Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet another STOP: C0000135 The program can't start because %hs is missing. Problem....


  • This topic is locked This topic is locked
24 replies to this topic

#1 sttacos

sttacos

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 25 April 2012 - 02:10 AM

Happened while trying to remove Smart HDD Rouge Malware.
Not even Safe mode will boot.
Heres a log of FRST64

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 25-04-2012 00:08:22
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-01-20] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-01-20] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-01-20] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-14] (IDT, Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [569200 2011-02-18] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [57249312 2012-03-29] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe [x]
HKLM-x32\...\Run: [KnRMgeWkMD.exe] C:\ProgramData\KnRMgeWkMD.exe [x]
HKLM-x32\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1312080 2009-09-10] (Malwarebytes Corporation)
HKLM-x32\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 FPLService; "C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe" [265544 2011-02-17] (HP)
4 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 HPClientSvc; "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe" [346168 2010-10-11] (Hewlett-Packard Company)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2010-08-12] (Hewlett-Packard Company)
4 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2010-11-09] (Hewlett-Packard Development Company, L.P.)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2011-01-12] (Intel Corporation)
4 IconMan_R; "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" [2375168 2011-03-04] (Realsil Microelectronics Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-11-23] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [43320 2010-08-12] (Hewlett-Packard Company)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-28] (ALWIL Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
1 ccSet_NAV; C:\Windows\System32\drivers\NAVx64\1307000.009\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2010-07-28] (CyberLink Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-01-07] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-01-07] (Symantec Corporation)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2010-08-12] (Hewlett-Packard Company)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120120.002_504\IDSvia64.sys [488568 2012-01-20] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120123.002_dcd\ENG64.SYS [117880 2012-01-23] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120123.002_dcd\EX64.SYS [2048632 2012-01-23] (Symantec Corporation)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8507392 2011-01-04] (Intel Corporation)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [335464 2011-02-15] (Realtek Semiconductor Corp.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1307000.009\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NAVx64\1307000.009\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NAVx64\1307000.009\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-28] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NAVx64\1307000.009\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
3 wdkmd; C:\Windows\System32\Drivers\wdkmd.sys [42392 2011-02-16] (Intel Corporation)
1 ukmgscgh; \??\C:\Windows\system32\drivers\ukmgscgh.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-25 00:08 - 2011-08-14 21:51 - 0000000 ____D C:\FRST
2012-04-24 18:35 - 2012-03-06 15:02 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-04-24 18:35 - 2010-06-28 12:33 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-04-24 18:35 - 2009-07-13 17:24 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-04-24 18:06 - 2012-03-06 15:04 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-04-24 18:06 - 2012-03-06 15:04 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-04-24 18:06 - 2012-03-06 15:01 - 0028752 ____A (ALWIL Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-04-24 18:06 - 2009-07-13 17:52 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-04-24 18:06 - - 0001852 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-24 18:05 - 2012-04-24 14:58 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-04-24 18:05 - 2012-03-06 15:01 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-04-24 18:05 - 2011-08-08 23:20 - 0000000 ____D C:\Users\All Users\Alwil Software
2012-04-24 18:05 - 2011-08-08 23:20 - 0000000 ____D C:\ProgramData\Alwil Software
2012-04-24 18:05 - 2009-07-13 19:20 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-24 18:05 - 2009-07-13 17:03 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-04-24 18:05 - - 0000000 ____D C:\Program Files\Alwil Software
2012-04-24 17:53 - 2011-12-09 17:30 - 0000000 ____D C:\Users\Trina\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
2012-04-24 17:47 - 2012-01-29 19:43 - 220076093 ____A C:\Users\Trina\Downloads\bitdefender_av_2012_64b+till 2045{fiesta569}.zip
2012-04-24 17:22 - 2012-04-24 13:27 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-04-24 15:04 - 2012-03-22 16:06 - 0002388 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
2012-04-24 13:34 - - 0000882 ____R C:\Windows\System32\Drivers\etc\hosts
2012-04-24 13:27 - 2011-02-14 21:23 - 0000000 ____D C:\Windows\Sun
2012-04-23 11:24 - 2012-03-29 02:00 - 0000217 ____A C:\Windows\System32\MRT.INI
2012-04-23 11:22 - 2010-11-20 19:24 - 0000000 ____D C:\Windows\System32\MpEngineStore
2012-04-23 11:20 - 2009-07-13 17:39 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-21 21:06 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-21 21:06 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-21 21:06 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-21 21:06 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-21 21:06 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-21 21:06 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-21 21:06 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-21 21:06 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-21 21:06 - 2011-07-07 05:48 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-21 21:06 - 2011-07-07 05:48 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-21 21:06 - 2011-07-07 05:48 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-21 21:06 - 2011-07-07 05:48 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-21 21:06 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-21 21:06 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-21 21:06 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-21 21:06 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-21 21:06 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-21 21:05 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-21 21:05 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-21 21:05 - 2011-07-07 05:48 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-21 21:05 - 2011-07-07 05:48 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-21 21:05 - 2011-07-07 05:48 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-21 21:05 - 2011-07-07 05:48 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-21 21:05 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-21 21:05 - 2010-11-20 19:24 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-21 21:05 - 2010-11-20 19:23 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-21 21:03 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-21 21:03 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-21 21:03 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-21 21:03 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-21 21:03 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-21 21:03 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-21 21:03 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-19 21:38 - 2012-04-19 21:38 - 0065536 __ASH C:\Windows\System32\config\components{65cf8e1e-8aaa-11e1-9eba-2c41380598ff}.TxR.blf
2012-04-19 21:37 - - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-18 08:41 - 2012-03-22 16:06 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-18 08:41 - 2012-03-22 16:06 - 0000000 ____D C:\ProgramData\McAfee
2012-04-18 08:41 - 2012-03-22 16:06 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-18 08:33 - 2012-04-24 18:42 - 0000000 ____D C:\Users\Trina\AppData\Roaming\vlc
2012-04-18 08:32 - 2009-07-13 20:54 - 0000000 ____D C:\Program Files (x86)\Easy Media Player
2012-04-18 08:13 - 2011-11-06 20:15 - 4586308 ____A C:\Users\Trina\Downloads\The_Team(Clyde_Carson,_Kaz_Kyzah,_Mayne_Mannish)_Slow_down.mp3
2012-04-18 08:10 - 2011-10-29 11:19 - 9386855 ____A C:\Users\Trina\Downloads\01_-_Red_Cafe_-_Fly_Together_ft_Rick_Ross_Ryan_Leslie.mp3
2012-04-18 08:02 - 2011-11-02 21:07 - 10423042 ____A C:\Users\Trina\Downloads\E-40-_Function_Feat._YG,_IamSu_&_Problem.mp3
2012-04-17 14:59 - 2011-11-27 21:00 - 5601366 ____A C:\Users\Trina\Downloads\Drank_in_my_cup.mp3
2012-04-17 14:54 - 2012-04-18 08:11 - 8787887 ____A C:\Users\Trina\Downloads\01_We_Are_Young_(Feat._Janelle_MonŠe).m4a
2012-03-28 16:03 - 2011-11-07 09:31 - 0000000 ____D C:\Users\Trina\Desktop\reg files
2012-03-28 15:59 - 2011-08-08 21:22 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-03-28 15:59 - 2011-08-08 20:41 - 0002975 ____A C:\Users\Trina\Desktop\HiJackThis.lnk
2012-03-28 15:54 - 2011-11-07 21:56 - 1402880 ____A C:\Users\Trina\Downloads\HijackThis (1).msi
2012-03-28 15:50 - 2012-03-28 15:54 - 1402880 ____A C:\Users\Trina\Downloads\HijackThis.msi

