/05 01:42:47 | 000,001,284 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/03 19:35:57 | 000,001,030 | ---- | M] () -- C:\Users\Courtney\Desktop\Easy Macro Recorder.lnk
[2012/02/03 16:59:51 | 000,001,351 | ---- | M] () -- C:\Users\Courtney\Documents\AutoHotkey.ahk
[2012/01/30 04:33:50 | 000,000,000 | ---- | M] () -- C:\Users\Courtney\Desktop\tftp
[2012/01/30 04:33:49 | 000,000,000 | ---- | M] () -- C:\Users\Courtney\Desktop\cd
[2012/01/30 01:45:50 | 001,768,904 | ---- | M] () -- C:\Users\Courtney\Desktop\short.bin
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/28 08:46:56 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/28 08:45:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/28 08:43:35 | 000,000,512 | ---- | C] () -- C:\Users\Courtney\Desktop\MBR.dat
[2012/02/27 23:58:16 | 002,044,186 | ---- | C] () -- C:\Users\Courtney\Desktop\tdsskiller.zip
[2012/02/27 23:39:04 | 000,008,588 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120227_233900.reg
[2012/02/27 23:24:25 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/02/27 22:54:36 | 000,000,000 | ---- | C] () -- C:\Users\Courtney\defogger_reenable
[2012/02/24 20:06:50 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012/02/22 14:14:32 | 000,023,554 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/02/22 13:53:27 | 000,023,611 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/02/22 13:29:05 | 000,001,103 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/21 17:02:15 | 000,002,141 | ---- | C] () -- C:\Users\Courtney\Desktop\Mozenda.lnk
[2012/02/21 02:49:27 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/20 23:32:38 | 000,000,770 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120220_233234.reg
[2012/02/20 23:23:49 | 000,012,924 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120220_232346.reg
[2012/02/20 23:12:03 | 000,002,030 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120220_231201.reg
[2012/02/20 16:16:08 | 000,014,633 | ---- | C] () -- C:\Users\Courtney\Desktop\LeadDuplicateCheck.diff
[2012/02/19 19:10:08 | 000,000,986 | ---- | C] () -- C:\Users\Courtney\Desktop\knock-knock - Shortcut.lnk
[2012/02/18 19:36:12 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/02/13 18:48:44 | 000,006,760 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120213_184843.reg
[2012/02/13 17:42:00 | 008,790,363 | ---- | C] () -- C:\Users\Courtney\Desktop\scene_video_6.flv
[2012/02/13 17:21:50 | 084,987,499 | ---- | C] () -- C:\Users\Courtney\Desktop\P2134835 Panorama.tif
[2012/02/13 16:19:36 | 000,465,534 | ---- | C] () -- C:\Users\Courtney\Desktop\player.jpg
[2012/02/13 04:14:10 | 000,001,182 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2012/02/12 09:56:00 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/02/12 07:34:39 | 000,000,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flashificator.lnk
[2012/02/11 00:22:07 | 000,012,321 | ---- | C] () -- C:\Users\Courtney\Desktop\dennie.jpg
[2012/02/11 00:19:52 | 000,035,304 | ---- | C] () -- C:\Users\Courtney\Desktop\309334_10150328259129897_554619896_7757295_1542813699_n.jpg
[2012/02/09 16:54:02 | 000,026,971 | ---- | C] () -- C:\Users\Courtney\Documents\google-contacts-2-9-12.csv
[2012/02/08 21:47:07 | 000,416,149 | ---- | C] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4_controller.swf
[2012/02/08 21:47:07 | 000,009,759 | ---- | C] () -- C:\Users\Courtney\Desktop\swfobject.js
[2012/02/08 21:47:07 | 000,004,620 | ---- | C] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4.html
[2012/02/08 21:41:42 | 020,756,036 | ---- | C] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4.mp4
[2012/02/08 21:41:42 | 001,214,725 | ---- | C] () -- C:\Users\Courtney\Desktop\FirstFrame.png
[2012/02/08 17:59:56 | 138,950,601 | ---- | C] () -- C:\Users\Courtney\Desktop\360-Resources-CD.exe
[2012/02/08 02:18:44 | 000,101,620 | ---- | C] () -- C:\Users\Courtney\Desktop\2012-calendar-4.png
[2012/02/06 14:01:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/06 14:01:34 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/06 13:29:42 | 000,007,136 | ---- | C] () -- C:\Users\Courtney\Documents\ccleaner-2-6-2012.reg
[2012/02/05 12:36:28 | 000,868,154 | ---- | C] () -- C:\Users\Courtney\Desktop\Clean Listener.jsx
[2012/02/05 01:42:47 | 000,001,284 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/03 19:35:57 | 000,001,030 | ---- | C] () -- C:\Users\Courtney\Desktop\Easy Macro Recorder.lnk
[2012/02/03 16:59:51 | 000,001,351 | ---- | C] () -- C:\Users\Courtney\Documents\AutoHotkey.ahk
[2012/01/30 04:33:40 | 000,000,000 | ---- | C] () -- C:\Users\Courtney\Desktop\tftp
[2012/01/30 04:33:40 | 000,000,000 | ---- | C] () -- C:\Users\Courtney\Desktop\cd
[2012/01/30 03:56:51 | 001,768,904 | ---- | C] () -- C:\Users\Courtney\Desktop\short.bin
[2012/01/26 15:04:23 | 000,006,656 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/12 18:15:16 | 000,640,192 | ---- | C] () -- C:\Program Files (x86)\UninstallNA.exe
[2011/11/30 10:01:55 | 000,000,132 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/10/30 21:18:28 | 000,000,132 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/29 15:08:01 | 000,001,456 | ---- | C] () -- C:\Users\Courtney\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/24 19:22:42 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/10/24 19:22:42 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/10/24 19:22:42 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/10/24 19:22:42 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/10/24 19:22:42 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/10/24 19:22:42 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/10/24 19:22:42 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/10/24 19:22:42 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/10/24 19:22:42 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/10/24 19:22:42 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/10/24 19:22:42 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/10/24 19:22:42 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/10/24 19:22:42 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/10/24 19:22:42 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/10/24 19:22:42 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/10/24 19:22:42 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/10/24 13:47:54 | 000,000,081 | RHS- | C] () -- C:\Windows\CT6PRET.BIN
[2011/10/22 16:20:41 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/22 16:20:35 | 000,000,191 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/09/22 13:17:10 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/20 21:59:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/20 21:54:36 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 18:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 07:15:43 | 000,839,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:890CC2F3
@Alternate Data Stream - 1148 bytes -> C:\Users\Courtney\AppData\Local\l1cfCYvS:nPrrGywGVVTD8aB5COv
@Alternate Data Stream - 1037 bytes -> C:\Users\Courtney\AppData\Local\Temp:Bd5Uvyt0vndfsRFNw6KC

< End of report >


and here is the Extras.txt log:

OTL Extras logfile created on: 2/28/2012 9:05:10 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.75 Gb Total Physical Memory | 11.30 Gb Available Physical Memory | 71.77% Memory free
31.50 Gb Paging File | 26.84 Gb Available in Paging File | 85.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.95 Gb Total Space | 406.16 Gb Free Space | 29.31% Space Free | Partition Type: NTFS
Drive D: | 11.22 Gb Total Space | 1.37 Gb Free Space | 12.21% Space Free | Partition Type: NTFS
Drive J: | 3.72 Gb Total Space | 2.32 Gb Free Space | 62.29% Space Free | Partition Type: FAT32
Drive M: | 184.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MEAT_BOY | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2115698326-2706961171-367882499-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [UWS_CLR1] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2x86.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR2] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR4] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr4AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [UWS_CLR1] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2x86.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR2] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr2AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Directory [UWS_CLR4] -- "C:\Program Files (x86)\UltiDev\Web Server\\UWS.InteractiveServer.Clr4AnyCPU.exe" "/path:%1" /port:0 /vdir:/ /dirbrowsing:yes (UltiDev LLC)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06B60360-9DBD-4593-90A0-FD237F0845A2}" = Topaz DeNoise 5 (64-bit)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CDE9DB9-7D47-46F8-83DC-9DD9899BBBFC}" = Topaz ReMask 3 (64-bit)
"{1D5CE83C-BFDD-4668-8BCB-E8614334A657}" = Adobe Photoshop Lightroom 3.4 64-bit
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.POWERPOINT_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.POWERPOINT_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.POWERPOINT_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A981E64B-0F10-45D9-BD5C-A4DF7B87E218}" = Topaz Detail 2 (64-bit)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA3D5FF2-A405-4654-826E-A09FABB01853}" = Topaz Fusion Express 2 (64-bit)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C56E2D3A-6A89-43AF-A024-769A9D70EAFC}" = PTLens
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC8F0C18-E6B0-4722-A4AB-D134473091C2}" = Topaz DeJpeg 4 (64-bit)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{E44D14E2-A6D0-4F38-BF06-2E4244E23FED}" = Topaz InFocus (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}" = Topaz Clean 3 (64-bit)
"{FB237A35-F491-4AC1-95E0-85118D6751D9}" = Topaz Adjust 4 (64-bit)
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"1F83630F1D96893C47BCF19B627F1BBA13E0DAF7" = Windows Driver Package - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam (06/21/2007 2.2.0.0)
"AVG" = AVG 2012
"CCleaner" = CCleaner
"D4D93CD19C3E3B78F95D0606CD187BDE3317187F" = Windows Driver Package - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam (12/28/2006 1.0.0.0)
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"MediaInfo" = MediaInfo 0.7.53
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.1
"WinRAR archiver" = WinRAR 4.10 beta 2 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0004206C-AFF4-472E-9981-B443FAADA1D1}" = Image Trends' Fisheye-Hemi Plug-In 1.2.4
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1" = Sothink SWF Editor version 1.1
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1B9DF2F7-6E59-4F9D-ADE1-F0CF9C7F4B0F}" = Xara Designer Pro 7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3BC970D1-C41C-4BA1-95B2-C519A6C661DB}" = Mozenda
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5AE1721C-A430-4886-B3A1-8D6E5E6CD2A8}" = DxO Optics Pro 6
"{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz InFocus
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60CE924D-12CB-4A96-8B75-18F92CE1D585}" = CrazyTalk v6.21 PRO
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770D3BDC-19D7-49D0-B60B-C5BB77553FBB}" = Topaz Fusion Express 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80958B03-07E3-4F0A-8950-4F709899F321}" = OLYMPUS Studio 2
"{8117EA22-035F-4880-86AE-AC7C4F1FA3E2}" = Topaz ReMask 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{88246387-F3C7-43D3-B1C8-A5FEB11D6C61}_is1" = AC3 Player version 1.0
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE73206-D13D-C21D-DA51-3F0A6AE1C0CE}" = Flashificator
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.3.3
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2436E-FA3D-4451-AD1E-1E816657E61D}" = Coby Media Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A575685D-B473-43C8-8644-196A2642A832}" = VIPRE Antivirus
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B38A9B1A-DAEF-4ECC-AC7D-FDB12EAE5663}_is1" = kBilling Invoicing Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BB760C1D-98F4-4E38-8CC4-3B67329AA981}" = HP MediaSmart/TouchSmart Netflix
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BDFA3935-ED56-4B4C-BF51-C16FAA488CB2}" = UltiDev Web Server Pro
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp
"{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Antivirus
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{DF49D66D-D2D3-46DA-878B-F0BFC7795276}" = Flip
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AAA Logo Free Trial_is1" = AAA Logo 3.2 Free Trial
"AC3File_is1" = AC3File 0.6b
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced JPEG Compressor_is1" = Advanced JPEG Compressor 2011
"Altostorm Panorama Corrector_is1" = Altostorm Panorama Corrector v2.0
"AutoPlay Media Studio 8" = AutoPlay Media Studio 8
"avast" = avast! Free Antivirus
"AVG PC Tuneup 2011_is1" = AVG PC Tuneup 2011 10.0.0.24
"AVG Secure Search" = AVG Security Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Black Mirror 3" = Black Mirror 3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.Flashificator" = Flashificator
"DivX Setup.divx.com" = DivX Setup
"Dream Aquarium" = Dream Aquarium 1.234
"Dynamic-Photo HDR 5_is1" = Dynamic-Photo HDR 5
"Easy Macro Recorder_is1" = Easy Macro Recorder 3.84
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"Freecorder5.07" = Freecorder 5
"Game Booster_is1" = Game Booster
"Ground Environment X North America" = Ground Environment X North America
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"LameACM" = LameACM
"Logitech Vid" = Logitech Vid HD
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MAGIX_MSI_Xara_Designer_Pro_7" = Xara Designer Pro 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"OpenAL" = OpenAL
"Pano2VR" = Pano2VR - Garden Gnome Software
"PDF Complete" = PDF Complete Special Edition
"Postal 2_is1" = Portal 2
"PTGui" = PTGui Pro 9.0
"Silver Efex Pro 2" = Silver Efex Pro 2
"Spdifer_is1" = Spdifer 0.3b
"SWiSH Max4" = SWiSH Max4
"The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales version 1.03
"Topaz Adjust 4" = Topaz Adjust 4
"Topaz Adjust 4 (64-bit)" = Topaz Adjust 4 (64-bit)
"Topaz Clean 3" = Topaz Clean 3
"Topaz Clean 3 (64-bit)" = Topaz Clean 3 (64-bit)
"Topaz DeJpeg 4" = Topaz DeJpeg 4
"Topaz DeJpeg 4 (64-bit)" = Topaz DeJpeg 4 (64-bit)
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz DeNoise 5 (64-bit)" = Topaz DeNoise 5 (64-bit)
"Topaz Detail 2" = Topaz Detail 2
"Topaz Detail 2 (64-bit)" = Topaz Detail 2 (64-bit)
"Topaz Fusion Express 2" = Topaz Fusion Express 2
"Topaz Fusion Express 2 (64-bit)" = Topaz Fusion Express 2 (64-bit)
"Topaz InFocus" = Topaz InFocus
"Topaz InFocus (64-bit)" = Topaz InFocus (64-bit)
"Topaz ReMask 3" = Topaz ReMask 3
"Topaz ReMask 3 (64-bit)" = Topaz ReMask 3 (64-bit)
"tw650_pro_is1" = Tourweaver 6.50 Professional Edition
"tw700_pro_is1" = Tourweaver 7.00 Professional Edition
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"vReveal 3" = vReveal 3
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2115698326-2706961171-367882499-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2012 8:24:44 AM | Computer Name = ImRichbleep | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Easypano\tourweaver
7 beta\TW_CylinderTypeScale.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/20/2012 1:28:15 AM | Computer Name = ImRichbleep | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1098 Start
Time: 01ccef6144fb5f5d Termination Time: 8 Application Path: C:\Users\Courtney\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: a2387892-5b83-11e1-815a-2c27d7281b1a