============ 3 Months Modified Files and Folders =============

2012-04-25 00:08 - 2012-04-25 00:08 - 0000000 ____D C:\FRST
2012-04-24 21:57 - 2011-07-07 06:07 - 3180220416 __ASH C:\hiberfil.sys
2012-04-24 19:45 - 2012-03-22 14:41 - 1829754 ____A C:\Windows\ntbtlog.txt
2012-04-24 19:02 - 2012-01-08 14:52 - 0004958 ____A C:\Windows\setupact.log
2012-04-24 19:02 - 2011-08-08 21:23 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-24 19:02 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-24 18:50 - 2011-08-14 21:41 - 0000000 ____D C:\Users\Trina\AppData\Local\CrashDumps
2012-04-24 18:49 - 2009-07-13 21:13 - 0759920 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-24 18:42 - 2012-03-22 15:46 - 0000000 ____D C:\Users\Trina\AppData\Roaming\uTorrent
2012-04-24 18:40 - 2011-07-07 05:45 - 1488583 ____A C:\Windows\WindowsUpdate.log
2012-04-24 18:40 - 2009-07-13 20:45 - 0032064 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-24 18:40 - 2009-07-13 20:45 - 0032064 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-24 18:35 - 2012-04-24 18:05 - 0000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-24 18:06 - 2012-04-24 18:06 - 0001852 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-04-24 18:05 - 2012-04-24 18:05 - 0000000 ____D C:\Users\All Users\Alwil Software
2012-04-24 18:05 - 2012-04-24 18:05 - 0000000 ____D C:\ProgramData\Alwil Software
2012-04-24 18:05 - 2012-04-24 18:05 - 0000000 ____D C:\Program Files\Alwil Software
2012-04-24 17:59 - 2012-04-24 17:53 - 0000000 ____D C:\Users\Trina\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
2012-04-24 17:52 - 2011-08-08 21:23 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-24 17:50 - 2012-04-24 17:47 - 220076093 ____A C:\Users\Trina\Downloads\bitdefender_av_2012_64b+till 2045{fiesta569}.zip
2012-04-24 15:06 - 2012-04-24 15:04 - 0002388 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
2012-04-24 15:01 - 2012-01-08 15:53 - 0000000 ____D C:\Windows\System32\Drivers\NAVx64
2012-04-24 15:01 - 2011-08-08 20:39 - 0000000 ____D C:\Users\Trina\AppData\Local\VirtualStore
2012-04-24 13:29 - 2011-09-18 10:18 - 0000000 ____D C:\Users\Trina\Documents\2011 CCSF
2012-04-24 13:27 - 2012-04-24 13:27 - 0000000 ____D C:\Windows\Sun
2012-04-24 12:57 - 2012-04-24 13:34 - 0000882 ____R C:\Windows\System32\Drivers\etc\hosts
2012-04-23 11:24 - 2012-04-23 11:24 - 0000217 ____A C:\Windows\System32\MRT.INI
2012-04-23 11:24 - 2012-04-23 11:22 - 0000000 ____D C:\Windows\System32\MpEngineStore
2012-04-23 10:48 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-21 21:56 - 2011-07-07 05:58 - 0000000 ____D C:\Users\All Users\Norton
2012-04-21 21:56 - 2011-07-07 05:58 - 0000000 ____D C:\ProgramData\Norton
2012-04-21 21:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-21 21:07 - 2011-08-08 20:46 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-21 21:07 - 2011-08-08 20:46 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-21 20:58 - 2011-08-08 20:38 - 0000000 ____D C:\users\Trina
2012-04-21 20:57 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-19 21:38 - 2012-04-19 21:38 - 0065536 __ASH C:\Windows\System32\config\components{65cf8e1e-8aaa-11e1-9eba-2c41380598ff}.TxR.blf
2012-04-19 21:37 - 2012-04-19 21:37 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-04-19 16:09 - 2011-04-03 10:11 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-19 16:08 - 2012-04-18 08:32 - 0000000 ____D C:\Program Files (x86)\Easy Media Player
2012-04-19 16:07 - 2012-04-18 08:41 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-04-19 16:07 - 2012-04-18 08:33 - 0000000 ____D C:\Users\Trina\AppData\Roaming\vlc
2012-04-18 08:41 - 2012-04-18 08:41 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-18 08:41 - 2012-04-18 08:41 - 0000000 ____D C:\ProgramData\McAfee
2012-04-18 08:13 - 2012-04-18 08:13 - 4586308 ____A C:\Users\Trina\Downloads\The_Team(Clyde_Carson,_Kaz_Kyzah,_Mayne_Mannish)_Slow_down.mp3
2012-04-18 08:11 - 2012-04-18 08:10 - 9386855 ____A C:\Users\Trina\Downloads\01_-_Red_Cafe_-_Fly_Together_ft_Rick_Ross_Ryan_Leslie.mp3
2012-04-18 08:03 - 2012-04-18 08:02 - 10423042 ____A C:\Users\Trina\Downloads\E-40-_Function_Feat._YG,_IamSu_&_Problem.mp3
2012-04-17 15:00 - 2012-04-17 14:59 - 5601366 ____A C:\Users\Trina\Downloads\Drank_in_my_cup.mp3
2012-04-17 14:56 - 2011-10-29 10:07 - 0031608 ___SH C:\Users\Trina\Downloads\Folder.jpg
2012-04-17 14:56 - 2011-10-29 10:07 - 0006888 ___SH C:\Users\Trina\Downloads\AlbumArtSmall.jpg
2012-04-17 14:55 - 2012-04-17 14:54 - 8787887 ____A C:\Users\Trina\Downloads\01_We_Are_Young_(Feat._Janelle_MonŠe).m4a
2012-04-11 17:20 - 2011-08-08 21:21 - 0000000 ____D C:\Users\Trina\AppData\Roaming\Skype
2012-03-29 02:00 - 2012-04-23 11:20 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-28 22:25 - 2012-01-08 15:54 - 0175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-03-28 22:25 - 2012-01-08 15:54 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-03-28 22:25 - 2012-01-08 15:54 - 0000854 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-03-28 22:25 - 2012-01-08 15:54 - 0000000 ____D C:\Program Files\Symantec
2012-03-28 16:04 - 2012-03-28 16:03 - 0000000 ____D C:\Users\Trina\Desktop\reg files
2012-03-28 15:59 - 2012-03-28 15:59 - 0002975 ____A C:\Users\Trina\Desktop\HiJackThis.lnk
2012-03-28 15:59 - 2012-03-28 15:59 - 0000000 ____D C:\Program Files (x86)\Trend Micro
2012-03-28 15:54 - 2012-03-28 15:54 - 1402880 ____A C:\Users\Trina\Downloads\HijackThis (1).msi
2012-03-28 15:50 - 2012-03-28 15:50 - 1402880 ____A C:\Users\Trina\Downloads\HijackThis.msi
2012-03-27 14:39 - 2012-03-22 14:42 - 0001965 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-22 16:06 - 2012-03-22 16:06 - 0001013 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2012-03-22 16:06 - 2012-03-22 16:06 - 0000000 ____D C:\Users\Trina\AppData\Roaming\Malwarebytes
2012-03-22 16:06 - 2012-03-22 16:06 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-03-22 16:06 - 2012-03-22 16:06 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-03-22 16:06 - 2012-03-22 16:06 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-22 16:05 - 2012-03-22 16:05 - 0000000 ____D C:\Users\Trina\AppData\Roaming\WinRAR
2012-03-22 16:04 - 2012-03-22 16:04 - 1506653 ____A C:\Users\Trina\Downloads\wrar411.exe
2012-03-22 16:04 - 2012-03-22 16:04 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-03-22 15:53 - 2012-03-22 15:53 - 3011240 ____A C:\Users\Trina\Downloads\Malwarebytes v1.34 Portable By BrOnZ.rar
2012-03-22 15:50 - 2012-03-22 15:50 - 0011802 ____A C:\Users\Trina\Downloads\Useful_Applications_x-Demonoid.me-x.torrent
2012-03-22 15:49 - 2011-08-08 21:11 - 0000000 ____D C:\Users\Trina\AppData\Roaming\Adobe
2012-03-22 15:47 - 2012-03-22 15:47 - 0000947 ____A C:\Users\Public\Desktop\ĶTorrent.lnk
2012-03-22 15:47 - 2012-03-22 15:47 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-22 15:46 - 2012-03-22 15:46 - 0742264 ____A (BitTorrent, Inc.) C:\Users\Trina\Downloads\uTorrent.exe
2012-03-22 15:28 - 2012-03-22 14:42 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-22 14:42 - 2012-03-22 14:42 - 0000000 ____D C:\Users\Trina\AppData\Roaming\SUPERAntiSpyware.com
2012-03-22 14:42 - 2012-03-22 14:42 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-22 14:42 - 2012-03-22 14:42 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-22 14:39 - 2012-03-22 14:37 - 15517960 ____A (SUPERAntiSpyware.com) C:\Users\Trina\Downloads\SUPERAntiSpyware.exe
2012-03-22 14:35 - 2012-03-22 13:58 - 0000206 ____A C:\Users\Trina\Downloads\AIS7.rar
2012-03-14 20:52 - 2009-07-13 20:45 - 0342368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 20:51 - 2010-11-20 19:47 - 0561212 ____A C:\Windows\PFRO.log
2012-03-13 15:14 - 2012-03-13 15:13 - 0779608 ____A (Solid State Networks) C:\Users\Trina\Downloads\install_flashplayer11x32_mssd_aih.exe
2012-03-06 15:15 - 2012-04-24 18:35 - 0258520 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-03-06 15:15 - 2012-04-24 18:05 - 0201352 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-03-06 15:15 - 2012-04-24 18:05 - 0041184 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-03-06 15:04 - 2012-04-24 18:35 - 0819032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-03-06 15:04 - 2012-04-24 18:06 - 0337240 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-03-06 15:02 - 2012-04-24 18:35 - 0053080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-03-06 15:01 - 2012-04-24 18:06 - 0059224 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-03-06 15:01 - 2012-04-24 18:06 - 0024408 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-03-06 15:01 - 2012-04-24 18:05 - 0069976 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-02-29 22:46 - 2012-04-21 21:03 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-21 21:03 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-21 21:03 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-21 21:03 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-21 21:03 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-21 21:03 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-21 21:03 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-21 21:05 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-21 21:05 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-21 21:06 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-21 21:06 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-21 21:05 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-21 21:06 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:48 - 2012-04-21 21:05 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:47 - 2012-04-21 21:05 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-21 21:06 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-21 21:06 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-21 21:06 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-21 21:06 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-21 21:06 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-21 21:05 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-21 21:05 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-21 21:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-21 21:06 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-21 21:06 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-21 21:05 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-21 21:06 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-21 21:05 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-21 21:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-21 21:06 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-21 21:06 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-21 21:06 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-21 21:06 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-22 06:58 - 2011-04-03 10:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 22:38 - 2012-03-13 19:49 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 19:49 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 19:49 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 19:49 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 15:27 - 2012-02-16 15:27 - 0000000 ____D C:\Users\Trina\AppData\Local\{ED6A8616-4435-44DE-B8E9-5BDC387B327D}
2012-02-16 15:27 - 2011-10-27 04:49 - 0000000 ____D C:\Users\Trina\AppData\Local\Windows Live
2012-02-16 15:26 - 2012-02-16 15:26 - 0000000 ____D C:\Users\Trina\AppData\Local\{FC995A98-F9A3-4407-B99D-E216CF9E12FF}
2012-02-16 15:19 - 2012-02-16 15:18 - 7410150 ____A C:\Users\Trina\Downloads\DJ_Khaled_ft._Ludacris,_Snoop_Dogg,_Rick_Ross_&_T-Pain_-_All_I_Do_Is_Win_[wegotitfirst.com].mp3
2012-02-14 11:09 - 2012-02-14 11:09 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-09 22:36 - 2012-03-13 19:53 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 19:53 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-07 21:19 - 2012-02-07 21:19 - 0005315 ___SH C:\Users\Trina\Downloads\AlbumArt_{614B02E1-B859-4A85-9E05-438AF52293E0}_Large.jpg
2012-02-07 21:19 - 2012-02-07 21:19 - 0001625 ___SH C:\Users\Trina\Downloads\AlbumArt_{614B02E1-B859-4A85-9E05-438AF52293E0}_Small.jpg
2012-02-07 21:19 - 2012-01-29 20:23 - 8616431 ____A C:\Users\Trina\Downloads\09 - Avenged Sevenfold - I Won't See You Tonight part 1.mp3
2012-02-02 20:34 - 2012-03-13 19:53 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 19:55 - 2012-02-02 19:54 - 7146996 ____A C:\Users\Trina\Downloads\Still+Got+It.mp3
2012-02-01 15:35 - 2009-07-13 21:08 - 0031192 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-31 21:34 - 2012-01-29 20:01 - 12217042 ____A C:\Users\Trina\Downloads\01+D.D..mp3
2012-01-31 21:23 - 2012-01-31 21:21 - 10711517 ____A C:\Users\Trina\Downloads\037+Lady+GaGa+-+Marry+the+Night.mp3
2012-01-29 20:44 - 2012-01-29 20:44 - 0027141 ___SH C:\Users\Trina\Downloads\AlbumArt_{81C1A0F1-F0F5-4DEF-8D04-4D4D777A002C}_Large.jpg
2012-01-29 20:44 - 2012-01-29 20:44 - 0005988 ___SH C:\Users\Trina\Downloads\AlbumArt_{81C1A0F1-F0F5-4DEF-8D04-4D4D777A002C}_Small.jpg
2012-01-29 20:35 - 2012-01-29 20:26 - 9044765 ____A C:\Users\Trina\Downloads\7.+All+these+things+I+hate.mp3
2012-01-29 20:33 - 2012-01-29 20:32 - 4703563 ____A C:\Users\Trina\Downloads\System+Of+A+Down+-+Hypnotize+.mp3
2012-01-29 20:33 - 2012-01-29 20:25 - 6011497 ____A C:\Users\Trina\Downloads\1723--Avenged-Sevenfold--Beast-and-the-Harlot.mp3
2012-01-29 20:29 - 2012-01-29 20:27 - 4885412 ____A C:\Users\Trina\Downloads\Bullet+for+My+Valentine-Tears+Don+t+Fall-www.mrtzcmp3.net.mp3
2012-01-29 20:25 - 2012-01-29 20:24 - 6268113 ____A C:\Users\Trina\Downloads\Avenged+Sevenfold+-+04+-+Bat+Country.mp3
2012-01-29 20:25 - 2012-01-29 20:24 - 4571136 ____A C:\Users\Trina\Downloads\Avenged+SevenFold+-+Unholy+Confessions.mp3
2012-01-29 20:21 - 2012-01-29 20:20 - 8406493 ____A C:\Users\Trina\Downloads\Avenged Sevenfold - Seize The Day (www.blast.lt).mp3
2012-01-29 20:20 - 2012-01-29 20:19 - 3251168 ____A C:\Users\Trina\Downloads\David+Guetta+feat.+Nicki+Minaj+-+Turn+Me+On.mp3
2012-01-29 20:18 - 2012-01-29 20:16 - 10503840 ____A C:\Users\Trina\Downloads\It+Will+Rain.mp3
2012-01-29 20:13 - 2012-01-29 20:11 - 8565646 ____A C:\Users\Trina\Downloads\Faith+Evans+-+I+Love+You.mp3
2012-01-29 20:08 - 2012-01-29 20:07 - 7119599 ____A C:\Users\Trina\Downloads\Fat+Joe+Ft.+Chris+Brown+-+Another+Round+GUTTAHIPHOP.COM.mp3
2012-01-29 19:48 - 2012-01-29 19:46 - 3920047 ____A C:\Users\Trina\Downloads\Tyga+-+Make+It+Nasty.mp3
2012-01-29 19:45 - 2012-01-29 19:44 - 3178624 ____A C:\Users\Trina\Downloads\Tyga+-+Get+Big.mp3
2012-01-29 19:43 - 2012-01-29 19:41 - 11883628 ____A C:\Users\Trina\Downloads\Bishop+Lamont+-+I'm+Faded+f_+Nate+Dogg+&+SonReal+www.gowherehiphop.com.mp3
2012-01-28 13:18 - 2012-01-28 13:18 - 0000000 ____D C:\Users\Trina\AppData\Local\{3960523F-3604-464C-9A04-4096FEC0EBDD}
2012-01-28 12:57 - 2012-01-28 12:57 - 0013781 ___SH C:\Users\Trina\Downloads\AlbumArt_{8190004B-39B6-4DB1-AF27-348583DDD81D}_Large.jpg
2012-01-28 12:57 - 2012-01-28 12:57 - 0003096 ___SH C:\Users\Trina\Downloads\AlbumArt_{8190004B-39B6-4DB1-AF27-348583DDD81D}_Small.jpg