Error - 2/20/2012 2:08:49 AM | Computer Name = ImRichbleep | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16cc Start
Time: 01ccef907417e46f Termination Time: 7 Application Path: C:\Users\Courtney\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 58ffa857-5b89-11e1-815a-2c27d7281b1a

Error - 2/20/2012 4:51:50 AM | Computer Name = ImRichbleep | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1ab0 Start
Time: 01ccefa3f2e2dac5 Termination Time: 7 Application Path: C:\Users\Courtney\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 1e9e1338-5ba0-11e1-815a-2c27d7281b1a

Error - 2/20/2012 6:13:38 AM | Computer Name = ImRichbleep | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f90 Start
Time: 01cceface3ab4bb5 Termination Time: 7 Application Path: C:\Users\Courtney\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 8c14f2c9-5bab-11e1-815a-2c27d7281b1a

Error - 2/20/2012 6:22:36 AM | Computer Name = ImRichbleep | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 26c Start
Time: 01ccefb858ecc26b Termination Time: 5 Application Path: C:\Users\Courtney\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: cdea9c0a-5bac-11e1-815a-2c27d7281b1a

Error - 2/20/2012 5:56:36 PM | Computer Name = ImRichbleep | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 17.0.963.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1818 Start
Time: 01ccefb991d940f5 Termination Time: 8 Application Path: C:\Users\Courtney\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: c072dbd0-5c0d-11e1-815a-2c27d7281b1a

Error - 2/20/2012 8:20:44 PM | Computer Name = ImRichbleep | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\Easypano\tourweaver
7 beta\TW_CylinderTypeScale.exe". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/21/2012 5:20:50 AM | Computer Name = ImRichbleep | Source = WinMgmt | ID = 10
Description =

Error - 2/21/2012 5:48:29 AM | Computer Name = mojojojo | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 12/14/2011 1:58:43 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description =

Error - 12/14/2011 2:04:41 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description =

Error - 12/14/2011 2:05:17 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description =

Error - 12/14/2011 2:23:11 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description =

Error - 12/14/2011 3:06:35 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description =

Error - 12/14/2011 3:06:44 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description =

Error - 12/14/2011 3:07:16 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description =

Error - 2/12/2012 1:09:15 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
16127 Ram Utilization: 20 TargetSite: Void RaiseExceptionIfNecessary()

Error - 2/19/2012 1:10:37 AM | Computer Name = ImRichbleep | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
16127 Ram Utilization: 30 TargetSite: Void RaiseExceptionIfNecessary()

Error - 2/21/2012 7:32:44 PM | Computer Name = Frank_Rizzo | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
16127 Ram Utilization: 20 TargetSite: Void RaiseExceptionIfNecessary()

[ System Events ]
Error - 1/21/2012 4:34:38 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR7.

Error - 1/21/2012 4:37:02 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR8.

Error - 1/21/2012 4:46:32 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR9.

Error - 1/21/2012 4:51:07 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR11.

Error - 1/21/2012 4:54:35 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR12.

Error - 1/21/2012 5:17:48 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR14.

Error - 1/22/2012 12:07:08 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR15.

Error - 1/22/2012 3:04:14 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR20.

Error - 1/22/2012 5:50:09 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR21.

Error - 1/22/2012 6:13:46 AM | Computer Name = ImRichbleep | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk6\DR22.


< End of report >
Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

BC AdBot (Login to Remove)

 


#2 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:48 PM

Posted 02 March 2012 - 10:54 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



I see you ran Combofix. Please look for a C:\Combofix.txt and post the contents here if exists.



If exists, delete your current Version of TDSSKiller.exe.



Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.




Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
    Vista/Windows 7 users: Right click to "Run as Administrator"

  • The tool may ask you

    This application can use AVAST! Free Antivirus to scanning
    Would you like to download latest AVAST! virus definitions ?

    Please click No

  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.




Please post in your next reply
Combofix.txt ( if exists)
TDSSKiller Log
aswMBR.txt
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#3 selfmade64856

selfmade64856
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 02 March 2012 - 05:40 PM

Hello and thanks you for your help :)

I see you ran Combofix. Please look for a C:\Combofix.txt and post the contents here if exists.


I did run Combofix but there is no log file because it was deleted. After I ran Combofix my computer became unstable and all of my programs and files no longer worked and were all set to be deleted by Combofix. I had to use the System Restore to get things to work again and System Restore seems to have removed the Combofix log.

Before we go any further I would also like to tell you that I discovered that when I accessed my server files using my FTP client that the virus injected malicious code into all of my .js files. The malicious code was always injected at the very end of the .js files and each and every injection started with this "var _0xa". We ran a script to remove the 30,000 plus infections in our files and now everything is back to normal. I don't know if telling you this will be helpful, but I thought you should know it.

So, here is the TDSS log:

------------------------------------
12:22:29.0990 6424 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
12:22:30.0585 6424 ============================================================
12:22:30.0585 6424 Current date / time: 2012/03/02 12:22:30.0585
12:22:30.0585 6424 SystemInfo:
12:22:30.0585 6424
12:22:30.0585 6424 OS Version: 6.1.7601 ServicePack: 1.0
12:22:30.0585 6424 Product type: Workstation
12:22:30.0586 6424 ComputerName: MEAT_BOY
12:22:30.0586 6424 UserName: Courtney
12:22:30.0586 6424 Windows directory: C:\Windows
12:22:30.0586 6424 System windows directory: C:\Windows
12:22:30.0586 6424 Running under WOW64
12:22:30.0586 6424 Processor architecture: Intel x64
12:22:30.0586 6424 Number of processors: 4
12:22:30.0586 6424 Page size: 0x1000
12:22:30.0586 6424 Boot type: Normal boot
12:22:30.0586 6424 ============================================================
12:22:31.0962 6424 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:22:32.0607 6424 \Device\Harddisk0\DR0:
12:22:32.0607 6424 MBR used
12:22:32.0607 6424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:22:32.0607 6424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD3E4800
12:22:32.0607 6424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD417000, BlocksNum 0x1670000
12:22:32.0687 6424 Initialize success
12:22:32.0687 6424 ============================================================
12:29:30.0324 7440 ============================================================
12:29:30.0324 7440 Scan started
12:29:30.0324 7440 Mode: Manual;
12:29:30.0324 7440 ============================================================
12:29:35.0366 7440 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:29:35.0406 7440 1394ohci - ok
12:29:35.0474 7440 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:29:35.0478 7440 ACPI - ok
12:29:35.0502 7440 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:29:35.0504 7440 AcpiPmi - ok
12:29:35.0550 7440 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:29:35.0556 7440 adp94xx - ok
12:29:35.0586 7440 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:29:35.0591 7440 adpahci - ok
12:29:35.0630 7440 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:29:35.0633 7440 adpu320 - ok
12:29:35.0729 7440 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:29:35.0743 7440 AFD - ok
12:29:35.0825 7440 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:29:35.0830 7440 agp440 - ok
12:29:35.0864 7440 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:29:35.0868 7440 aliide - ok
12:29:35.0900 7440 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:29:35.0903 7440 amdide - ok
12:29:35.0933 7440 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:29:35.0936 7440 AmdK8 - ok
12:29:36.0096 7440 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
12:29:36.0249 7440 amdkmdag - ok
12:29:36.0264 7440 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
12:29:36.0268 7440 amdkmdap - ok
12:29:36.0285 7440 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:29:36.0286 7440 AmdPPM - ok
12:29:36.0317 7440 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:29:36.0319 7440 amdsata - ok
12:29:36.0348 7440 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:29:36.0355 7440 amdsbs - ok
12:29:36.0373 7440 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:29:36.0377 7440 amdxata - ok
12:29:36.0393 7440 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
12:29:36.0397 7440 amd_sata - ok
12:29:36.0408 7440 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
12:29:36.0411 7440 amd_xata - ok
12:29:36.0451 7440 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:29:36.0457 7440 AppID - ok
12:29:36.0485 7440 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:29:36.0490 7440 arc - ok
12:29:36.0516 7440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:29:36.0519 7440 arcsas - ok
12:29:36.0599 7440 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
12:29:36.0602 7440 aswFsBlk - ok
12:29:36.0677 7440 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
12:29:36.0680 7440 aswMonFlt - ok
12:29:36.0717 7440 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
12:29:36.0720 7440 aswRdr - ok
12:29:36.0799 7440 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
12:29:36.0811 7440 aswSnx - ok
12:29:36.0864 7440 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
12:29:36.0874 7440 aswSP - ok
12:29:36.0903 7440 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
12:29:36.0907 7440 aswTdi - ok
12:29:36.0930 7440 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:36.0934 7440 AsyncMac - ok
12:29:36.0991 7440 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:29:36.0995 7440 atapi - ok
12:29:37.0028 7440 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
12:29:37.0030 7440 AtiPcie - ok
12:29:37.0102 7440 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:29:37.0106 7440 AVGIDSDriver - ok
12:29:37.0124 7440 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:29:37.0125 7440 AVGIDSEH - ok
12:29:37.0150 7440 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:29:37.0153 7440 AVGIDSFilter - ok
12:29:37.0206 7440 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
12:29:37.0215 7440 Avgldx64 - ok
12:29:37.0233 7440 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:29:37.0237 7440 Avgmfx64 - ok
12:29:37.0278 7440 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:29:37.0282 7440 Avgrkx64 - ok
12:29:37.0305 7440 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
12:29:37.0315 7440 Avgtdia - ok
12:29:37.0367 7440 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:29:37.0375 7440 b06bdrv - ok
12:29:37.0386 7440 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:29:37.0391 7440 b57nd60a - ok
12:29:37.0404 7440 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:29:37.0406 7440 Beep - ok
12:29:37.0462 7440 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
12:29:37.0464 7440 blbdrive - ok
12:29:37.0504 7440 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:29:37.0506 7440 bowser - ok
12:29:37.0520 7440 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:29:37.0522 7440 BrFiltLo - ok
12:29:37.0542 7440 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:29:37.0544 7440 BrFiltUp - ok
12:29:37.0561 7440 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:29:37.0565 7440 Brserid - ok
12:29:37.0573 7440 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:37.0575 7440 BrSerWdm - ok
12:29:37.0599 7440 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:37.0601 7440 BrUsbMdm - ok
12:29:37.0623 7440 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:37.0624 7440 BrUsbSer - ok
12:29:37.0735 7440 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:29:37.0740 7440 BTHMODEM - ok
12:29:37.0779 7440 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:37.0783 7440 cdfs - ok
12:29:37.0806 7440 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:29:37.0810 7440 cdrom - ok
12:29:37.0839 7440 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:29:37.0841 7440 circlass - ok
12:29:37.0872 7440 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:29:37.0878 7440 CLFS - ok
12:29:37.0912 7440 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:29:37.0915 7440 CmBatt - ok
12:29:38.0003 7440 cmdGuard (755f1e440b6c90d83fe3e50331e55298) C:\Windows\system32\DRIVERS\cmdguard.sys
12:29:38.0014 7440 cmdGuard - ok
12:29:38.0031 7440 cmdHlp (4b5b1688ab86ebced4bef8d337e9a722) C:\Windows\system32\DRIVERS\cmdhlp.sys
12:29:38.0033 7440 cmdHlp - ok
12:29:38.0062 7440 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:29:38.0064 7440 cmdide - ok
12:29:38.0135 7440 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:29:38.0147 7440 CNG - ok
12:29:38.0168 7440 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:29:38.0173 7440 Compbatt - ok
12:29:38.0185 7440 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:29:38.0189 7440 CompositeBus - ok
12:29:38.0214 7440 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:29:38.0216 7440 crcdisk - ok
12:29:38.0319 7440 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:29:38.0322 7440 DfsC - ok
12:29:38.0337 7440 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:29:38.0339 7440 discache - ok
12:29:38.0454 7440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:29:38.0459 7440 Disk - ok
12:29:38.0495 7440 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:29:38.0498 7440 drmkaud - ok
12:29:38.0532 7440 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:38.0545 7440 DXGKrnl - ok
12:29:38.0635 7440 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:29:38.0695 7440 ebdrv - ok
12:29:38.0720 7440 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:29:38.0727 7440 elxstor - ok
12:29:38.0816 7440 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:29:38.0821 7440 ErrDev - ok
12:29:38.0866 7440 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:29:38.0871 7440 exfat - ok
12:29:38.0890 7440 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:29:38.0893 7440 fastfat - ok
12:29:38.0917 7440 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:29:38.0919 7440 fdc - ok
12:29:38.0939 7440 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:29:38.0940 7440 FileInfo - ok
12:29:38.0953 7440 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:29:38.0955 7440 Filetrace - ok
12:29:38.0977 7440 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:29:38.0979 7440 flpydisk - ok
12:29:39.0001 7440 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:29:39.0004 7440 FltMgr - ok
12:29:39.0025 7440 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:29:39.0026 7440 FsDepends - ok
12:29:39.0037 7440 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:39.0039 7440 Fs_Rec - ok
12:29:39.0058 7440 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:39.0061 7440 fvevol - ok
12:29:39.0087 7440 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:29:39.0089 7440 gagp30kx - ok
12:29:39.0108 7440 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:29:39.0110 7440 hcw85cir - ok
12:29:39.0132 7440 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:29:39.0137 7440 HdAudAddService - ok
12:29:39.0169 7440 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:29:39.0171 7440 HDAudBus - ok
12:29:39.0190 7440 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:29:39.0192 7440 HidBatt - ok
12:29:39.0216 7440 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:29:39.0218 7440 HidBth - ok
12:29:39.0249 7440 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:29:39.0254 7440 HidIr - ok
12:29:39.0282 7440 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:39.0285 7440 HidUsb - ok
12:29:39.0329 7440 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:29:39.0332 7440 HpSAMD - ok
12:29:39.0365 7440 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:29:39.0376 7440 HTTP - ok
12:29:39.0389 7440 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:29:39.0390 7440 hwpolicy - ok
12:29:39.0427 7440 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:29:39.0430 7440 i8042prt - ok
12:29:39.0480 7440 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:29:39.0492 7440 iaStorV - ok
12:29:39.0638 7440 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:29:39.0773 7440 igfx - ok
12:29:39.0796 7440 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:29:39.0797 7440 iirsp - ok
12:29:39.0877 7440 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
12:29:39.0881 7440 inspect - ok
12:29:40.0093 7440 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
12:29:40.0128 7440 IntcAzAudAddService - ok
12:29:40.0173 7440 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:29:40.0177 7440 intelide - ok
12:29:40.0208 7440 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
12:29:40.0212 7440 intelppm - ok
12:29:40.0240 7440 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:40.0243 7440 IpFilterDriver - ok
12:29:40.0275 7440 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:29:40.0278 7440 IPMIDRV - ok
12:29:40.0297 7440 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:29:40.0300 7440 IPNAT - ok
12:29:40.0324 7440 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:29:40.0326 7440 IRENUM - ok
12:29:40.0342 7440 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:29:40.0344 7440 isapnp - ok
12:29:40.0372 7440 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:29:40.0378 7440 iScsiPrt - ok
12:29:40.0400 7440 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:40.0403 7440 kbdclass - ok
12:29:40.0423 7440 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:40.0426 7440 kbdhid - ok
12:29:40.0497 7440 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:29:40.0501 7440 KSecDD - ok
12:29:40.0574 7440 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:29:40.0580 7440 KSecPkg - ok
12:29:40.0605 7440 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:29:40.0609 7440 ksthunk - ok
12:29:40.0740 7440 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
12:29:40.0744 7440 Lavasoft Kernexplorer - ok
12:29:40.0767 7440 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
12:29:40.0771 7440 Lbd - ok
12:29:40.0808 7440 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:40.0813 7440 lltdio - ok
12:29:40.0852 7440 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:29:40.0856 7440 LSI_FC - ok
12:29:40.0876 7440 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:29:40.0880 7440 LSI_SAS - ok
12:29:40.0888 7440 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:29:40.0891 7440 LSI_SAS2 - ok
12:29:40.0902 7440 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:29:40.0905 7440 LSI_SCSI - ok
12:29:40.0933 7440 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:29:40.0936 7440 luafv - ok
12:29:41.0102 7440 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
12:29:41.0223 7440 LVUVC64 - ok
12:29:41.0281 7440 MBAMProtector (3d3c4b63f11f63f50253e734f0ace9f2) C:\Windows\system32\drivers\mbam.sys
12:29:41.0285 7440 MBAMProtector - ok
12:29:41.0355 7440 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
12:29:41.0363 7440 mcdbus - ok
12:29:41.0391 7440 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:29:41.0393 7440 megasas - ok
12:29:41.0415 7440 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:29:41.0420 7440 MegaSR - ok
12:29:41.0471 7440 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:29:41.0473 7440 Modem - ok
12:29:41.0509 7440 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:29:41.0511 7440 monitor - ok
12:29:41.0524 7440 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:29:41.0529 7440 mouclass - ok
12:29:41.0544 7440 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:41.0546 7440 mouhid - ok
12:29:41.0569 7440 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:29:41.0572 7440 mountmgr - ok
12:29:41.0596 7440 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:29:41.0600 7440 mpio - ok
12:29:41.0616 7440 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:29:41.0619 7440 mpsdrv - ok
12:29:41.0631 7440 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:29:41.0635 7440 MRxDAV - ok
12:29:41.0664 7440 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:41.0667 7440 mrxsmb - ok
12:29:41.0688 7440 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:41.0692 7440 mrxsmb10 - ok
12:29:41.0716 7440 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:41.0718 7440 mrxsmb20 - ok
12:29:41.0738 7440 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:29:41.0739 7440 msahci - ok
12:29:41.0757 7440 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:29:41.0760 7440 msdsm - ok
12:29:41.0780 7440 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:29:41.0782 7440 Msfs - ok
12:29:41.0794 7440 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:29:41.0796 7440 mshidkmdf - ok
12:29:41.0808 7440 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:29:41.0809 7440 msisadrv - ok
12:29:41.0830 7440 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:41.0831 7440 MSKSSRV - ok
12:29:41.0851 7440 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:41.0853 7440 MSPCLOCK - ok
12:29:41.0864 7440 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:29:41.0865 7440 MSPQM - ok
12:29:41.0889 7440 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:29:41.0893 7440 MsRPC - ok
12:29:41.0902 7440 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:29:41.0903 7440 mssmbios - ok
12:29:41.0928 7440 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:29:41.0930 7440 MSTEE - ok
12:29:41.0955 7440 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:29:41.0957 7440 MTConfig - ok
12:29:41.0975 7440 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:29:41.0976 7440 Mup - ok
12:29:42.0007 7440 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:42.0011 7440 NativeWifiP - ok
12:29:42.0042 7440 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:29:42.0052 7440 NDIS - ok
12:29:42.0070 7440 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:42.0072 7440 NdisCap - ok
12:29:42.0079 7440 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:42.0081 7440 NdisTapi - ok
12:29:42.0098 7440 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:42.0100 7440 Ndisuio - ok
12:29:42.0118 7440 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:42.0121 7440 NdisWan - ok
12:29:42.0140 7440 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:29:42.0142 7440 NDProxy - ok
12:29:42.0160 7440 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:29:42.0162 7440 NetBIOS - ok
12:29:42.0182 7440 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:29:42.0185 7440 NetBT - ok
12:29:42.0242 7440 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
12:29:42.0253 7440 netr28x - ok
12:29:42.0278 7440 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:29:42.0280 7440 nfrd960 - ok
12:29:42.0321 7440 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:29:42.0323 7440 Npfs - ok
12:29:42.0344 7440 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:29:42.0345 7440 nsiproxy - ok
12:29:42.0395 7440 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:29:42.0418 7440 Ntfs - ok
12:29:42.0433 7440 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:29:42.0434 7440 Null - ok
12:29:42.0464 7440 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:29:42.0467 7440 nvraid - ok
12:29:42.0497 7440 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:29:42.0503 7440 nvstor - ok
12:29:42.0545 7440 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:29:42.0551 7440 nv_agp - ok
12:29:42.0577 7440 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:29:42.0582 7440 ohci1394 - ok
12:29:42.0644 7440 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:29:42.0649 7440 Parport - ok
12:29:42.0672 7440 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:29:42.0675 7440 partmgr - ok
12:29:42.0697 7440 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:29:42.0700 7440 pci - ok
12:29:42.0729 7440 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:29:42.0732 7440 pciide - ok
12:29:42.0756 7440 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:29:42.0760 7440 pcmcia - ok
12:29:42.0777 7440 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:29:42.0779 7440 pcw - ok
12:29:42.0825 7440 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:29:42.0835 7440 PEAUTH - ok
12:29:42.0875 7440 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:42.0878 7440 PptpMiniport - ok
12:29:42.0898 7440 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:29:42.0900 7440 Processor - ok
12:29:42.0921 7440 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:29:42.0923 7440 Psched - ok
12:29:42.0959 7440 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:29:42.0963 7440 PxHlpa64 - ok
12:29:43.0083 7440 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:29:43.0110 7440 ql2300 - ok
12:29:43.0146 7440 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:29:43.0149 7440 ql40xx - ok
12:29:43.0176 7440 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:29:43.0179 7440 QWAVEdrv - ok
12:29:43.0200 7440 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:43.0203 7440 RasAcd - ok
12:29:43.0228 7440 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:29:43.0231 7440 RasAgileVpn - ok
12:29:43.0244 7440 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:43.0247 7440 Rasl2tp - ok
12:29:43.0265 7440 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:43.0268 7440 RasPppoe - ok
12:29:43.0277 7440 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:43.0280 7440 RasSstp - ok
12:29:43.0310 7440 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:43.0315 7440 rdbss - ok
12:29:43.0324 7440 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:29:43.0326 7440 rdpbus - ok
12:29:43.0334 7440 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:43.0337 7440 RDPCDD - ok
12:29:43.0365 7440 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:29:43.0367 7440 RDPENCDD - ok
12:29:43.0381 7440 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:29:43.0383 7440 RDPREFMP - ok
12:29:43.0412 7440 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:29:43.0417 7440 RDPWD - ok
12:29:43.0443 7440 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:29:43.0447 7440 rdyboost - ok
12:29:43.0475 7440 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:29:43.0478 7440 rspndr - ok
12:29:43.0528 7440 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:29:43.0539 7440 RTL8167 - ok
12:29:43.0608 7440 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:29:43.0611 7440 SASDIFSV - ok
12:29:43.0627 7440 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:29:43.0629 7440 SASKUTIL - ok
12:29:43.0671 7440 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
12:29:43.0675 7440 sbapifs - ok
12:29:43.0803 7440 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:29:43.0807 7440 sbp2port - ok
12:29:43.0877 7440 SBRE (fd833bee2fd9befdc0afd1941a306d9e) C:\Windows\system32\drivers\SBREdrv.sys
12:29:43.0878 7440 SBRE - ok
12:29:43.0955 7440 sbwtis (8c9fab91a8fa3f6404107237a9febb2c) C:\Windows\system32\DRIVERS\sbwtis.sys
12:29:43.0961 7440 sbwtis - ok
12:29:43.0993 7440 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:29:43.0998 7440 scfilter - ok
12:29:44.0019 7440 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:29:44.0021 7440 secdrv - ok
12:29:44.0060 7440 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:29:44.0065 7440 Serenum - ok
12:29:44.0098 7440 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:29:44.0104 7440 Serial - ok
12:29:44.0131 7440 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:29:44.0136 7440 sermouse - ok
12:29:44.0182 7440 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:29:44.0184 7440 sffdisk - ok
12:29:44.0203 7440 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:29:44.0204 7440 sffp_mmc - ok
12:29:44.0221 7440 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:29:44.0223 7440 sffp_sd - ok
12:29:44.0245 7440 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:29:44.0247 7440 sfloppy - ok
12:29:44.0271 7440 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:29:44.0273 7440 SiSRaid2 - ok
12:29:44.0289 7440 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:29:44.0291 7440 SiSRaid4 - ok
12:29:44.0317 7440 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:29:44.0320 7440 Smb - ok
12:29:44.0354 7440 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:29:44.0356 7440 spldr - ok
12:29:44.0407 7440 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:29:44.0412 7440 srv - ok
12:29:44.0435 7440 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:29:44.0440 7440 srv2 - ok
12:29:44.0458 7440 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:29:44.0460 7440 srvnet - ok
12:29:44.0488 7440 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:29:44.0490 7440 stexstor - ok
12:29:44.0524 7440 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:29:44.0525 7440 swenum - ok
12:29:44.0603 7440 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:29:44.0658 7440 Tcpip - ok
12:29:44.0703 7440 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:29:44.0715 7440 TCPIP6 - ok
12:29:44.0752 7440 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:29:44.0757 7440 tcpipreg - ok
12:29:44.0784 7440 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:29:44.0786 7440 TDPIPE - ok
12:29:44.0796 7440 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:29:44.0798 7440 TDTCP - ok
12:29:44.0817 7440 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:29:44.0819 7440 tdx - ok
12:29:44.0827 7440 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:29:44.0829 7440 TermDD - ok
12:29:44.0889 7440 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:44.0890 7440 tssecsrv - ok
12:29:44.0899 7440 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:29:44.0901 7440 TsUsbFlt - ok
12:29:44.0923 7440 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:29:44.0925 7440 TsUsbGD - ok
12:29:44.0949 7440 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:29:44.0952 7440 tunnel - ok
12:29:44.0987 7440 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:29:44.0989 7440 uagp35 - ok
12:29:45.0017 7440 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:29:45.0026 7440 udfs - ok
12:29:45.0140 7440 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:29:45.0145 7440 uliagpkx - ok
12:29:45.0211 7440 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:29:45.0216 7440 umbus - ok
12:29:45.0240 7440 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:29:45.0242 7440 UmPass - ok
12:29:45.0270 7440 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:29:45.0274 7440 usbaudio - ok
12:29:45.0304 7440 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:45.0308 7440 usbccgp - ok
12:29:45.0329 7440 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:29:45.0332 7440 usbcir - ok
12:29:45.0353 7440 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:29:45.0356 7440 usbehci - ok
12:29:45.0366 7440 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
12:29:45.0368 7440 usbfilter - ok
12:29:45.0391 7440 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:29:45.0398 7440 usbhub - ok
12:29:45.0412 7440 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:29:45.0415 7440 usbohci - ok
12:29:45.0438 7440 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:29:45.0440 7440 usbprint - ok
12:29:45.0498 7440 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:29:45.0503 7440 usbscan - ok
12:29:45.0543 7440 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:45.0549 7440 USBSTOR - ok
12:29:45.0580 7440 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:29:45.0585 7440 usbuhci - ok
12:29:45.0644 7440 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:29:45.0648 7440 vdrvroot - ok
12:29:45.0672 7440 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:45.0674 7440 vga - ok
12:29:45.0691 7440 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:29:45.0694 7440 VgaSave - ok
12:29:45.0716 7440 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:29:45.0720 7440 vhdmp - ok
12:29:45.0745 7440 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:29:45.0747 7440 viaide - ok
12:29:45.0757 7440 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:29:45.0759 7440 volmgr - ok
12:29:45.0783 7440 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:29:45.0789 7440 volmgrx - ok
12:29:45.0820 7440 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:29:45.0825 7440 volsnap - ok
12:29:45.0853 7440 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:29:45.0857 7440 vsmraid - ok
12:29:45.0871 7440 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:29:45.0873 7440 vwifibus - ok
12:29:45.0883 7440 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:29:45.0886 7440 vwififlt - ok
12:29:45.0906 7440 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:29:45.0908 7440 vwifimp - ok
12:29:45.0945 7440 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:29:45.0947 7440 WacomPen - ok
12:29:45.0975 7440 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:45.0978 7440 WANARP - ok
12:29:45.0982 7440 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:29:45.0984 7440 Wanarpv6 - ok
12:29:46.0028 7440 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:29:46.0030 7440 Wd - ok
12:29:46.0069 7440 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:29:46.0076 7440 Wdf01000 - ok
12:29:46.0101 7440 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:29:46.0102 7440 WfpLwf - ok
12:29:46.0121 7440 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:29:46.0122 7440 WIMMount - ok
12:29:46.0148 7440 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:29:46.0149 7440 WmiAcpi - ok
12:29:46.0180 7440 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:29:46.0182 7440 ws2ifsl - ok
12:29:46.0202 7440 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:29:46.0204 7440 WudfPf - ok
12:29:46.0222 7440 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:46.0225 7440 WUDFRd - ok
12:29:46.0277 7440 MBR (0x1B8) (96bfb3cd4fbbe3946985c851457027b5) \Device\Harddisk0\DR0
12:29:46.0506 7440 \Device\Harddisk0\DR0 - ok
12:29:46.0512 7440 Boot (0x1200) (eb1e166779973f2b9ff537e4ef521932) \Device\Harddisk0\DR0\Partition0
12:29:46.0515 7440 \Device\Harddisk0\DR0\Partition0 - ok
12:29:46.0541 7440 Boot (0x1200) (02e8db7bd5edacccf7f3e72ea618f919) \Device\Harddisk0\DR0\Partition1
12:29:46.0543 7440 \Device\Harddisk0\DR0\Partition1 - ok
12:29:46.0587 7440 Boot (0x1200) (0ab528de1fd7608ef3d0308cc9c6aa43) \Device\Harddisk0\DR0\Partition2
12:29:46.0589 7440 \Device\Harddisk0\DR0\Partition2 - ok
12:29:46.0590 7440 ============================================================
12:29:46.0590 7440 Scan finished
12:29:46.0590 7440 ============================================================
12:29:46.0617 2560 Detected object count: 0
12:29:46.0617 2560 Actual detected object count: 0
-----------------------------