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4043.86 MB
Available physical RAM: 3341.89 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3326.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:582.02 GB) (Free:536.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.86 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (HBCD 15.1) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
5 Drive h: (PATRIOT) (Removable) (Total:29.93 GB) (Free:3.39 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 582 GB 200 MB
Partition 3 Primary 13 GB 582 GB
Partition 4 Primary 103 MB 596 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 582 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H PATRIOT FAT32 Removable 29 GB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-04-13 20:55

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:04 AM

Posted 25 April 2012 - 02:24 AM

Hello sttacos!!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.Running FRST Fix


NEXT:


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe [x]
C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
HKLM-x32\...\Run: [KnRMgeWkMD.exe] C:\ProgramData\KnRMgeWkMD.exe [x]
C:\ProgramData\KnRMgeWkMD.exe
SubSystems: [Windows] ==> ZeroAccess
1 ukmgscgh; \??\C:\Windows\system32\drivers\ukmgscgh.sys [x]
C:\Windows\system32\drivers\ukmgscgh.sys
2012-04-24 17:53 - 2011-12-09 17:30 - 0000000 ____D C:\Users\Trina\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
2012-04-24 17:47 - 2012-01-29 19:43 - 220076093 ____A C:\Users\Trina\Downloads\bitdefender_av_2012_64b+till 2045{fiesta569}.zip
2012-04-24 17:59 - 2012-04-24 17:53 - 0000000 ____D C:\Users\Trina\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
2012-04-24 17:50 - 2012-04-24 17:47 - 220076093 ____A C:\Users\Trina\Downloads\bitdefender_av_2012_64b+till 2045{fiesta569}.zip
2012-03-22 15:53 - 2012-03-22 15:53 - 3011240 ____A C:\Users\Trina\Downloads\Malwarebytes v1.34 Portable By BrOnZ.rar
2012-03-22 15:50 - 2012-03-22 15:50 - 0011802 ____A C:\Users\Trina\Downloads\Useful_Applications_x-Demonoid.me-x.torrent
2012-02-16 15:19 - 2012-02-16 15:18 - 7410150 ____A C:\Users\Trina\Downloads\DJ_Khaled_ft._Ludacris,_Snoop_Dogg,_Rick_Ross_&_T-Pain_-_All_I_Do_Is_Win_[wegotitfirst.com].mp3
2012-01-29 20:29 - 2012-01-29 20:27 - 4885412 ____A C:\Users\Trina\Downloads\Bullet+for+My+Valentine-Tears+Don+t+Fall-www.mrtzcmp3.net.mp3
2012-01-29 20:21 - 2012-01-29 20:20 - 8406493 ____A C:\Users\Trina\Downloads\Avenged Sevenfold - Seize The Day (www.blast.lt).mp3
2012-01-29 20:08 - 2012-01-29 20:07 - 7119599 ____A C:\Users\Trina\Downloads\Fat+Joe+Ft.+Chris+Brown+-+Another+Round+GUTTAHIPHOP.COM.mp3
2012-01-29 19:43 - 2012-01-29 19:41 - 11883628 ____A C:\Users\Trina\Downloads\Bishop+Lamont+-+I'm+Faded+f_+Nate+Dogg+&+SonReal+www.gowherehiphop.com.mp3
TDL4: custom:26000022
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

In Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:



Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    netbt.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Fixlog.txt log
3. aswMBR log.
4. Farbar Service Scanner log.
5. OTL.txt & Extras.txt logs.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 25 April 2012 - 12:20 PM

Hey there ST! Nice to meet a fellow ST'er :P
Anyways, Thanks for choosing to help me out!
Seems that the reboot loop has been resolved. But my desktop still looks funky (No wallpaper, NO start Menu items) But its at least accessible now.

Here is my fixlog



Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-25 09:23:33 R:1
Running from H:\

==============================================

HKLM-x32\\\.\.\.\\Run\\HKLM-x32\...\Run: [] [x] Value not found.
HKLM-x32\\\.\.\.\\Run\\dplaysvr Value deleted successfully.
C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe not found.
HKLM-x32\\\.\.\.\\Run\\KnRMgeWkMD.exe Value deleted successfully.
C:\ProgramData\KnRMgeWkMD.exe not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
ukmgscgh service deleted successfully.
C:\Windows\system32\drivers\ukmgscgh.sys not found.
C:\Users\Trina\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon} moved successfully.
C:\Users\Trina\Downloads\bitdefender_av_2012_64b+till 2045{fiesta569}.zip moved successfully.
C:\Users\Trina\Downloads\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon} not found.
C:\Users\Trina\Downloads\bitdefender_av_2012_64b+till 2045{fiesta569}.zip not found.
C:\Users\Trina\Downloads\Malwarebytes v1.34 Portable By BrOnZ.rar moved successfully.
C:\Users\Trina\Downloads\Useful_Applications_x-Demonoid.me-x.torrent moved successfully.
C:\Users\Trina\Downloads\DJ_Khaled_ft._Ludacris,_Snoop_Dogg,_Rick_Ross_&_T-Pain_-_All_I_Do_Is_Win_[wegotitfirst.com].mp3 moved successfully.
C:\Users\Trina\Downloads\Bullet+for+My+Valentine-Tears+Don+t+Fall-www.mrtzcmp3.net.mp3 moved successfully.
C:\Users\Trina\Downloads\Avenged Sevenfold - Seize The Day (www.blast.lt).mp3 moved successfully.
C:\Users\Trina\Downloads\Fat+Joe+Ft.+Chris+Brown+-+Another+Round+GUTTAHIPHOP.COM.mp3 moved successfully.
C:\Users\Trina\Downloads\Bishop+Lamont+-+I'm+Faded+f_+Nate+Dogg+&+SonReal+www.gowherehiphop.com.mp3 moved successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 11:28:34
-----------------------------
11:28:34.718 OS Version: Windows x64 6.1.7601 Service Pack 1
11:28:34.718 Number of processors: 4 586 0x2A07
11:28:34.718 ComputerName: TRINA-HP UserName: Trina
11:28:36.512 Initialize success
11:28:40.006 AVAST engine defs: 12042401
11:29:18.429 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:29:18.429 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
11:29:18.445 Device \Driver\iaStor -> MajorFunction fffffa80075dd5c4
11:29:18.445 Disk 0 MBR read successfully
11:29:18.460 Disk 0 MBR scan
11:29:18.460 Disk 0 Windows 7 default MBR code
11:29:18.460 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:29:18.476 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595985 MB offset 409600
11:29:18.523 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14191 MB offset 1220986880
11:29:18.538 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
11:29:18.570 Disk 0 scanning C:\Windows\system32\drivers
11:29:29.334 Service scanning
11:29:58.849 Modules scanning
11:29:58.864 Disk 0 trace - called modules:
11:29:58.880 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa80075dd5c4]<<
11:29:58.880 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006901060]
11:29:58.896 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa800679da50]
11:29:58.896 5 hpdskflt.sys[fffff88001d902bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a71050]
11:29:58.896 \Driver\iaStor[0xfffffa80075ef970] -> IRP_MJ_CREATE -> 0xfffffa80075dd5c4
11:30:00.144 AVAST engine scan C:\Windows
11:30:03.279 AVAST engine scan C:\Windows\system32
11:31:08.409 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:31:09.938 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:32:12.759 AVAST engine scan C:\Windows\system32\drivers
11:32:23.929 AVAST engine scan C:\Users\Trina
11:45:29.344 File: C:\Users\Trina\AppData\Local\Temp\cmd.exe **INFECTED** Win32:MalOb-IK [Cryp]
11:45:29.375 File: C:\Users\Trina\AppData\Local\Temp\control.exe **INFECTED** Win32:MalOb-IK [Cryp]
11:45:30.077 File: C:\Users\Trina\AppData\Local\Temp\eudcedit.exe **INFECTED** Win32:MalOb-IK [Cryp]
11:45:30.155 File: C:\Users\Trina\AppData\Local\Temp\F750.tmp **INFECTED** Win32:MalOb-IK [Cryp]
11:45:31.528 File: C:\Users\Trina\AppData\Local\Temp\magnify.exe **INFECTED** Win32:MalOb-IK [Cryp]
11:45:31.637 File: C:\Users\Trina\AppData\Local\Temp\narrator.exe **INFECTED** Win32:MalOb-IK [Cryp]
11:45:31.731 File: C:\Users\Trina\AppData\Local\Temp\nsyDC0E.tmp\oexuquj.dll **INFECTED** Win32:Dropper-KLA [Trj]
11:45:31.824 File: C:\Users\Trina\AppData\Local\Temp\nsyDC0E.tmp\vubjh.dll **INFECTED** Win32:Dropper-KLA [Trj]
11:45:31.887 File: C:\Users\Trina\AppData\Local\Temp\ornmexcswa.exe **INFECTED** Win32:MalOb-IK [Cryp]
11:45:31.933 File: C:\Users\Trina\AppData\Local\Temp\osk.exe **INFECTED** Win32:MalOb-IK [Cryp]
11:45:31.996 File: C:\Users\Trina\AppData\Local\Temp\p9pl2006903873230823014.tmp **INFECTED** Win32:MalOb-IK [Cryp]
11:45:46.239 File: C:\Users\Trina\AppData\Roaming\Adobe\Adobe\oexuquj.dll **INFECTED** Win32:Dropper-KLA [Trj]
11:45:46.363 File: C:\Users\Trina\AppData\Roaming\Adobe\Adobe\vubjh.dll **INFECTED** Win32:Dropper-KLA [Trj]
11:47:06.360 AVAST engine scan C:\ProgramData
11:48:06.951 Scan finished successfully
11:50:33.729 Disk 0 MBR has been saved successfully to "C:\Users\Trina\Desktop\MBR.dat"
11:50:33.729 The log file has been saved successfully to "C:\Users\Trina\Desktop\aswMBR.txt"