Here is the ASWMBR log: (I already had this installed and had already updated the Virus Definitions)

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 00:00:36
-----------------------------
00:00:36.793 OS Version: Windows x64 6.1.7601 Service Pack 1
00:00:36.793 Number of processors: 4 586 0xA00
00:00:36.794 ComputerName: MEAT_BOY UserName: Courtney
00:00:44.109 Initialize success
00:07:29.211 AVAST engine defs: 12022800
00:07:41.996 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
00:07:41.999 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
00:07:42.027 Disk 0 MBR read successfully
00:07:42.029 Disk 0 MBR scan
00:07:42.033 Disk 0 unknown MBR code
00:07:42.036 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:07:42.051 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1419209 MB offset 206848
00:07:42.085 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11488 MB offset 2906746880
00:07:42.144 Disk 0 scanning C:\Windows\system32\drivers
00:07:51.663 Service scanning
00:08:15.956 Modules scanning
00:08:15.975 Disk 0 trace - called modules:
00:08:15.997 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
00:08:16.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d87f060]
00:08:16.011 3 CLASSPNP.SYS[fffff8800194d43f] -> nt!IofCallDriver -> [0xfffffa800d26b9b0]
00:08:16.017 5 amd_xata.sys[fffff88000ddd8b4] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa800d2689c0]
00:08:19.312 AVAST engine scan C:\
04:58:14.245 Scan finished successfully
08:43:35.437 Disk 0 MBR has been saved successfully to "C:\Users\Courtney\Desktop\MBR.dat"
08:43:35.441 The log file has been saved successfully to "C:\Users\Courtney\Desktop\aswMBR.txt"

Edited by selfmade64856, 02 March 2012 - 06:23 PM.

Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:48 PM

Posted 02 March 2012 - 06:15 PM

This is the reason why we do not want anyone to run CF without instruction.
I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.



Could you give me also a few more details why your system is acting odd. :)



Please delete the current Version of OTL.exe



Download OTL to your Desktop.
  • Double click on the icon to run it.
  • Under the Posted Image box paste this in
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a OTL.Txt. This is saved in the same location as OTL.

Please post this in your next reply.



Please post in your next reply
OTL.txt
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 selfmade64856

selfmade64856
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 02 March 2012 - 06:26 PM

whoops, forgot to attached the .dat file. Please see attached. I am right now reading your second set of instructions. I will execute your instructions and then post the results accordingly.