My FSS Log

Farbar Service Scanner Version: 24-04-2012
Ran by Trina (administrator) on 25-04-2012 at 09:50:29
Running from "C:\Users\Trina\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



OTL LOG

OTL logfile created on: 4/25/2012 9:57:46 AM - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Trina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.37% Memory free
7.90 Gb Paging File | 6.38 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.02 Gb Total Space | 537.50 Gb Free Space | 92.35% Space Free | Partition Type: NTFS
Drive D: | 13.86 Gb Total Space | 1.55 Gb Free Space | 11.17% Space Free | Partition Type: NTFS
Drive E: | 500.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 29.93 Gb Total Space | 3.38 Gb Free Space | 11.29% Space Free | Partition Type: FAT32

Computer Name: TRINA-HP | User Name: Trina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/25 09:50:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Trina\Desktop\OTL.exe
PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe
PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/03/08 12:21:10 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/28 15:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/17 22:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/17 22:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/23 11:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/11/23 11:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/02/14 22:23:52 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/05 13:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2011/01/05 13:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 13:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/12 16:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe -- (NAV)
SRV - [2011/03/04 12:15:48 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/28 15:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/11/23 11:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/11/23 11:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/28 23:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/28 23:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/28 23:25:36 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/28 23:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/28 23:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/28 23:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/06 16:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 16:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 16:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 16:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 16:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 16:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/29 15:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2011/07/25 19:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 04:54:22 | 000,351,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/02/15 12:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/14 22:23:52 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/25 12:48:04 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/07 18:42:34 | 012,262,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/04 11:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/12 16:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/08/12 16:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/01/23 15:05:40 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120123.002_dcd\ex64.sys -- (NAVEX15)
DRV - [2012/01/23 15:05:40 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120123.002_dcd\eng64.sys -- (NAVENG)
DRV - [2012/01/20 06:16:46 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120120.002_504\IDSviA64.sys -- (IDSVia64)
DRV - [2012/01/07 02:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/07 02:00:00 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/30 19:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\IPSFFPlgn\ [2012/01/12 00:11:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/24 13:57:19 | 000,000,882 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll ()
O4 - HKU\S-1-5-18..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll ()
O4 - HKU\S-1-5-19..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll ()
O4 - HKU\S-1-5-20..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8DDEDF2-2238-4165-9090-D2FF27ECB6BF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/07 04:42:16 | 000,000,128 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/25 09:52:50 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Trina\Desktop\OTL.exe
[2012/04/25 09:27:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Trina\Desktop\aswMBR.exe
[2012/04/25 01:08:06 | 000,000,000 | ---D | C] -- C:\FRST
[2012/04/24 19:35:18 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/04/24 19:35:02 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/04/24 19:35:02 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/04/24 19:06:10 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/04/24 19:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/24 19:06:07 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/04/24 19:06:06 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/04/24 19:06:04 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/04/24 19:05:56 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/04/24 19:05:30 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/04/24 19:05:30 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/04/24 19:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/04/24 19:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/04/24 18:22:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/04/24 14:27:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/23 12:22:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012/04/21 22:06:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/21 22:06:06 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/21 22:06:03 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/21 22:06:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/21 22:06:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/21 22:06:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/21 22:06:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/21 22:06:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/21 22:06:00 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/21 22:06:00 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/21 22:05:59 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/21 22:03:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/21 22:03:45 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/21 22:03:43 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/19 22:37:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/04/18 09:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/04/18 09:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/04/18 09:33:55 | 000,000,000 | ---D | C] -- C:\Users\Trina\AppData\Roaming\vlc
[2012/04/18 09:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Media Player
[2012/04/18 09:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Media Player
[2012/03/28 17:03:52 | 000,000,000 | ---D | C] -- C:\Users\Trina\Desktop\reg files
[2012/03/28 16:59:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/03/28 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Trina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

========== Files - Modified Within 30 Days ==========

[2012/04/25 09:52:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/25 09:50:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Trina\Desktop\OTL.exe
[2012/04/25 09:47:34 | 000,337,321 | ---- | M] () -- C:\Users\Trina\Desktop\FSS.exe
[2012/04/25 09:46:31 | 000,000,512 | ---- | M] () -- C:\Users\Trina\Desktop\MBR.dat
[2012/04/25 09:34:15 | 000,032,064 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 09:34:15 | 000,032,064 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 09:31:11 | 000,759,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/25 09:31:11 | 000,648,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/25 09:31:11 | 000,114,764 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/25 09:26:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/25 09:25:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/25 09:24:57 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 09:24:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Trina\Desktop\aswMBR.exe
[2012/04/24 20:02:04 | 001,575,344 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\Cat.DB
[2012/04/24 19:35:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/24 19:06:10 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/24 16:06:33 | 000,002,388 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/04/24 16:01:43 | 000,000,671 | ---- | M] () -- C:\Users\Trina\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/24 16:00:10 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\VT20111023.024
[2012/04/24 13:57:19 | 000,000,882 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/23 12:24:07 | 000,000,217 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/18 20:50:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\isolate.ini
[2012/04/03 18:43:49 | 000,007,462 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.cat
[2012/04/03 18:43:49 | 000,007,458 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.cat
[2012/04/03 18:43:49 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.inf
[2012/04/03 18:43:49 | 000,001,419 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.inf
[2012/03/28 23:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnets.sys
[2012/03/28 23:28:34 | 000,007,458 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnet64.cat
[2012/03/28 23:28:34 | 000,001,441 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symnet.inf
[2012/03/28 23:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.sys
[2012/03/28 23:28:30 | 000,007,460 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa64.cat
[2012/03/28 23:28:30 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symvtcer.dat
[2012/03/28 23:28:30 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\symefa.inf
[2012/03/28 23:25:36 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/28 23:25:36 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/28 23:25:36 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/28 23:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\ironx64.sys
[2012/03/28 23:06:25 | 000,007,450 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\iron.cat
[2012/03/28 23:06:25 | 000,000,772 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\iron.inf
[2012/03/28 23:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtsp64.sys
[2012/03/28 23:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1307000.009\srtspx64.sys
[2012/03/28 16:59:50 | 000,002,975 | ---- | M] () -- C:\Users\Trina\Desktop\HiJackThis.lnk
[2012/03/27 15:39:12 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2012/04/25 09:49:24 | 000,337,321 | ---- | C] () -- C:\Users\Trina\Desktop\FSS.exe
[2012/04/25 09:46:31 | 000,000,512 | ---- | C] () -- C:\Users\Trina\Desktop\MBR.dat
[2012/04/24 19:06:10 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/04/24 19:05:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/04/24 16:04:23 | 000,002,388 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2012/04/24 16:01:43 | 000,000,671 | ---- | C] () -- C:\Users\Trina\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
[2012/04/23 12:24:06 | 000,000,217 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/03/28 16:59:50 | 000,002,975 | ---- | C] () -- C:\Users\Trina\Desktop\HiJackThis.lnk
[2012/01/26 16:25:47 | 000,000,000 | ---- | C] () -- C:\Users\Trina\AppData\Local\{B74FF65D-3AA7-42A8-83EF-72B478799DBF}
[2012/01/08 14:55:00 | 000,009,998 | -HS- | C] () -- C:\Users\Trina\AppData\Local\488o5v2e4050
[2012/01/08 14:55:00 | 000,009,998 | -HS- | C] () -- C:\ProgramData\488o5v2e4050
[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/01/07 18:40:40 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/01/07 18:40:40 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/01/07 18:40:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\system64\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 20:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: NETBT.SYS >
[2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\system64\drivers\netbt.sys
[2010/11/20 20:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: TDX.SYS >
[2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\system64\drivers\tdx.sys
[2010/11/20 20:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\system64\drivers\volsnap.sys
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 20:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/07 06:48:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/07 06:48:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/07 06:48:03 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/07/07 06:48:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/07/07 06:48:03 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/07 06:48:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/07 06:48:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/07 06:48:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/07/07 06:48:03 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/07/07 06:48:03 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >


Extras Log

OTL Extras logfile created on: 4/25/2012 9:57:46 AM - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Trina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.37% Memory free
7.90 Gb Paging File | 6.38 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.02 Gb Total Space | 537.50 Gb Free Space | 92.35% Space Free | Partition Type: NTFS
Drive D: | 13.86 Gb Total Space | 1.55 Gb Free Space | 11.17% Space Free | Partition Type: NTFS
Drive E: | 500.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 29.93 Gb Total Space | 3.38 Gb Free Space | 11.29% Space Free | Partition Type: FAT32

Computer Name: TRINA-HP | User Name: Trina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0DF3F266-B52E-4309-B3CC-233607DF4E50}" = HP 3D DriveGuard
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel® PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BDA06B-BF53-4005-A0D4-7A50F7910C1A}" = HP Documentation
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7270C835-15DB-4236-B235-DD6B2EBBD4BA}" = HP CoolSense
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8070C51-4B1D-430C-8BCF-19696368366F}" = HP Software Framework
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NAV" = Norton AntiVirus
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3641754186-3941475806-1904336954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smad" = SanctionedMedia

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by sttacos, 25 April 2012 - 11:58 PM.


#4 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 25 April 2012 - 01:51 PM

sorry to double post.... Shouldve realized i couldve edited the first post

Edited by sttacos, 26 April 2012 - 12:00 AM.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:04 AM

Posted 26 April 2012 - 02:25 AM

Currently looking over your logs right now.

Should have something for you in a little bit.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 April 2012 - 02:33 AM

sounds good, thx alot for all your help, really appreciate it ST

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:04 AM

Posted 26 April 2012 - 02:42 AM

Hi sttacos!

Not a problem! I'm glad to be of assistance!

Seems that the reboot loop has been resolved. But my desktop still looks funky (No wallpaper, NO start Menu items) But its at least accessible now.

Glad to hear that the reboot loop has been resolved.

We'll address the missing wallpaper, and start menu items shortly.

Try the following to bring back your missing Start Menu items.