Attached Files

  • Attached File  MBR.zip   561bytes   0 downloads

Edited by selfmade64856, 02 March 2012 - 06:29 PM.

Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

#6 selfmade64856

selfmade64856
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 02 March 2012 - 07:00 PM

One of the main things that happened was that the infections injected a very large amount of malicious script into our website files via my ftp client. We have since had our hosting provider run a script and remove all of the malicious code.

Before the injection took place my computer began to act strangely. Many of my high demand resource programs became unstable and would simply lock up and then the computer would freeze, I would then have to restart my computer and try again. When I first posted this issue I was asked to download some files. I was unable to download any files from bleepingcomputer via the infected computer. I instead had to download the files onto a different computer, transfer them to a thumb drive and then install them from the thumb drive onto the infected computer.

I am on my computer 16 hours a day so immediately recognize when something is wrong or not working correctly.

There has not been any real significate signs, just small things that I have noticed such as the hanging programs (Program Not Responding). The malicious code injection was the only big thing that happened.

Here is the OTL og:

OTL logfile created on: 3/2/2012 1:39:41 PM - Run 2
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.75 Gb Total Physical Memory | 12.43 Gb Available Physical Memory | 78.90% Memory free
31.50 Gb Paging File | 27.51 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1385.95 Gb Total Space | 372.95 Gb Free Space | 26.91% Space Free | Partition Type: NTFS
Drive D: | 11.22 Gb Total Space | 1.37 Gb Free Space | 12.21% Space Free | Partition Type: NTFS
Drive M: | 184.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MEAT_BOY | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Courtney\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (SBAMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
SRV - (SBPIMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
SRV - (UltiDev Web Server Pro) -- C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe (UltiDev LLC)
SRV - (UWS LoPriv Services) -- C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe (UltiDev LLC)
SRV - (UWS HiPriv Services) -- C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe (UltiDev LLC)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LVUVC64) Logitech Webcam 120(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DF90E904-130A-47FB-8DBC-64AA3E8C16B4}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{DF90E904-130A-47FB-8DBC-64AA3E8C16B4}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={B8218AA0-9C3B-4B79-8850-575DA8F59990}&mid=d02e972a329747d1aa87fd6e91ccf2e9-0c8d9b0229efda51ca3de1d30e462d404174446e&lang=en&ds=ft011&pr=sa&d=2012-02-27 23:59:16&v=10.0.0.7&sap=hp
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B8218AA0-9C3B-4B79-8850-575DA8F59990}&mid=d02e972a329747d1aa87fd6e91ccf2e9-0c8d9b0229efda51ca3de1d30e462d404174446e&lang=en&ds=ft011&pr=sa&d=2012-02-27 23:59:16&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\{DF90E904-130A-47FB-8DBC-64AA3E8C16B4}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/21 23:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 09:08:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/25 19:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/02/27 23:59:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/28 08:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/21 23:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/28 17:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2012/02/18 18:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\ch8r15m0.default\extensions
[2012/02/18 18:28:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\ch8r15m0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/21 23:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\COURTNEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CH8R15M0.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/02/21 23:17:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/27 23:59:07 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/08 15:11:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 15:11:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Cooliris (Enabled) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.2.44674_0\lib/cooliris.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Courtney\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Flash Video Download = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.2_0\
CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\1.0.3_0\
CHR - Extension: YouTube = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Google Search = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Ripple Mobile Environment Emulator (Beta) = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\geelfhphabnejjhdalkjhgipohgpdnoc\0.9.2_0\
CHR - Extension: avast! WebRep = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: AVG Safe Search = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Cooliris = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\noocneohefmdhonidldnlhaainpiomkp\1.12.2.44674_0\
CHR - Extension: Gmail = C:\Users\Courtney\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/14 20:37:21 | 000,443,338 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 15180 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files (x86)\Advanced JPEG Compressor\ajcieex.htm ()
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files (x86)\Advanced JPEG Compressor\ajcieex.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{592352AE-8CFF-4574-9953-18AD7BFFDA1E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{59204bbc-fc70-11e0-893d-2c27d7281b1a}\Shell - "" = AutoRun
O33 - MountPoints2\{59204bbc-fc70-11e0-893d-2c27d7281b1a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


MsConfig:64bit - StartUpFolder: C:^Users^Courtney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Flip.lnk - C:\Program Files (x86)\Belkin\Flip\flip.exe - (Belkin Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Courtney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files (x86)\Logitech\Ereg\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpFolder: C:^Users^Courtney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Courtney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozenda.lnk - C:\Users\Courtney\AppData\Roaming\Mozenda\Programs\Mozenda.ClientConnector.exe - (Mozenda, Inc.)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Bonus.SSR.FR10 - hkey= - key= - C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
MsConfig:64bit - StartUpReg: COMODO - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: CPA - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: CRMExpress scheduler - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: FreeAC - hkey= - key= - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
MsConfig:64bit - StartUpReg: Freecorder FLV Service - hkey= - key= - C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: OM2_Monitor - hkey= - key= - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SBAMTray - hkey= - key= - C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 13:18:59 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2012/03/02 12:21:48 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2012/03/01 14:01:02 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\flash-drive
[2012/02/28 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\Surfline Grand Opening
[2012/02/28 08:51:39 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/02/28 08:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/28 08:46:55 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/28 08:46:51 | 000,335,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/28 08:46:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/28 08:46:14 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/28 08:45:59 | 000,817,496 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/28 08:45:34 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/28 08:45:33 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/28 08:44:52 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/28 08:44:50 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/28 08:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/28 08:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/27 23:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/27 23:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/02/27 23:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/02/27 23:02:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Courtney\Desktop\dds.scr
[2012/02/26 00:10:17 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Kiwoo
[2012/02/24 20:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/02/24 20:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/02/24 20:06:45 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/02/24 20:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/02/24 20:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/02/24 20:03:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\GFI Software
[2012/02/24 19:17:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/24 18:57:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/24 18:55:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 17:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012/02/22 13:29:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Outlook Files
[2012/02/21 17:08:33 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Comodo
[2012/02/21 17:02:15 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Mozenda
[2012/02/21 17:02:15 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozenda
[2012/02/21 14:59:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\rat-trap2
[2012/02/21 03:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/21 02:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/21 02:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/02/21 02:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/21 02:49:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/02/20 22:36:21 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\Rat TRap
[2012/02/20 21:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebExtractor360
[2012/02/20 21:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebExtractor360
[2012/02/20 16:20:42 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\SugarCRM
[2012/02/18 19:34:54 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey
[2012/02/18 19:34:52 | 000,000,000 | ---D | C] -- C:\Prey
[2012/02/18 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cooliris
[2012/02/18 16:06:52 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Cooliris
[2012/02/16 03:01:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/02/15 22:14:37 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Kevin
[2012/02/15 03:04:06 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/02/13 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\new-pan-example
[2012/02/13 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/13 12:10:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\PACE Anti-Piracy
[2012/02/13 12:10:29 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\PACE Anti-Piracy
[2012/02/13 12:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012/02/13 12:10:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Adobe
[2012/02/13 11:35:06 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Flash Clock
[2012/02/13 04:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
[2012/02/13 04:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SourceTec
[2012/02/13 03:42:27 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\SourceTec
[2012/02/13 03:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SourceTec
[2012/02/12 07:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flashificator
[2012/02/12 04:41:40 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\Loaders
[2012/02/09 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\PictoColor
[2012/02/08 22:34:25 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\website-set-up
[2012/02/08 21:34:27 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\website-set-up-tutorial
[2012/02/08 09:57:48 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\AutoPlay Media Studio 8
[2012/02/08 09:57:35 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\IndigoRose
[2012/02/08 09:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Indigo Rose Corporation
[2012/02/08 09:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\IndigoRose
[2012/02/08 09:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoPlay Media Studio 8
[2012/02/07 23:33:50 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2012/02/07 23:33:36 | 000,000,000 | ---D | C] -- C:\New Folder
[2012/02/06 14:06:29 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/06 14:00:30 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/02/06 14:00:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/02/06 14:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/02/06 14:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/02/06 14:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/02/06 13:36:42 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/06 13:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/02/06 13:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/06 13:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/02/05 21:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/02/05 21:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/02/05 13:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Master 2
[2012/02/05 01:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/05 01:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/05 01:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/03 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Documents\Easy Macro Recorder
[2012/02/03 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Easy Macro Recorder
[2012/02/03 19:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Macro Recorder
[2012/02/03 19:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Macro Recorder
[2012/02/03 16:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JitBit
[2012/02/02 12:45:13 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\Windward Mall
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/02 13:40:53 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/03/02 13:37:36 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/03/02 13:24:26 | 000,000,561 | ---- | M] () -- C:\Users\Courtney\Desktop\MBR.zip
[2012/03/02 13:19:29 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Courtney\Desktop\aswMBR.exe
[2012/03/02 13:03:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2115698326-2706961171-367882499-1000UA.job
[2012/03/02 12:22:08 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2012/03/02 12:17:18 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2115698326-2706961171-367882499-1000Core.job
[2012/03/02 08:15:45 | 090,586,608 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/01 22:44:15 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 22:44:15 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 20:40:31 | 000,845,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/01 20:40:31 | 000,707,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/01 20:40:31 | 000,139,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/01 18:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/03/01 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/03/01 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/03/01 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/03/01 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/03/01 14:03:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/01 14:03:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/01 13:02:03 | 000,925,788 | ---- | M] () -- C:\Users\Courtney\Desktop\Clean Listener.jsx
[2012/03/01 02:00:16 | 000,000,132 | ---- | M] () -- C:\Users\Courtney\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/29 20:09:00 | 001,130,925 | ---- | M] () -- C:\Users\Courtney\Documents\images_trump-towers-waikiki.zip
[2012/02/29 20:09:00 | 000,240,189 | ---- | M] () -- C:\Users\Courtney\Documents\resources_trump-towers-waikiki.zip
[2012/02/28 21:15:58 | 000,496,692 | ---- | M] () -- C:\Users\Courtney\Desktop\cant-see-reply.jpg
[2012/02/28 18:37:29 | 000,398,750 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/28 08:46:56 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/28 08:45:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/02/28 08:43:35 | 000,000,512 | ---- | M] () -- C:\Users\Courtney\Desktop\MBR.dat
[2012/02/28 05:33:00 | 000,067,634 | ---- | M] () -- C:\Users\Courtney\Documents\sfkhghg.php
[2012/02/27 23:58:34 | 002,044,186 | ---- | M] () -- C:\Users\Courtney\Desktop\tdsskiller.zip
[2012/02/27 23:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 23:40:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/02/27 23:40:13 | 4093,075,454 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/27 23:39:06 | 000,008,588 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120227_233900.reg
[2012/02/27 23:24:25 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/02/27 22:58:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Courtney\Desktop\dds.scr
[2012/02/27 22:54:36 | 000,000,000 | ---- | M] () -- C:\Users\Courtney\defogger_reenable
[2012/02/27 22:44:54 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCourtney.job
[2012/02/24 20:06:50 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012/02/23 06:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 06:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/02/23 06:23:10 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/02/23 06:12:43 | 000,817,496 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/02/23 06:12:42 | 000,335,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/02/23 06:11:04 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/02/23 06:10:43 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/02/23 06:10:38 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/02/23 06:10:19 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/22 20:36:20 | 000,023,611 | ---- | M] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/02/22 20:29:00 | 000,023,554 | ---- | M] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/02/22 13:29:05 | 000,001,103 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/21 17:02:15 | 000,002,141 | ---- | M] () -- C:\Users\Courtney\Desktop\Mozenda.lnk
[2012/02/21 02:49:27 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/20 23:32:40 | 000,000,770 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120220_233234.reg
[2012/02/20 23:23:51 | 000,012,924 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120220_232346.reg
[2012/02/20 23:12:05 | 000,002,030 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120220_231201.reg
[2012/02/19 19:10:08 | 000,000,986 | ---- | M] () -- C:\Users\Courtney\Desktop\knock-knock - Shortcut.lnk
[2012/02/15 03:25:23 | 004,987,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/14 20:37:21 | 000,443,338 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/13 20:39:00 | 000,000,053 | ---- | M] () -- C:\Users\Courtney\Documents\google64b5342add4c4c20.html
[2012/02/13 18:48:46 | 000,006,760 | ---- | M] () -- C:\Users\Courtney\Documents\cc_20120213_184843.reg
[2012/02/13 17:42:00 | 008,790,363 | ---- | M] () -- C:\Users\Courtney\Desktop\scene_video_6.flv
[2012/02/13 17:21:51 | 084,987,499 | ---- | M] () -- C:\Users\Courtney\Desktop\P2134835 Panorama.tif
[2012/02/13 16:19:36 | 000,465,534 | ---- | M] () -- C:\Users\Courtney\Desktop\player.jpg
[2012/02/13 04:14:10 | 000,001,182 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2012/02/11 00:46:01 | 000,012,321 | ---- | M] () -- C:\Users\Courtney\Desktop\dennie.jpg
[2012/02/11 00:19:48 | 000,035,304 | ---- | M] () -- C:\Users\Courtney\Desktop\309334_10150328259129897_554619896_7757295_1542813699_n.jpg
[2012/02/09 16:53:42 | 000,026,971 | ---- | M] () -- C:\Users\Courtney\Documents\google-contacts-2-9-12.csv
[2012/02/08 21:47:07 | 020,756,036 | ---- | M] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4.mp4
[2012/02/08 21:47:07 | 000,416,149 | ---- | M] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4_controller.swf
[2012/02/08 21:47:07 | 000,004,620 | ---- | M] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4.html
[2012/02/08 21:41:42 | 001,214,725 | ---- | M] () -- C:\Users\Courtney\Desktop\FirstFrame.png
[2012/02/08 19:56:33 | 000,006,656 | ---- | M] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 17:59:56 | 138,950,601 | ---- | M] () -- C:\Users\Courtney\Desktop\360-Resources-CD.exe
[2012/02/08 02:18:41 | 000,101,620 | ---- | M] () -- C:\Users\Courtney\Desktop\2012-calendar-4.png
[2012/02/06 14:06:29 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/06 14:06:25 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/02/06 13:29:49 | 000,007,136 | ---- | M] () -- C:\Users\Courtney\Documents\ccleaner-2-6-2012.reg
[2012/02/05 02:52:15 | 000,443,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120214-203721.backup
[2012/02/05 01:49:34 | 000,443,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120205-025215.backup
[2012/02/05 01:48:42 | 000,443,178 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120205-014934.backup
[2012/02/05 01:42:47 | 000,001,284 | ---- | M] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/03 19:35:57 | 000,001,030 | ---- | M] () -- C:\Users\Courtney\Desktop\Easy Macro Recorder.lnk
[2012/02/03 16:59:51 | 000,001,351 | ---- | M] () -- C:\Users\Courtney\Documents\AutoHotkey.ahk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/02 13:24:26 | 000,000,561 | ---- | C] () -- C:\Users\Courtney\Desktop\MBR.zip
[2012/02/29 20:09:00 | 001,130,925 | ---- | C] () -- C:\Users\Courtney\Documents\images_trump-towers-waikiki.zip
[2012/02/29 20:09:00 | 000,240,189 | ---- | C] () -- C:\Users\Courtney\Documents\resources_trump-towers-waikiki.zip
[2012/02/28 21:15:58 | 000,496,692 | ---- | C] () -- C:\Users\Courtney\Desktop\cant-see-reply.jpg
[2012/02/28 08:46:56 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/28 08:45:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/02/28 08:43:35 | 000,000,512 | ---- | C] () -- C:\Users\Courtney\Desktop\MBR.dat
[2012/02/28 05:33:00 | 000,067,634 | ---- | C] () -- C:\Users\Courtney\Documents\sfkhghg.php
[2012/02/27 23:58:16 | 002,044,186 | ---- | C] () -- C:\Users\Courtney\Desktop\tdsskiller.zip
[2012/02/27 23:39:04 | 000,008,588 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120227_233900.reg
[2012/02/27 23:24:25 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/02/27 22:54:36 | 000,000,000 | ---- | C] () -- C:\Users\Courtney\defogger_reenable
[2012/02/24 20:06:50 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012/02/22 14:14:32 | 000,023,554 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/02/22 13:53:27 | 000,023,611 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/02/22 13:29:05 | 000,001,103 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/21 17:02:15 | 000,002,141 | ---- | C] () -- C:\Users\Courtney\Desktop\Mozenda.lnk
[2012/02/21 02:49:27 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/20 23:32:38 | 000,000,770 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120220_233234.reg
[2012/02/20 23:23:49 | 000,012,924 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120220_232346.reg
[2012/02/20 23:12:03 | 000,002,030 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120220_231201.reg
[2012/02/20 16:16:08 | 000,014,633 | ---- | C] () -- C:\Users\Courtney\Desktop\LeadDuplicateCheck.diff
[2012/02/19 19:10:08 | 000,000,986 | ---- | C] () -- C:\Users\Courtney\Desktop\knock-knock - Shortcut.lnk
[2012/02/18 19:36:12 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/02/13 20:39:00 | 000,000,053 | ---- | C] () -- C:\Users\Courtney\Documents\google64b5342add4c4c20.html
[2012/02/13 18:48:44 | 000,006,760 | ---- | C] () -- C:\Users\Courtney\Documents\cc_20120213_184843.reg
[2012/02/13 17:42:00 | 008,790,363 | ---- | C] () -- C:\Users\Courtney\Desktop\scene_video_6.flv
[2012/02/13 17:21:50 | 084,987,499 | ---- | C] () -- C:\Users\Courtney\Desktop\P2134835 Panorama.tif
[2012/02/13 16:19:36 | 000,465,534 | ---- | C] () -- C:\Users\Courtney\Desktop\player.jpg
[2012/02/13 04:14:10 | 000,001,182 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk
[2012/02/12 09:56:00 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/02/12 07:34:39 | 000,000,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flashificator.lnk
[2012/02/11 00:22:07 | 000,012,321 | ---- | C] () -- C:\Users\Courtney\Desktop\dennie.jpg
[2012/02/11 00:19:52 | 000,035,304 | ---- | C] () -- C:\Users\Courtney\Desktop\309334_10150328259129897_554619896_7757295_1542813699_n.jpg
[2012/02/09 16:54:02 | 000,026,971 | ---- | C] () -- C:\Users\Courtney\Documents\google-contacts-2-9-12.csv
[2012/02/08 21:47:07 | 000,416,149 | ---- | C] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4_controller.swf
[2012/02/08 21:47:07 | 000,009,759 | ---- | C] () -- C:\Users\Courtney\Desktop\swfobject.js
[2012/02/08 21:47:07 | 000,004,620 | ---- | C] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4.html
[2012/02/08 21:41:42 | 020,756,036 | ---- | C] () -- C:\Users\Courtney\Desktop\website-set-up-tut-mp4.mp4
[2012/02/08 21:41:42 | 001,214,725 | ---- | C] () -- C:\Users\Courtney\Desktop\FirstFrame.png
[2012/02/08 17:59:56 | 138,950,601 | ---- | C] () -- C:\Users\Courtney\Desktop\360-Resources-CD.exe
[2012/02/08 02:18:44 | 000,101,620 | ---- | C] () -- C:\Users\Courtney\Desktop\2012-calendar-4.png
[2012/02/06 14:01:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/02/06 14:01:34 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/06 13:29:42 | 000,007,136 | ---- | C] () -- C:\Users\Courtney\Documents\ccleaner-2-6-2012.reg
[2012/02/05 12:36:28 | 000,925,788 | ---- | C] () -- C:\Users\Courtney\Desktop\Clean Listener.jsx
[2012/02/05 01:42:47 | 000,001,284 | ---- | C] () -- C:\Users\Courtney\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/03 19:35:57 | 000,001,030 | ---- | C] () -- C:\Users\Courtney\Desktop\Easy Macro Recorder.lnk
[2012/02/03 16:59:51 | 000,001,351 | ---- | C] () -- C:\Users\Courtney\Documents\AutoHotkey.ahk
[2012/01/26 15:04:23 | 000,006,656 | ---- | C] () -- C:\Users\Courtney\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/12 18:15:16 | 000,640,192 | ---- | C] () -- C:\Program Files (x86)\UninstallNA.exe
[2011/11/30 10:01:55 | 000,000,132 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/10/30 21:18:28 | 000,000,132 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/29 15:08:01 | 000,001,456 | ---- | C] () -- C:\Users\Courtney\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/10/24 19:22:42 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/10/24 19:22:42 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/10/24 19:22:42 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/10/24 19:22:42 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/10/24 19:22:42 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/10/24 19:22:42 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/10/24 19:22:42 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/10/24 19:22:42 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/10/24 19:22:42 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/10/24 19:22:42 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/10/24 19:22:42 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/10/24 19:22:42 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/10/24 19:22:42 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/10/24 19:22:42 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/10/24 19:22:42 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/10/24 19:22:42 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/10/24 13:47:54 | 000,000,081 | RHS- | C] () -- C:\Windows\CT6PRET.BIN
[2011/10/22 16:20:41 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/22 16:20:35 | 000,000,191 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/09/22 13:17:10 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/20 21:59:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/20 21:54:36 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 18:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 07:15:43 | 000,839,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011/10/22 15:10:18 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\AVG
[2011/10/21 23:02:46 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\AVG2012
[2011/10/26 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/26 22:18:27 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Coby
[2011/12/26 22:36:32 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Coby Media Manager
[2011/10/22 14:22:18 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\com.Flashificator
[2012/01/03 18:37:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Dream Aquarium
[2011/11/24 00:15:17 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\DxO Labs
[2012/02/03 19:36:11 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Easy Macro Recorder
[2011/11/23 13:04:30 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\ePaperPress
[2011/10/24 20:32:59 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\EPSON
[2012/03/01 13:02:10 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\FileZilla
[2011/10/31 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\GardenGnomeSoftware
[2012/02/24 20:03:40 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\GFI Software
[2011/10/22 16:35:26 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\GlobalSCAPE
[2011/10/24 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\HDRsoft
[2011/10/28 22:40:31 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\iMapBuilder
[2011/11/05 19:14:07 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\ImgBurn
[2012/02/08 09:57:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\IndigoRose
[2011/11/13 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Leadertech
[2011/12/21 10:49:23 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\LucasArts
[2011/10/23 03:15:58 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\MAGIX
[2011/12/16 12:22:31 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\MotionDSP
[2012/02/24 19:36:18 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Mozenda
[2012/02/13 12:10:30 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\PACE Anti-Piracy
[2012/02/09 15:36:00 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\PictoColor
[2011/10/23 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\PngOptimizer
[2012/02/28 16:54:19 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\PTGui
[2012/01/05 13:02:40 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\PunkBuster
[2011/12/19 12:36:04 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\SPORE
[2012/02/13 12:11:35 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/10 18:20:43 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\SWiSH Max4
[2011/10/23 20:43:10 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Thinstall
[2012/03/02 13:45:01 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\uTorrent
[2012/01/03 13:36:23 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\VoipBuster
[2011/10/22 13:16:08 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\WinBatch
[2011/10/28 16:53:18 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Zaxwerks
[2012/03/01 18:00:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/03/01 18:00:00 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/03/01 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/03/01 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/03/01 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2009/07/13 19:08:49 | 000,023,764 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/07 19:20:23 | 000,000,728 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Email Reminder.job
[2012/01/07 19:20:17 | 000,000,594 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Notification Scheduler.job
[2012/01/07 19:20:34 | 000,000,628 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Recurring Invoice.job
[2012/01/07 19:20:34 | 000,000,600 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM WorkFlow.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011/10/22 16:58:48 | 000,000,000 | ---D | M] -- C:\$AVG
[2012/02/26 00:08:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/01/26 19:37:17 | 000,000,000 | ---D | M] -- C:\divx
[2009/07/13 19:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/12 18:24:44 | 000,000,000 | ---D | M] -- C:\GEXn-Backup
[2011/07/20 22:37:53 | 000,000,000 | RHSD | M] -- C:\hp
[2011/11/09 18:32:20 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/12/26 22:04:17 | 000,000,000 | ---D | M] -- C:\MTV_OUTPUT
[2012/02/07 23:33:36 | 000,000,000 | ---D | M] -- C:\New Folder
[2012/02/07 23:33:50 | 000,000,000 | ---D | M] -- C:\New Folder (2)
[2009/07/13 17:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/02/18 19:36:08 | 000,000,000 | ---D | M] -- C:\Prey
[2012/02/28 08:44:40 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/02/27 23:59:09 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/02/28 08:44:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/02/24 19:17:44 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/02/11 09:24:35 | 000,000,000 | ---D | M] -- C:\Recovery
[2011/10/21 22:49:17 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/03/02 13:41:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/10/21 22:49:12 | 000,000,000 | RH-D | M] -- C:\SYSTEM.SAV
[2012/01/30 02:39:43 | 000,000,000 | ---D | M] -- C:\temp
[2012/02/24 17:31:15 | 000,000,000 | R--D | M] -- C:\Users
[2012/02/28 08:45:00 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >
[2012/01/12 18:20:04 | 000,640,192 | ---- | M] () -- C:\Program Files (x86)\UninstallNA.exe