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O1 - Hosts: 94.63.147.16	www.google.com
    O1 - Hosts: 94.63.147.17	www.bing.com
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O3 - HKU\S-1-5-21-3641754186-3941475806-1904336954-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\.DEFAULT..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll ()
    O4 - HKU\S-1-5-18..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll ()
    O4 - HKU\S-1-5-19..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll ()
    O4 - HKU\S-1-5-20..\Run: [Google] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    [2012/04/24 16:01:43 | 000,000,671 | ---- | M] () -- C:\Users\Trina\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
    [2012/04/24 16:01:43 | 000,000,671 | ---- | C] () -- C:\Users\Trina\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
    [2012/01/08 14:55:00 | 000,009,998 | -HS- | C] () -- C:\Users\Trina\AppData\Local\488o5v2e4050
    [2012/01/08 14:55:00 | 000,009,998 | -HS- | C] () -- C:\ProgramData\488o5v2e4050
    
    :Reg
    
    :Files
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Users\Trina\AppData\Local\Temp\cmd.exe
    C:\Users\Trina\AppData\Local\Temp\control.exe
    C:\Users\Trina\AppData\Local\Temp\eudcedit.exe
    C:\Users\Trina\AppData\Local\Temp\F750.tmp
    C:\Users\Trina\AppData\Local\Temp\magnify.exe
    C:\Users\Trina\AppData\Local\Temp\narrator.exe
    C:\Users\Trina\AppData\Local\Temp\nsyDC0E.tmp\oexuquj.dll
    C:\Users\Trina\AppData\Local\Temp\nsyDC0E.tmp\vubjh.dll
    C:\Users\Trina\AppData\Local\Temp\nsyDC0E.tmp
    C:\Users\Trina\AppData\Local\Temp\ornmexcswa.exe
    C:\Users\Trina\AppData\Local\Temp\osk.exe
    C:\Users\Trina\AppData\Local\Temp\p9pl2006903873230823014.tmp
    C:\Users\Trina\AppData\Roaming\Adobe\Adobe\oexuquj.dll
    C:\Users\Trina\AppData\Roaming\Adobe\Adobe\vubjh.dll
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    dir /s /a "C:\Users\Trina\AppData\Roaming\Adobe" /c
    dir /s /a "C:\Users\Trina\AppData\Local\{B74FF65D-3AA7-42A8-83EF-72B478799DBF}" /c
    dir /s /a "C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 April 2012 - 05:00 AM

The icons came are back and working now.

Here is my OTL Log

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3641754186-3941475806-1904336954-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Google not found.
File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Google not found.
File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Google not found.
File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Google not found.
File C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\ihkpbqo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Users\Trina\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk not found.
File C:\Users\Trina\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk not found.
File C:\Users\Trina\AppData\Local\488o5v2e4050 not found.
File C:\ProgramData\488o5v2e4050 not found.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\cmd.exe not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\control.exe not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\eudcedit.exe not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\F750.tmp not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\magnify.exe not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\narrator.exe not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\nsyDC0E.tmp\oexuquj.dll not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\nsyDC0E.tmp\vubjh.dll not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\nsyDC0E.tmp not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\ornmexcswa.exe not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\osk.exe not found.
File\Folder C:\Users\Trina\AppData\Local\Temp\p9pl2006903873230823014.tmp not found.
File\Folder C:\Users\Trina\AppData\Roaming\Adobe\Adobe\oexuquj.dll not found.
File\Folder C:\Users\Trina\AppData\Roaming\Adobe\Adobe\vubjh.dll not found.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Trina\Desktop\cmd.bat deleted successfully.
C:\Users\Trina\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Trina\AppData\Roaming\Adobe" /c >
Volume in drive C has no label.
Volume Serial Number is 365D-5176
Directory of C:\Users\Trina\AppData\Roaming\Adobe
03/22/2012 04:49 PM <DIR> .
03/22/2012 04:49 PM <DIR> ..
08/09/2011 12:18 AM <DIR> Acrobat
04/26/2012 02:04 AM <DIR> Adobe
08/08/2011 10:11 PM <DIR> Flash Player
08/09/2011 12:18 AM <DIR> Headlights
08/09/2011 12:18 AM <DIR> Linguistics
08/09/2011 12:18 AM <DIR> LogTransport2
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Acrobat
08/09/2011 12:18 AM <DIR> .
08/09/2011 12:18 AM <DIR> ..
08/09/2011 01:33 PM <DIR> 10.0
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Acrobat\10.0
08/09/2011 01:33 PM <DIR> .
08/09/2011 01:33 PM <DIR> ..
08/09/2011 12:19 AM <DIR> Collab
08/09/2011 12:19 AM <DIR> Forms
08/09/2011 12:35 AM <DIR> JavaScripts
08/09/2011 12:19 AM <DIR> Security
03/04/2012 09:31 PM 36 TMDocs.sav
03/04/2012 09:31 PM 54 TMGrpPrm.sav
2 File(s) 90 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Acrobat\10.0\Collab
08/09/2011 12:19 AM <DIR> .
08/09/2011 12:19 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Acrobat\10.0\Forms
08/09/2011 12:19 AM <DIR> .
08/09/2011 12:19 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts
08/09/2011 12:35 AM <DIR> .
08/09/2011 12:35 AM <DIR> ..
03/18/2012 01:32 PM 0 glob.js
03/18/2012 01:32 PM 10 glob.settings.js
2 File(s) 10 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Acrobat\10.0\Security
08/09/2011 12:19 AM <DIR> .
08/09/2011 12:19 AM <DIR> ..
08/09/2011 12:19 AM 5,399 addressbook.acrodata
08/09/2011 12:19 AM <DIR> CRLCache
1 File(s) 5,399 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Acrobat\10.0\Security\CRLCache
08/09/2011 12:19 AM <DIR> .
08/09/2011 12:19 AM <DIR> ..
03/18/2012 01:20 PM 898 48B76449F3D5FEFA1133AA805E420F0FCA643651.crl
03/18/2012 01:20 PM 36,163 A9B8213768ADC68AF64FCC6409E8BE414726687F.crl
2 File(s) 37,061 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Adobe
04/26/2012 02:04 AM <DIR> .
04/26/2012 02:04 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Flash Player
08/08/2011 10:11 PM <DIR> .
08/08/2011 10:11 PM <DIR> ..
08/08/2011 10:11 PM <DIR> AssetCache
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Flash Player\AssetCache
08/08/2011 10:11 PM <DIR> .
08/08/2011 10:11 PM <DIR> ..
01/08/2012 12:13 PM <DIR> E4FY5PUX
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Flash Player\AssetCache\E4FY5PUX
01/08/2012 12:13 PM <DIR> .
01/08/2012 12:13 PM <DIR> ..
01/28/2012 03:15 PM 150 1C04C61346A1FA3139A37D860ED92632AA13DECF.heu
08/21/2011 07:00 PM 565,987 1C04C61346A1FA3139A37D860ED92632AA13DECF.swz
01/28/2012 03:02 PM 149 381814F6F5270FFBB27E244D6138BC023AF911D5.heu
08/30/2011 05:11 PM 157,002 381814F6F5270FFBB27E244D6138BC023AF911D5.swz
01/28/2012 03:02 PM 149 440AE73B017A477382DEFF7C0DBE4896FED21079.heu
08/30/2011 05:11 PM 54,532 440AE73B017A477382DEFF7C0DBE4896FED21079.swz
04/20/2012 10:13 AM 150 49280E749D7318EA369BC7E61369C34AD2D22859.heu
09/02/2011 05:21 PM 54,428 49280E749D7318EA369BC7E61369C34AD2D22859.swz
08/11/2011 09:52 PM 148 5270C4CDF61AB3F586B06B3D5F3E87624A1D7223.heu
08/09/2011 11:49 PM 322,038 5270C4CDF61AB3F586B06B3D5F3E87624A1D7223.swz
01/28/2012 03:02 PM 149 6344DCC80A9A6A3676DCEA0C92C8C45EFD2F3220.heu
08/30/2011 05:11 PM 319,300 6344DCC80A9A6A3676DCEA0C92C8C45EFD2F3220.swz
01/28/2012 03:02 PM 149 6DDB94AE3365798230849FA0F931AC132FE417D1.heu
08/30/2011 05:11 PM 131,925 6DDB94AE3365798230849FA0F931AC132FE417D1.swz
01/12/2012 12:18 AM 148 7421C71F94DB4F028E7528B2D278F3FE4DC21273.heu
09/11/2011 10:45 AM 156,308 7421C71F94DB4F028E7528B2D278F3FE4DC21273.swz
04/20/2012 10:13 AM 150 76C30565F803F2587F156A8344E4091992D31B27.heu
09/02/2011 05:20 PM 322,027 76C30565F803F2587F156A8344E4091992D31B27.swz
08/11/2011 09:52 PM 148 7899EDF6A90C42AAB967D1695CF634953C3CDC0A.heu
08/09/2011 11:48 PM 54,418 7899EDF6A90C42AAB967D1695CF634953C3CDC0A.swz
08/11/2011 09:52 PM 148 8165D3AF89956F505BBF7B18667E0B2CCB9EC367.heu
08/09/2011 11:48 PM 325,307 8165D3AF89956F505BBF7B18667E0B2CCB9EC367.swz
01/28/2012 03:02 PM 149 871F12AF0853C06E4EB80A1CCAB295CEADBB817A.heu
08/30/2011 05:11 PM 627,102 871F12AF0853C06E4EB80A1CCAB295CEADBB817A.swz
04/20/2012 10:13 AM 150 8F903698240FE799F61EEDA8595181137B996156.heu
08/09/2011 11:48 PM 186,404 8F903698240FE799F61EEDA8595181137B996156.swz
04/20/2012 10:13 AM 150 9A7DEE2B537712BEF484CBD9E4DDBF88C78F436C.heu
09/02/2011 05:21 PM 465,633 9A7DEE2B537712BEF484CBD9E4DDBF88C78F436C.swz
04/20/2012 10:13 AM 150 9F67B1C289A5B5DB7B32844AF679E758541D101B.heu
09/02/2011 05:20 PM 325,305 9F67B1C289A5B5DB7B32844AF679E758541D101B.swz
08/11/2011 09:52 PM 148 A61663F0EB79848070C225295C549D272D01B228.heu
08/09/2011 11:48 PM 466,785 A61663F0EB79848070C225295C549D272D01B228.swz
11/18/2011 11:01 AM 148 AF07B46903A6C5D87A24725CB7D50DE352A0383C.heu
11/18/2011 11:01 AM 537,658 AF07B46903A6C5D87A24725CB7D50DE352A0383C.swz
08/11/2011 09:52 PM 148 B2302138B70206DAAF6737166713BEC5280D4A90.heu
08/09/2011 11:48 PM 132,717 B2302138B70206DAAF6737166713BEC5280D4A90.swz
04/20/2012 10:13 AM 150 B63185FCA5D2BDBB568593F2BF232E87E5A20A7E.heu
09/02/2011 05:20 PM 141,201 B63185FCA5D2BDBB568593F2BF232E87E5A20A7E.swz
01/28/2012 02:13 PM 149 C3306B26751D6A80EB1FCB651912469AE18819AB.heu
08/30/2011 05:11 PM 98,077 C3306B26751D6A80EB1FCB651912469AE18819AB.swz
01/08/2012 12:13 PM 8 cacheSize.txt
04/20/2012 10:13 AM 150 D1680A46DD686B3B0CC9EC01D8C584666A78E145.heu
09/02/2011 05:20 PM 132,728 D1680A46DD686B3B0CC9EC01D8C584666A78E145.swz
01/08/2012 12:13 PM 148 DD49DDD35131A121B27A5B62AAFA4CF004FC73BF.heu
01/08/2012 12:13 PM 229,684 DD49DDD35131A121B27A5B62AAFA4CF004FC73BF.swz
45 File(s) 5,809,852 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Headlights
08/09/2011 12:18 AM <DIR> .
08/09/2011 12:18 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Linguistics
08/09/2011 12:18 AM <DIR> .
08/09/2011 12:18 AM <DIR> ..
08/09/2011 12:18 AM <DIR> Dictionaries
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\Linguistics\Dictionaries
08/09/2011 12:18 AM <DIR> .
08/09/2011 12:18 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Trina\AppData\Roaming\Adobe\LogTransport2
08/09/2011 12:18 AM <DIR> .
08/09/2011 12:18 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
52 File(s) 5,852,412 bytes
47 Dir(s) 575,874,940,928 bytes free
C:\Users\Trina\Desktop\cmd.bat deleted successfully.
C:\Users\Trina\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Users\Trina\AppData\Local\{B74FF65D-3AA7-42A8-83EF-72B478799DBF}" /c >
Volume in drive C has no label.
Volume Serial Number is 365D-5176
Directory of C:\Users\Trina\AppData\Local
01/26/2012 04:25 PM 0 {B74FF65D-3AA7-42A8-83EF-72B478799DBF}
1 File(s) 0 bytes
Total Files Listed:
1 File(s) 0 bytes
0 Dir(s) 575,874,957,312 bytes free
C:\Users\Trina\Desktop\cmd.bat deleted successfully.
C:\Users\Trina\Desktop\cmd.txt deleted successfully.
< dir /s /a "C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google\" /c >
Volume in drive C has no label.
Volume Serial Number is 365D-5176
Directory of C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Google
04/26/2012 02:04 AM <DIR> .
04/26/2012 02:04 AM <DIR> ..
04/24/2012 02:27 PM 409,600 xyqwy.dll
1 File(s) 409,600 bytes
Total Files Listed:
1 File(s) 409,600 bytes
2 Dir(s) 575,874,932,736 bytes free
C:\Users\Trina\Desktop\cmd.bat deleted successfully.
C:\Users\Trina\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Trina\Desktop\cmd.bat deleted successfully.
C:\Users\Trina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Trina
->Flash cache emptied: 88376 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Trina
->Java cache emptied: 1137158 bytes

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.42.0 log created on 04262012_020646

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


and my combofix log

ComboFix 12-04-25.02 - Trina 04/26/2012 2:30:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2884 [GMT -7:00]
Running from: C:\Users\Trina\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Roaming
C:\Users\Trina\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8509AA22-E717-4FB9-8AB0-8CB4EFC524C9}.xps
C:\Users\Trina\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B9BB8BB6-1B76-421B-9D52-D2345D0FC80A}.xps
C:\Windows\svchost.exe


((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))


2012-04-26 09:40:16 . 2012-04-26 09:40:16 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-26 09:04:32 . 2012-04-26 09:04:32 -------- d-----w- C:\_OTL
2012-04-25 08:08:06 . 2012-04-25 08:09:24 -------- d-----w- C:\FRST
2012-04-25 02:35:18 . 2012-03-06 23:02:20 53080 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2012-04-25 02:35:02 . 2012-03-06 23:15:03 258520 ----a-w- C:\Windows\system32\aswBoot.exe
2012-04-25 02:35:02 . 2012-03-06 23:04:06 819032 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-04-25 02:06:10 . 2012-03-06 23:01:32 24408 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-04-25 02:06:07 . 2012-03-06 23:04:04 337240 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-04-25 02:06:06 . 2010-06-28 20:33:17 28752 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2012-04-25 02:06:04 . 2012-03-06 23:01:57 59224 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-04-25 02:05:56 . 2012-03-06 23:01:52 69976 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-04-25 02:05:30 . 2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-25 02:05:30 . 2012-03-06 23:15:14 201352 ----a-w- C:\Windows\SysWow64\aswBoot.exe
2012-04-25 02:05:26 . 2012-04-25 02:05:26 -------- d-----w- C:\ProgramData\Alwil Software
2012-04-25 02:05:26 . 2012-04-25 02:05:26 -------- d-----w- C:\Program Files\Alwil Software
2012-04-25 01:22:50 . 2009-07-14 01:14:45 20480 ----a-w- C:\Windows\svchost.exe
2012-04-24 22:00:31 . 2012-04-24 23:00:10 -------- d-----w- C:\Windows\system32\drivers\NAVx64\1307000.009
2012-04-24 21:27:39 . 2012-04-24 21:27:39 -------- d-----w- C:\Windows\Sun
2012-04-23 19:22:05 . 2012-04-23 19:24:36 -------- d-----w- C:\Windows\system32\MpEngineStore
2012-04-22 05:05:59 . 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-04-22 05:05:58 . 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-04-22 05:05:56 . 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\system32\wininet.dll
2012-04-22 05:05:56 . 2012-02-28 01:13:13 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-04-22 05:05:55 . 2012-02-28 06:51:51 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-22 05:03:45 . 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-22 05:03:45 . 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-22 05:03:45 . 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-22 05:03:44 . 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-22 05:03:43 . 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-22 05:03:43 . 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-22 05:03:43 . 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-20 05:37:21 . 2012-04-20 05:37:21 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-04-18 16:41:15 . 2012-04-18 16:41:15 -------- d-----w- C:\ProgramData\McAfee
2012-04-18 16:41:10 . 2012-04-20 00:07:57 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-04-18 16:33:55 . 2012-04-20 00:07:16 -------- d-----w- C:\Users\Trina\AppData\Roaming\vlc
2012-04-18 16:32:36 . 2012-04-20 00:08:04 -------- d-----w- C:\Program Files (x86)\Easy Media Player
2012-03-28 23:59:50 . 2012-03-28 23:59:50 388096 ----a-r- C:\Users\Trina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-28 23:59:50 . 2012-03-28 23:59:50 -------- d-----w- C:\Program Files (x86)\Trend Micro
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:04 AM

Posted 26 April 2012 - 06:59 AM

Hi!

It looks like part of the ComboFix log got cut off.

Could you please try reposting it for me?

It can be located in your C:\ drive and will be named ComboFix.txt

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 26 April 2012 - 01:50 PM

Sorry about that, seems that the computer rebooted during combofix multiple before i was able to get a complete scan.
Heres that log.

ComboFix 12-04-25.02 - Trina 04/26/2012 10:26:24.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2590 [GMT -7:00]
Running from: c:\users\Trina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
c:\users\Trina\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8509AA22-E717-4FB9-8AB0-8CB4EFC524C9}.xps
c:\users\Trina\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B9BB8BB6-1B76-421B-9D52-D2345D0FC80A}.xps
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 17:33 . 2012-04-26 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 09:04 . 2012-04-26 09:04 -------- d-----w- C:\_OTL
2012-04-25 08:08 . 2012-04-25 08:09 -------- d-----w- C:\FRST
2012-04-25 02:35 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-25 02:35 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-25 02:35 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-25 02:06 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-25 02:06 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-25 02:06 . 2010-06-28 20:33 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-25 02:06 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-25 02:05 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-25 02:05 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-25 02:05 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-25 02:05 . 2012-04-25 02:05 -------- d-----w- c:\programdata\Alwil Software
2012-04-25 02:05 . 2012-04-25 02:05 -------- d-----w- c:\program files\Alwil Software
2012-04-25 01:22 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-04-24 22:00 . 2012-04-24 23:00 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009
2012-04-24 21:27 . 2012-04-24 21:27 -------- d-----w- c:\windows\Sun
2012-04-23 19:22 . 2012-04-23 19:24 -------- d-----w- c:\windows\system32\MpEngineStore
2012-04-22 05:05 . 2012-02-28 06:48 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-22 05:05 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-22 05:05 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-22 05:05 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-22 05:05 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-22 05:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-22 05:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 05:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-22 05:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-22 05:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 05:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 05:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-20 05:37 . 2012-04-20 05:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-04-18 16:41 . 2012-04-18 16:41 -------- d-----w- c:\programdata\McAfee
2012-04-18 16:41 . 2012-04-20 00:07 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-04-18 16:33 . 2012-04-20 00:07 -------- d-----w- c:\users\Trina\AppData\Roaming\vlc
2012-04-18 16:32 . 2012-04-20 00:08 -------- d-----w- c:\program files (x86)\Easy Media Player
2012-03-28 23:59 . 2012-03-28 23:59 388096 ----a-r- c:\users\Trina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-28 23:59 . 2012-03-28 23:59 -------- d-----w- c:\program files (x86)\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 06:25 . 2012-01-08 23:54 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-17 06:38 . 2012-03-14 03:49 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 03:49 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 03:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 03:49 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 03:53 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 03:53 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 03:53 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120120.002_504\IDSvia64.sys [2012-01-20 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-07 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 05:23]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 05:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MRT"="c:\windows\system32\MRT.exe" [2012-03-29 57249312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-26 11:32:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 18:32
.
Pre-Run: 577,296,625,664 bytes free
Post-Run: 576,835,915,776 bytes free
.
- - End Of File - - E70A779C4471BD548176A601A5C20981

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:04 AM

Posted 27 April 2012 - 12:27 AM

Hi sttacos!

Thanks for re-posting the ComboFix log. :)

Do you plan on sticking with Avast or Norton as your Anti-Virus program?

Something still looks off with your ComboFix log.

I need to have you run a script with it.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic451374.html/page__view__findpost__p__2679517
KillAll::
Collect::[102]
c:\windows\svchost.exe
DirLook::
c:\program files (x86)\Easy Media Player
c:\windows\SysWow64\%APPDATA%
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Please be sure to include an update in your next reply on how things are running with your computer.

Edited by SweetTech, 27 April 2012 - 12:28 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 27 April 2012 - 03:01 AM

The computer does not start up anymore :/...
It hangs right after the bios screen with a black screen.
What should i do?
I cant go into safe mode, trying to do so makes it go into a reboot loop.

#13 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 27 April 2012 - 03:11 AM

I was actually able to by-pass this by using hirens boot CD to load from the harddrive.
Will run the CF script now.
But now the rootkit is back.... :/
Now under the name of Data recovery , S.M.A.R.T Repair.

All icons from desktop has disappeared again.

Edited by sttacos, 27 April 2012 - 03:15 AM.