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2011/02/25 19:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 20:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 20:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 20:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 17:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 19:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 19:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 17:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 15:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 15:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 15:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 15:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 17:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 17:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 17:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 17:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/13 15:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 15:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 15:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 15:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 17:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 17:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:890CC2F3
@Alternate Data Stream - 1148 bytes -> C:\Users\Courtney\AppData\Local\l1cfCYvS:nPrrGywGVVTD8aB5COv
@Alternate Data Stream - 1037 bytes -> C:\Users\Courtney\AppData\Local\Temp:Bd5Uvyt0vndfsRFNw6KC

< End of report >
Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

#7 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:48 PM

Posted 02 March 2012 - 07:16 PM

Hy there,

I see something in your logs now.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#8 selfmade64856

selfmade64856
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 02 March 2012 - 08:09 PM

Hello,

Here is the combofix log:
-----------------------
ComboFix 12-03-02.01 - Courtney 03/02/2012 14:33:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16127.12280 [GMT -10:00]
Running from: c:\users\Courtney\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 00:39 . 2012-03-03 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 18:46 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 18:46 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-28 18:46 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-28 18:46 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-28 18:45 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-28 18:45 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-28 18:45 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-28 18:44 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 18:44 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-28 18:44 . 2012-02-28 18:44 -------- d-----w- c:\programdata\AVAST Software
2012-02-28 18:44 . 2012-02-28 18:44 -------- d-----w- c:\program files\AVAST Software
2012-02-28 09:59 . 2012-02-28 09:59 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-28 09:59 . 2012-02-28 09:59 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-28 09:59 . 2012-02-28 09:59 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-25 06:07 . 2012-02-25 06:07 -------- d-----w- c:\programdata\GFI Software
2012-02-25 06:06 . 2012-01-20 02:13 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-02-25 06:06 . 2012-02-25 06:06 -------- d-----w- c:\programdata\Downloaded Installations
2012-02-25 06:03 . 2012-02-25 06:03 -------- d-----w- c:\program files (x86)\GFI Software
2012-02-25 06:03 . 2012-02-25 06:03 -------- d-----w- c:\users\Courtney\AppData\Roaming\GFI Software
2012-02-25 03:27 . 2012-02-25 03:27 -------- d-----w- c:\programdata\Recovery
2012-02-22 03:08 . 2012-02-28 09:33 -------- d-----w- c:\users\Courtney\AppData\Local\Comodo
2012-02-22 03:02 . 2012-02-25 05:36 -------- d-----w- c:\users\Courtney\AppData\Roaming\Mozenda
2012-02-21 13:09 . 2012-02-28 09:33 -------- d-----w- c:\programdata\CPA_VA
2012-02-21 12:49 . 2012-02-21 13:02 -------- d-----w- c:\programdata\Comodo
2012-02-21 12:49 . 2012-02-28 09:33 -------- d-----w- c:\program files\COMODO
2012-02-21 12:49 . 2012-02-28 09:33 -------- d-----w- c:\program files (x86)\Comodo
2012-02-21 07:13 . 2012-02-21 07:13 -------- d-----w- c:\program files (x86)\WebExtractor360
2012-02-19 05:36 . 2012-03-03 00:45 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-02-19 05:34 . 2012-02-19 05:36 -------- d-----w- C:\Prey
2012-02-19 02:06 . 2012-02-28 08:48 -------- d-----w- c:\users\Courtney\AppData\Local\Cooliris
2012-02-16 13:01 . 2012-02-16 13:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-02-15 13:04 . 2012-02-15 13:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-13 22:11 . 2012-02-13 22:11 -------- d-----w- c:\users\Courtney\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-02-13 22:10 . 2012-02-13 22:10 -------- d-----w- c:\users\Courtney\AppData\Roaming\PACE Anti-Piracy
2012-02-13 22:10 . 2012-02-13 22:10 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-02-13 22:10 . 2012-02-13 22:10 -------- d-----w- c:\users\Courtney\AppData\Local\PACE Anti-Piracy
2012-02-13 14:14 . 2012-02-13 14:14 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2012-02-13 13:42 . 2012-02-13 13:42 -------- d-----w- c:\users\Courtney\AppData\Local\SourceTec
2012-02-13 13:42 . 2012-02-13 14:14 -------- d-----w- c:\program files (x86)\SourceTec
2012-02-12 19:56 . 2012-02-07 00:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-12 17:34 . 2012-02-12 17:34 -------- d-----w- c:\program files (x86)\Flashificator
2012-02-10 01:36 . 2012-02-10 01:36 -------- d-----w- c:\users\Courtney\AppData\Roaming\PictoColor
2012-02-09 01:11 . 2012-02-22 09:17 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-09 01:11 . 2012-02-09 01:11 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-09 01:11 . 2012-02-09 01:11 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-09 01:11 . 2012-02-09 01:11 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-08 19:57 . 2012-02-08 19:57 -------- d-----w- c:\users\Courtney\AppData\Roaming\IndigoRose
2012-02-08 19:57 . 2012-02-08 19:57 -------- d-----w- c:\programdata\IndigoRose
2012-02-08 19:57 . 2012-02-08 19:57 -------- d-----w- c:\program files (x86)\AutoPlay Media Studio 8
2012-02-08 09:33 . 2012-02-08 09:33 -------- d-----w- C:\New Folder (2)
2012-02-08 09:33 . 2012-02-08 09:33 -------- d-----w- C:\New Folder
2012-02-07 00:06 . 2012-02-07 00:06 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-07 00:00 . 2012-02-07 00:00 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-07 00:00 . 2011-12-23 17:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-07 00:00 . 2012-02-07 00:00 -------- d-----w- c:\programdata\Lavasoft
2012-02-07 00:00 . 2012-02-07 00:00 -------- d-----w- c:\program files (x86)\Lavasoft
2012-02-06 23:36 . 2012-02-06 23:36 -------- d-----w- c:\users\Courtney\AppData\Roaming\SUPERAntiSpyware.com
2012-02-06 23:36 . 2012-02-06 23:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-06 23:36 . 2012-02-06 23:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-06 07:09 . 2012-02-06 07:09 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-05 11:42 . 2012-02-21 09:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-05 11:42 . 2012-02-05 11:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-04 05:35 . 2012-02-04 05:36 -------- d-----w- c:\users\Courtney\AppData\Roaming\Easy Macro Recorder
2012-02-04 05:35 . 2012-02-04 05:35 -------- d-----w- c:\program files (x86)\Easy Macro Recorder
2012-02-04 05:35 . 1998-06-24 10:00 67376 ----a-w- c:\windows\SysWow64\SYSINFO.OCX
2012-02-04 02:33 . 2012-02-04 02:33 -------- d-----w- c:\program files (x86)\JitBit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 23:12 . 2011-10-29 07:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-20 02:13 . 2012-01-20 02:13 45936 ----a-w- c:\windows\SysWow64\sbbd.exe
2012-01-18 07:00 . 2012-01-18 07:00 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-01-17 19:24 . 2012-01-17 19:24 84600 ----a-w- c:\windows\system32\drivers\sbwtis.sys
2012-01-13 04:20 . 2012-01-13 04:15 640192 ----a-w- c:\program files (x86)\UninstallNA.exe
2011-12-25 01:36 . 2011-12-25 01:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-25 01:36 . 2011-12-25 01:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-25 01:36 . 2011-12-25 01:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-25 01:36 . 2011-12-25 01:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-20 04:59 . 2011-12-20 04:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-20 04:59 . 2011-12-20 04:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-20 04:59 . 2011-12-20 04:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-20 04:58 . 2011-12-20 04:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-20 04:58 . 2011-12-20 04:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-20 04:58 . 2011-12-20 04:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-17 22:49 . 2011-12-17 22:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-28 09:59 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-28 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-02-28 939872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-02-07 55384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-07 2152152]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-01-20 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-01-20 173424]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S2 UltiDev Web Server Pro;UltiDev Web Server Pro;c:\program files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [2011-12-05 64512]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 UWS HiPriv Services;UWS HiPriv Services;c:\program files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [2011-12-05 48128]
S2 UWS LoPriv Services;UWS LoPriv Services;c:\program files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [2011-12-05 44032]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-28 909152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-02-07 17152]
S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 00:06]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2115698326-2706961171-367882499-1000Core.job
- c:\users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 08:52]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2115698326-2706961171-367882499-1000UA.job
- c:\users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 08:52]
.
2012-02-28 c:\windows\Tasks\HPCeeScheduleForCourtney.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={B8218AA0-9C3B-4B79-8850-575DA8F59990}&mid=d02e972a329747d1aa87fd6e91ccf2e9-0c8d9b0229efda51ca3de1d30e462d404174446e&lang=en&ds=ft011&pr=sa&d=2012-02-27 23:59&v=10.0.0.7&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\ch8r15m0.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe
.
**************************************************************************
.
Completion time: 2012-03-02 14:54:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-03 00:54
ComboFix2.txt 2012-02-25 05:17
.
Pre-Run: 403,971,223,552 bytes free
Post-Run: 410,988,204,032 bytes free
.
- - End Of File - - BA854BD3BF4105CCCECE7F88E42C672C
----------------------

After my computer restarted Comodo asked if I wanted to allow this "UltiDev.WebServer.Monitor.exe" to access this "dw20.exe". I am not sure if it means anything, just thought I would let you know....is it a safe process?

Thanks so much for your help :)

Courtney.
Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

#9 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:48 PM

Posted 03 March 2012 - 08:59 AM

Yes, the are safe.

I am wondering how your system has the chance to run. You have 5 different Anti Virus installed.

I see more than one Anti Virus Programm installed. In your case AVG 2012, avast, Vipre, COMODO Internet Security and Ad-Aware
Having 2 or more AVs may sound great but they can cause conflicts with each other, can lead to system slow-downs, instability, crashes and will provide less protection, not more.

So I highly recommend to uninstall 4 of them via Start > Control Panel > Add / Remove Programs and let me know which ones you have removed.

Reboot your system after uninstalling the last one.