#14 sttacos

sttacos
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 27 April 2012 - 04:41 AM

Here my CF Log

ComboFix 12-04-25.02 - Trina 04/27/2012 1:37.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2499 [GMT -7:00]
Running from: c:\users\Trina\Desktop\ComboFix.exe
Command switches used :: c:\users\Trina\Desktop\CFSCRIPT.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\aHelTFbukWq.exe
c:\programdata\bIMRWL2O2Uodot
c:\programdata\bIMRWL2O2Uodot.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\svchost.exe
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-26 09:04 . 2012-04-26 09:04 -------- d-----w- C:\_OTL
2012-04-25 08:08 . 2012-04-25 08:09 -------- d-----w- C:\FRST
2012-04-25 02:35 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-25 02:35 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-25 02:35 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-25 02:06 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-25 02:06 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-25 02:06 . 2010-06-28 20:33 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-25 02:06 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-25 02:05 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-25 02:05 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-25 02:05 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-25 02:05 . 2012-04-25 02:05 -------- d--h--w- c:\programdata\Alwil Software
2012-04-25 02:05 . 2012-04-25 02:05 -------- d-----w- c:\program files\Alwil Software
2012-04-24 22:00 . 2012-04-24 23:00 -------- d-----w- c:\windows\system32\drivers\NAVx64\1307000.009
2012-04-24 21:27 . 2012-04-24 21:27 -------- d-----w- c:\windows\Sun
2012-04-23 19:22 . 2012-04-23 19:24 -------- d-----w- c:\windows\system32\MpEngineStore
2012-04-22 05:05 . 2012-02-28 06:48 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-22 05:05 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-22 05:05 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-22 05:05 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-04-22 05:05 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-22 05:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-22 05:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 05:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-22 05:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-22 05:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 05:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 05:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-20 05:37 . 2012-04-20 05:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-04-18 16:41 . 2012-04-18 16:41 -------- d--h--w- c:\programdata\McAfee
2012-04-18 16:41 . 2012-04-20 00:07 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-04-18 16:33 . 2012-04-20 00:07 -------- d--h--w- c:\users\Trina\AppData\Roaming\vlc
2012-04-18 16:32 . 2012-04-20 00:08 -------- d-----w- c:\program files (x86)\Easy Media Player
2012-03-28 23:59 . 2012-03-28 23:59 388096 ---ha-r- c:\users\Trina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-28 23:59 . 2012-03-28 23:59 -------- d-----w- c:\program files (x86)\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 06:25 . 2012-01-08 23:54 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-17 06:38 . 2012-03-14 03:49 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 03:49 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 03:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 03:49 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 03:53 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 03:53 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 03:53 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files (x86)\Easy Media Player ----
.
2012-04-18 16:32 . 2012-04-18 16:33 370668 ----a-w- c:\program files (x86)\Easy Media Player\plugins\plugins-04041e-fe8.dat
2012-04-18 16:32 . 2012-04-18 16:32 15817 ------w- c:\program files (x86)\Easy Media Player\uninstall.log
2012-02-13 20:00 . 2012-02-13 20:00 32768 ----a-w- c:\program files (x86)\Easy Media Player\plugins\libxtag_plugin.dll
2012-02-13 20:00 . 2012-02-13 20:00 29184 ----a-w- c:\program files (x86)\Easy Media Player\plugins\librv32_plugin.dll
2012-02-13 19:59 . 2012-02-13 19:59 54272 ----a-w- c:\program files (x86)\Easy Media Player\plugins\libps_plugin.dll
2012-02-13 19:59 . 2012-02-13 19:59 31744 ----a-w- c:\program files (x86)\Easy Media Player\plugins\libcdg_plugin.dll
2012-02-13 19:59 . 2012-02-13 19:59 313 ----a-w- c:\program files (x86)\Easy Media Player\http\.hosts
2012-02-13 19:59 . 2012-02-13 19:59 2317 ----a-w- c:\program files (x86)\Easy Media Player\http\flash.html
2012-02-13 19:59 . 2012-02-13 19:59 1377 ----a-w- c:\program files (x86)\Easy Media Player\http\iehacks.css
2012-02-13 19:59 . 2012-02-13 19:59 2399 ----a-w- c:\program files (x86)\Easy Media Player\http\index.html
2012-02-13 19:59 . 2012-02-13 19:59 2277 ----a-w- c:\program files (x86)\Easy Media Player\http\mosaic.html
2012-02-13 19:59 . 2012-02-13 19:59 4869 ----a-w- c:\program files (x86)\Easy Media Player\http\style.css
2012-02-13 19:59 . 2012-02-13 19:59 1979 ----a-w- c:\program files (x86)\Easy Media Player\http\vlm.html
2012-02-13 19:59 . 2012-02-13 19:59 301 ----a-w- c:\program files (x86)\Easy Media Player\http\vlm_export.html
2012-02-13 19:59 . 2012-02-13 19:59 124 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\.hosts
2012-02-13 19:59 . 2012-02-13 19:59 1963 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\browse
2012-02-13 19:59 . 2012-02-13 19:59 1627 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\footer
2012-02-13 19:59 . 2012-02-13 19:59 9670 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\input
2012-02-13 19:59 . 2012-02-13 19:59 6265 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\main
2012-02-13 19:59 . 2012-02-13 19:59 6261 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\mosaic
2012-02-13 19:59 . 2012-02-13 19:59 5784 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\playlist
2012-02-13 19:59 . 2012-02-13 19:59 12535 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\sout
2012-02-13 19:59 . 2012-02-13 19:59 9775 ----a-w- c:\program files (x86)\Easy Media Player\http\dialogs\vlm
2012-02-13 19:59 . 2012-02-13 19:59 198 ----a-w- c:\program files (x86)\Easy Media Player\http\images\delete.png
2012-02-13 19:59 . 2012-02-13 19:59 165 ----a-w- c:\program files (x86)\Easy Media Player\http\images\delete_small.png
2012-02-13 19:59 . 2012-02-13 19:59 155 ----a-w- c:\program files (x86)\Easy Media Player\http\images\eject.png
2012-02-13 19:59 . 2012-02-13 19:59 178 ----a-w- c:\program files (x86)\Easy Media Player\http\images\empty.png
2012-02-13 19:59 . 2012-02-13 19:59 194 ----a-w- c:\program files (x86)\Easy Media Player\http\images\fullscreen.png
2012-02-13 19:59 . 2012-02-13 19:59 203 ----a-w- c:\program files (x86)\Easy Media Player\http\images\help.png
2012-02-13 19:59 . 2012-02-13 19:59 229 ----a-w- c:\program files (x86)\Easy Media Player\http\images\info.png
2012-02-13 19:59 . 2012-02-13 19:59 173 ----a-w- c:\program files (x86)\Easy Media Player\http\images\loop.png
2012-02-13 19:59 . 2012-02-13 19:59 204 ----a-w- c:\program files (x86)\Easy Media Player\http\images\minus.png
2012-02-13 19:59 . 2012-02-13 19:59 162 ----a-w- c:\program files (x86)\Easy Media Player\http\images\next.png
2012-02-13 19:59 . 2012-02-13 19:59 149 ----a-w- c:\program files (x86)\Easy Media Player\http\images\pause.png
2012-02-13 19:59 . 2012-02-13 19:59 178 ----a-w- c:\program files (x86)\Easy Media Player\http\images\play.png
2012-02-13 19:59 . 2012-02-13 19:59 147 ----a-w- c:\program files (x86)\Easy Media Player\http\images\playlist.png
2012-02-13 19:59 . 2012-02-13 19:59 145 ----a-w- c:\program files (x86)\Easy Media Player\http\images\playlist_small.png
2012-02-13 19:59 . 2012-02-13 19:59 208 ----a-w- c:\program files (x86)\Easy Media Player\http\images\plus.png
2012-02-13 19:59 . 2012-02-13 19:59 163 ----a-w- c:\program files (x86)\Easy Media Player\http\images\prev.png
2012-02-13 19:59 . 2012-02-13 19:59 277 ----a-w- c:\program files (x86)\Easy Media Player\http\images\refresh.png
2012-02-13 19:59 . 2012-02-13 19:59 179 ----a-w- c:\program files (x86)\Easy Media Player\http\images\repeat.png
2012-02-13 19:59 . 2012-02-13 19:59 194 ----a-w- c:\program files (x86)\Easy Media Player\http\images\sd.png
2012-02-13 19:59 . 2012-02-13 19:59 180 ----a-w- c:\program files (x86)\Easy Media Player\http\images\shuffle.png
2012-02-13 19:59 . 2012-02-13 19:59 190 ----a-w- c:\program files (x86)\Easy Media Player\http\images\slider_bar.png
2012-02-13 19:59 . 2012-02-13 19:59 203 ----a-w- c:\program files (x86)\Easy Media Player\http\images\slider_left.png
2012-02-13 19:59 . 2012-02-13 19:59 237 ----a-w- c:\program files (x86)\Easy Media Player\http\images\slider_point.png
2012-02-13 19:59 . 2012-02-13 19:59 204 ----a-w- c:\program files (x86)\Easy Media Player\http\images\slider_right.png
2012-02-13 19:59 . 2012-02-13 19:59 163 ----a-w- c:\program files (x86)\Easy Media Player\http\images\slow.png
2012-02-13 19:59 . 2012-02-13 19:59 270 ----a-w- c:\program files (x86)\Easy Media Player\http\images\snapshot.png
2012-02-13 19:59 . 2012-02-13 19:59 182 ----a-w- c:\program files (x86)\Easy Media Player\http\images\sort.png
2012-02-13 19:59 . 2012-02-13 19:59 172 ----a-w- c:\program files (x86)\Easy Media Player\http\images\sout.png
2012-02-13 19:59 . 2012-02-13 19:59 269 ----a-w- c:\program files (x86)\Easy Media Player\http\images\speaker.png
2012-02-13 19:59 . 2012-02-13 19:59 446 ----a-w- c:\program files (x86)\Easy Media Player\http\images\speaker_mute.png
2012-02-13 19:59 . 2012-02-13 19:59 146 ----a-w- c:\program files (x86)\Easy Media Player\http\images\stop.png
2012-02-13 19:59 . 2012-02-13 19:59 618 ----a-w- c:\program files (x86)\Easy Media Player\http\images\vlc16x16.png
2012-02-13 19:59 . 2012-02-13 19:59 209 ----a-w- c:\program files (x86)\Easy Media Player\http\images\volume_down.png
2012-02-13 19:59 . 2012-02-13 19:59 225 ----a-w- c:\program files (x86)\Easy Media Player\http\images\volume_up.png
2012-02-13 19:59 . 2012-02-13 19:59 169 ----a-w- c:\program files (x86)\Easy Media Player\http\images\white.png
2012-02-13 19:59 . 2012-02-13 19:59 165 ----a-w- c:\program files (x86)\Easy Media Player\http\images\white_cross_small.png
2012-02-13 19:59 . 2012-02-13 19:59 1920 ----a-w- c:\program files (x86)\Easy Media Player\http\requests\browse.xml
2012-02-13 19:59 . 2012-02-13 19:59 4255 ----a-w- c:\program files (x86)\Easy Media Player\http\requests\playlist.xml
2012-02-13 19:59 . 2012-02-13 19:59 2436 ----a-w- c:\program files (x86)\Easy Media Player\http\requests\readme.txt
2012-02-13 19:59 . 2012-02-13 19:59 8977 ----a-w- c:\program files (x86)\Easy Media Player\http\requests\status.xml
2012-02-13 19:59 . 2012-02-13 19:59 4465 ----a-w- c:\program files (x86)\Easy Media Player\http\requests\vlm.xml
2012-02-13 19:59 . 2012-02-13 19:59 1433 ----a-w- c:\program files (x86)\Easy Media Player\http\requests\vlm_cmd.xml
2012-02-13 19:59 . 2012-02-13 19:59 19878 ----a-w- c:\program files (x86)\Easy Media Player\lua\README.txt
2012-02-13 19:59 . 2012-02-13 19:59 11354 ----a-w- c:\program files (x86)\Easy Media Player\lua\extensions\allocine-fr.lua
2012-02-13 19:59 . 2012-02-13 19:59 12614 ----a-w- c:\program files (x86)\Easy Media Player\lua\extensions\allocine-fr.luac
2012-02-13 19:59 . 2012-02-13 19:59 337 ----a-w- c:\program files (x86)\Easy Media Player\lua\extensions\README.txt
2012-02-13 19:59 . 2012-02-13 19:59 313 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\.hosts
2012-02-13 19:59 . 2012-02-13 19:59 403 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\custom.lua
2012-02-13 19:59 . 2012-02-13 19:59 2212 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\flash.html
2012-02-13 19:59 . 2012-02-13 19:59 1377 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\iehacks.css
2012-02-13 19:59 . 2012-02-13 19:59 1952 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\index.html
2012-02-13 19:59 . 2012-02-13 19:59 1892 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\mosaic.html
2012-02-13 19:59 . 2012-02-13 19:59 4869 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\style.css
2012-02-13 19:59 . 2012-02-13 19:59 1795 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\vlm.html
2012-02-13 19:59 . 2012-02-13 19:59 308 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\vlm_export.html
2012-02-13 19:59 . 2012-02-13 19:59 124 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\.hosts