Open notepad and copy/paste the text in the Code-box below into it:

DirLook::
c:\windows\system32\%APPDATA%
c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
AtJob::


  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Edited by Larusso, 03 March 2012 - 09:00 AM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#10 selfmade64856

selfmade64856
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 04 March 2012 - 03:47 AM

I am wondering how your system has the chance to run. You have 5 different Anti Virus installed.


I normally don't have all of those installed. I usually only have AVG, Comodo and AdAware running. I have had those three programs running on all of my computers since the early 2000's without ever a single problem.

I ran combofix, then restarted the computer when prompted. After the restart cf froze. I left it alone for about 3 hours to see if it would finish, but it didn't.

I will attempt to run cf again as per your instructions :) Thanks for your help!
Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

#11 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:48 PM

Posted 05 March 2012 - 07:46 AM

Hy there

Any luck with Combofix ? If it wont run, simply let me know :)
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#12 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:06:48 PM

Posted 06 March 2012 - 09:56 AM

Hello, are you still with us?

If you do not reply within 24 hours, this topic will be closed.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#13 selfmade64856

selfmade64856
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 08 March 2012 - 12:31 AM

Hello, are you still with us?

If you do not reply within 24 hours, this topic will be closed.



Sorry, still trying to finish up the same project :)

I am reading over your posts right now and will answer accordingly :)

Courtney
Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

#14 selfmade64856

selfmade64856
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 08 March 2012 - 12:57 AM

OK, so cf finished and logged a report, here it is:


ComboFix 12-03-02.01 - Courtney 03/07/2012 19:40:02.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16127.13427 [GMT -10:00]
Running from: c:\users\Courtney\Desktop\ComboFix.exe
Command switches used :: c:\users\Courtney\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 05:41 . 2012-03-08 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 13:29 . 2012-03-04 13:29 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-03-04 13:28 . 2012-03-04 13:28 -------- d-----w- c:\users\Courtney\AppData\Roaming\DAEMON Tools Lite
2012-03-04 13:28 . 2012-03-04 13:28 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-04 12:22 . 2012-03-04 12:22 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-03-04 12:21 . 2012-03-04 12:21 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-03-04 12:21 . 2012-03-07 04:05 -------- d-----w- c:\programdata\Rosetta Stone
2012-02-28 18:46 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 18:46 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-28 18:46 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-28 18:46 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-28 18:45 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-28 18:45 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-28 18:45 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-28 18:44 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-28 18:44 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-28 18:44 . 2012-02-28 18:44 -------- d-----w- c:\programdata\AVAST Software
2012-02-28 18:44 . 2012-02-28 18:44 -------- d-----w- c:\program files\AVAST Software
2012-02-28 09:59 . 2012-02-28 09:59 -------- d-----w- c:\programdata\AVG Secure Search
2012-02-28 09:59 . 2012-02-28 09:59 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-02-28 09:59 . 2012-02-28 09:59 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-02-25 06:07 . 2012-02-25 06:07 -------- d-----w- c:\programdata\GFI Software
2012-02-25 06:06 . 2012-01-20 02:13 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-02-25 06:06 . 2012-02-25 06:06 -------- d-----w- c:\programdata\Downloaded Installations
2012-02-25 06:03 . 2012-02-25 06:03 -------- d-----w- c:\program files (x86)\GFI Software
2012-02-25 06:03 . 2012-02-25 06:03 -------- d-----w- c:\users\Courtney\AppData\Roaming\GFI Software
2012-02-25 03:27 . 2012-02-25 03:27 -------- d-----w- c:\programdata\Recovery
2012-02-22 03:08 . 2012-02-28 09:33 -------- d-----w- c:\users\Courtney\AppData\Local\Comodo
2012-02-22 03:02 . 2012-02-25 05:36 -------- d-----w- c:\users\Courtney\AppData\Roaming\Mozenda
2012-02-21 13:09 . 2012-02-28 09:33 -------- d-----w- c:\programdata\CPA_VA
2012-02-21 12:49 . 2012-02-21 13:02 -------- d-----w- c:\programdata\Comodo
2012-02-21 12:49 . 2012-02-28 09:33 -------- d-----w- c:\program files\COMODO
2012-02-21 12:49 . 2012-02-28 09:33 -------- d-----w- c:\program files (x86)\Comodo
2012-02-21 07:13 . 2012-02-21 07:13 -------- d-----w- c:\program files (x86)\WebExtractor360
2012-02-19 05:36 . 2012-03-08 05:44 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-02-19 05:34 . 2012-02-19 05:36 -------- d-----w- C:\Prey
2012-02-19 02:06 . 2012-03-08 05:33 -------- d-----w- c:\users\Courtney\AppData\Local\Cooliris
2012-02-16 13:01 . 2012-02-16 13:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-02-15 13:04 . 2012-02-15 13:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-13 22:11 . 2012-02-13 22:11 -------- d-----w- c:\users\Courtney\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-02-13 22:10 . 2012-02-13 22:10 -------- d-----w- c:\users\Courtney\AppData\Roaming\PACE Anti-Piracy
2012-02-13 22:10 . 2012-02-13 22:10 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-02-13 22:10 . 2012-02-13 22:10 -------- d-----w- c:\users\Courtney\AppData\Local\PACE Anti-Piracy
2012-02-13 14:14 . 2012-02-13 14:14 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2012-02-13 13:42 . 2012-02-13 13:42 -------- d-----w- c:\users\Courtney\AppData\Local\SourceTec
2012-02-13 13:42 . 2012-02-13 14:14 -------- d-----w- c:\program files (x86)\SourceTec
2012-02-12 19:56 . 2012-02-07 00:06 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-12 17:34 . 2012-02-12 17:34 -------- d-----w- c:\program files (x86)\Flashificator
2012-02-10 01:36 . 2012-02-10 01:36 -------- d-----w- c:\users\Courtney\AppData\Roaming\PictoColor
2012-02-09 01:11 . 2012-02-22 09:17 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-09 01:11 . 2012-02-09 01:11 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-09 01:11 . 2012-02-09 01:11 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-09 01:11 . 2012-02-09 01:11 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-08 19:57 . 2012-02-08 19:57 -------- d-----w- c:\users\Courtney\AppData\Roaming\IndigoRose
2012-02-08 19:57 . 2012-02-08 19:57 -------- d-----w- c:\programdata\IndigoRose
2012-02-08 19:57 . 2012-02-08 19:57 -------- d-----w- c:\program files (x86)\AutoPlay Media Studio 8
2012-02-08 09:33 . 2012-02-08 09:33 -------- d-----w- C:\New Folder (2)
2012-02-08 09:33 . 2012-02-08 09:33 -------- d-----w- C:\New Folder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 23:12 . 2011-10-29 07:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-07 00:06 . 2012-02-07 00:06 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-20 02:13 . 2012-01-20 02:13 45936 ----a-w- c:\windows\SysWow64\sbbd.exe
2012-01-18 07:00 . 2012-01-18 07:00 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-01-17 19:24 . 2012-01-17 19:24 84600 ----a-w- c:\windows\system32\drivers\sbwtis.sys
2012-01-13 04:20 . 2012-01-13 04:15 640192 ----a-w- c:\program files (x86)\UninstallNA.exe
2011-12-25 01:36 . 2011-12-25 01:36 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-25 01:36 . 2011-12-25 01:36 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-25 01:36 . 2011-12-25 01:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-25 01:36 . 2011-12-25 01:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-23 17:12 . 2012-02-07 00:00 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-20 04:59 . 2011-12-20 04:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-20 04:59 . 2011-12-20 04:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-20 04:59 . 2011-12-20 04:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-20 04:58 . 2011-12-20 04:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-20 04:58 . 2011-12-20 04:58 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-20 04:58 . 2011-12-20 04:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-17 22:49 . 2011-12-17 22:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} ----
.
2012-02-06 07:09 . 2012-02-06 07:09 21494 ----a-w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\0x0409.ini
2012-02-06 07:09 . 2012-02-06 07:09 47848756 ----a-w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\HP Support Assistant.msi
.
---- Directory of c:\windows\system32\%APPDATA% ----
.
2012-02-16 13:01 . 2012-02-16 13:01 16384 --sha-w- c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-03_00.45.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-03-03 00:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-08 05:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-03 00:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 05:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 05:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-03 00:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-03-08 05:46 57744 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-08 05:46 36412 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-22 05:10 . 2012-03-08 05:46 11834 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2115698326-2706961171-367882499-1000_UserData.bin
- 2011-02-11 19:25 . 2012-03-03 00:45 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 19:25 . 2012-03-08 05:44 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 19:25 . 2012-03-03 00:45 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-11 19:25 . 2012-03-08 05:44 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-03 00:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-08 05:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-22 22:48 . 2012-02-28 09:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-22 22:48 . 2012-03-08 05:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-22 22:48 . 2012-03-08 05:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-22 22:48 . 2012-02-28 09:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-22 22:48 . 2012-02-28 09:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-22 22:48 . 2012-03-08 05:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 07:02 . 2012-03-08 05:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 07:02 . 2012-03-03 00:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-23 07:02 . 2012-03-03 00:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-23 07:02 . 2012-03-08 05:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-04 12:22 . 2012-03-04 12:22 25214 c:\windows\Installer\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}\StoneyIcon.exe
- 2012-03-03 00:44 . 2012-03-03 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-08 05:43 . 2012-03-08 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-08 05:43 . 2012-03-08 05:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-03 00:44 . 2012-03-03 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-07 00:03 . 2012-03-03 00:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-07 00:03 . 2012-03-08 05:43 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2012-03-07 09:51 707182 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-02 06:40 707182 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-02 06:40 139044 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-07 09:51 139044 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-02-28 09:40 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-08 04:59 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-03-08 05:42 484208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-03 00:43 484208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-04 12:22 . 2012-03-04 12:22 9139192 c:\windows\Installer\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}\MainIcon.exe
+ 2010-08-31 01:26 . 2010-08-31 01:26 10157056 c:\windows\Installer\117d84d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-28 09:59 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-28 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-02-28 939872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
"DisableThumbnailsOnNetworkFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
2;2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-02-07 2152152]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-21 363344]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-02-07 17152]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-02-07 55384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-01-20 173424]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S2 UltiDev Web Server Pro;UltiDev Web Server Pro;c:\program files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe [2011-12-05 64512]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 UWS HiPriv Services;UWS HiPriv Services;c:\program files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe [2011-12-05 48128]
S2 UWS LoPriv Services;UWS LoPriv Services;c:\program files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe [2011-12-05 44032]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-28 909152]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 00:06]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2115698326-2706961171-367882499-1000Core.job
- c:\users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 08:52]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2115698326-2706961171-367882499-1000UA.job
- c:\users\Courtney\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 08:52]
.
2012-02-28 c:\windows\Tasks\HPCeeScheduleForCourtney.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={B8218AA0-9C3B-4B79-8850-575DA8F59990}&mid=d02e972a329747d1aa87fd6e91ccf2e9-0c8d9b0229efda51ca3de1d30e462d404174446e&lang=en&ds=ft011&pr=sa&d=2012-02-27 23:59&v=10.0.0.7&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Courtney\AppData\Roaming\Mozilla\Firefox\Profiles\ch8r15m0.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-03-07 19:53:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 05:53
ComboFix2.txt 2012-03-03 00:54
ComboFix3.txt 2012-02-25 05:17
.
Pre-Run: 250,213,662,720 bytes free
Post-Run: 256,461,815,808 bytes free
.
- - End Of File - - 91366DD36DF85A21ACAD5BD2F6BC51A4
Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.

#15 selfmade64856

selfmade64856
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Waikiki, Hawaii
  • Local time:08:48 AM

Posted 08 March 2012 - 01:02 AM

The one thing that I do not recognize is the reference to "PACE Anti-Piracy". I do not know what program would be using that.
Surround yourself with those that are smarter then you, otherwise you'll end up just as dumb as those around you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users