2012-02-13 19:59 . 2012-02-13 19:59 1935 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\browse
2012-02-13 19:59 . 2012-02-13 19:59 1650 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\footer
2012-02-13 19:59 . 2012-02-13 19:59 9967 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\input
2012-02-13 19:59 . 2012-02-13 19:59 6237 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\main
2012-02-13 19:59 . 2012-02-13 19:59 6233 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\mosaic
2012-02-13 19:59 . 2012-02-13 19:59 7242 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\playlist
2012-02-13 19:59 . 2012-02-13 19:59 12520 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\sout
2012-02-13 19:59 . 2012-02-13 19:59 9747 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\dialogs\vlm
2012-02-13 19:59 . 2012-02-13 19:59 198 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\delete.png
2012-02-13 19:59 . 2012-02-13 19:59 165 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\delete_small.png
2012-02-13 19:59 . 2012-02-13 19:59 155 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\eject.png
2012-02-13 19:59 . 2012-02-13 19:59 178 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\empty.png
2012-02-13 19:59 . 2012-02-13 19:59 194 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\fullscreen.png
2012-02-13 19:59 . 2012-02-13 19:59 203 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\help.png
2012-02-13 19:59 . 2012-02-13 19:59 229 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\info.png
2012-02-13 19:59 . 2012-02-13 19:59 173 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\loop.png
2012-02-13 19:59 . 2012-02-13 19:59 204 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\minus.png
2012-02-13 19:59 . 2012-02-13 19:59 162 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\next.png
2012-02-13 19:59 . 2012-02-13 19:59 149 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\pause.png
2012-02-13 19:59 . 2012-02-13 19:59 178 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\play.png
2012-02-13 19:59 . 2012-02-13 19:59 147 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\playlist.png
2012-02-13 19:59 . 2012-02-13 19:59 145 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\playlist_small.png
2012-02-13 19:59 . 2012-02-13 19:59 208 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\plus.png
2012-02-13 19:59 . 2012-02-13 19:59 163 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\prev.png
2012-02-13 19:59 . 2012-02-13 19:59 277 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\refresh.png
2012-02-13 19:59 . 2012-02-13 19:59 179 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\repeat.png
2012-02-13 19:59 . 2012-02-13 19:59 215 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\reset.png
2012-02-13 19:59 . 2012-02-13 19:59 194 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\sd.png
2012-02-13 19:59 . 2012-02-13 19:59 180 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\shuffle.png
2012-02-13 19:59 . 2012-02-13 19:59 190 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\slider_bar.png
2012-02-13 19:59 . 2012-02-13 19:59 203 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\slider_left.png
2012-02-13 19:59 . 2012-02-13 19:59 237 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\slider_point.png
2012-02-13 19:59 . 2012-02-13 19:59 204 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\slider_right.png
2012-02-13 19:59 . 2012-02-13 19:59 163 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\slow.png
2012-02-13 19:59 . 2012-02-13 19:59 270 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\snapshot.png
2012-02-13 19:59 . 2012-02-13 19:59 182 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\sort.png
2012-02-13 19:59 . 2012-02-13 19:59 172 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\sout.png
2012-02-13 19:59 . 2012-02-13 19:59 269 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\speaker.png
2012-02-13 19:59 . 2012-02-13 19:59 446 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\speaker_mute.png
2012-02-13 19:59 . 2012-02-13 19:59 146 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\stop.png
2012-02-13 19:59 . 2012-02-13 19:59 618 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\vlc16x16.png
2012-02-13 19:59 . 2012-02-13 19:59 209 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\volume_down.png
2012-02-13 19:59 . 2012-02-13 19:59 225 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\volume_up.png
2012-02-13 19:59 . 2012-02-13 19:59 169 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\white.png
2012-02-13 19:59 . 2012-02-13 19:59 165 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\images\white_cross_small.png
2012-02-13 19:59 . 2012-02-13 19:59 1841 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\requests\browse.xml
2012-02-13 19:59 . 2012-02-13 19:59 2866 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\requests\playlist.xml
2012-02-13 19:59 . 2012-02-13 19:59 2436 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\requests\readme.txt
2012-02-13 19:59 . 2012-02-13 19:59 5115 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\requests\status.xml
2012-02-13 19:59 . 2012-02-13 19:59 4584 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\requests\vlm.xml
2012-02-13 19:59 . 2012-02-13 19:59 1430 ----a-w- c:\program files (x86)\Easy Media Player\lua\http\requests\vlm_cmd.xml
2012-02-13 19:59 . 2012-02-13 19:59 540 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\dummy.lua
2012-02-13 19:59 . 2012-02-13 19:59 776 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\dummy.luac
2012-02-13 19:59 . 2012-02-13 19:59 2201 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\dumpmeta.lua
2012-02-13 19:59 . 2012-02-13 19:59 1825 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\dumpmeta.luac
2012-02-13 19:59 . 2012-02-13 19:59 10063 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\http.lua
2012-02-13 19:59 . 2012-02-13 19:59 12312 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\http.luac
2012-02-13 19:59 . 2012-02-13 19:59 2329 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\luac.lua
2012-02-13 19:59 . 2012-02-13 19:59 2035 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\luac.luac
2012-02-13 19:59 . 2012-02-13 19:59 28681 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\rc.lua
2012-02-13 19:59 . 2012-02-13 19:59 40304 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\rc.luac
2012-02-13 19:59 . 2012-02-13 19:59 768 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\README.txt
2012-02-13 19:59 . 2012-02-13 19:59 8395 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\telnet.lua
2012-02-13 19:59 . 2012-02-13 19:59 8606 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\telnet.luac
2012-02-13 19:59 . 2012-02-13 19:59 2732 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\modules\common.lua
2012-02-13 19:59 . 2012-02-13 19:59 5137 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\modules\common.luac
2012-02-13 19:59 . 2012-02-13 19:59 10444 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\modules\host.lua
2012-02-13 19:59 . 2012-02-13 19:59 10799 ----a-w- c:\program files (x86)\Easy Media Player\lua\intf\modules\host.luac
2012-02-13 19:59 . 2012-02-13 19:59 1408 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\01_googleimage.lua
2012-02-13 19:59 . 2012-02-13 19:59 1030 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\01_googleimage.luac
2012-02-13 19:59 . 2012-02-13 19:59 2666 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\02_frenchtv.lua
2012-02-13 19:59 . 2012-02-13 19:59 1943 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\02_frenchtv.luac
2012-02-13 19:59 . 2012-02-13 19:59 1757 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\03_lastfm.lua
2012-02-13 19:59 . 2012-02-13 19:59 1267 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\03_lastfm.luac
2012-02-13 19:59 . 2012-02-13 19:59 2264 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\04_musicbrainz.lua
2012-02-13 19:59 . 2012-02-13 19:59 2118 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\04_musicbrainz.luac
2012-02-13 19:59 . 2012-02-13 19:59 416 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\art\README.txt
2012-02-13 19:59 . 2012-02-13 19:59 424 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\fetcher\README.txt
2012-02-13 19:59 . 2012-02-13 19:59 2571 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\fetcher\tvrage.lua
2012-02-13 19:59 . 2012-02-13 19:59 2429 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\fetcher\tvrage.luac
2012-02-13 19:59 . 2012-02-13 19:59 1628 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\reader\filename.lua
2012-02-13 19:59 . 2012-02-13 19:59 1184 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\reader\filename.luac
2012-02-13 19:59 . 2012-02-13 19:59 494 ----a-w- c:\program files (x86)\Easy Media Player\lua\meta\reader\README.txt
2012-02-13 19:59 . 2012-02-13 19:59 4375 ----a-w- c:\program files (x86)\Easy Media Player\lua\modules\sandbox.lua
2012-02-13 19:59 . 2012-02-13 19:59 3935 ----a-w- c:\program files (x86)\Easy Media Player\lua\modules\sandbox.luac
2012-02-13 19:59 . 2012-02-13 19:59 3833 ----a-w- c:\program files (x86)\Easy Media Player\lua\modules\simplexml.lua
2012-02-13 19:59 . 2012-02-13 19:59 3087 ----a-w- c:\program files (x86)\Easy Media Player\lua\modules\simplexml.luac
2012-02-13 19:59 . 2012-02-13 19:59 3664 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\anevia_streams.lua
2012-02-13 19:59 . 2012-02-13 19:59 2482 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\anevia_streams.luac
2012-02-13 19:59 . 2012-02-13 19:59 3618 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\anevia_xml.lua
2012-02-13 19:59 . 2012-02-13 19:59 2525 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\anevia_xml.luac
2012-02-13 19:59 . 2012-02-13 19:59 2403 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\appletrailers.lua
2012-02-13 19:59 . 2012-02-13 19:59 2332 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\appletrailers.luac
2012-02-13 19:59 . 2012-02-13 19:59 1468 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\bbc_co_uk.lua
2012-02-13 19:59 . 2012-02-13 19:59 1067 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\bbc_co_uk.luac
2012-02-13 19:59 . 2012-02-13 19:59 1995 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\break.lua
2012-02-13 19:59 . 2012-02-13 19:59 1837 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\break.luac
2012-02-13 19:59 . 2012-02-13 19:59 3501 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\canalplus.lua
2012-02-13 19:59 . 2012-02-13 19:59 2984 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\canalplus.luac
2012-02-13 19:59 . 2012-02-13 19:59 3531 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\cue.lua
2012-02-13 19:59 . 2012-02-13 19:59 4626 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\cue.luac
2012-02-13 19:59 . 2012-02-13 19:59 2816 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\dailymotion.lua
2012-02-13 19:59 . 2012-02-13 19:59 1906 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\dailymotion.luac
2012-02-13 19:59 . 2012-02-13 19:59 2115 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\france2.lua
2012-02-13 19:59 . 2012-02-13 19:59 1965 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\france2.luac
2012-02-13 19:59 . 2012-02-13 19:59 2746 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\googlevideo.lua
2012-02-13 19:59 . 2012-02-13 19:59 2851 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\googlevideo.luac
2012-02-13 19:59 . 2012-02-13 19:59 3030 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\jamendo.lua
2012-02-13 19:59 . 2012-02-13 19:59 2771 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\jamendo.luac
2012-02-13 19:59 . 2012-02-13 19:59 1637 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\joox.lua
2012-02-13 19:59 . 2012-02-13 19:59 1201 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\joox.luac
2012-02-13 19:59 . 2012-02-13 19:59 2092 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\katsomo.lua
2012-02-13 19:59 . 2012-02-13 19:59 2080 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\katsomo.luac
2012-02-13 19:59 . 2012-02-13 19:59 1894 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\koreus.lua
2012-02-13 19:59 . 2012-02-13 19:59 1693 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\koreus.luac
2012-02-13 19:59 . 2012-02-13 19:59 1871 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\lelombrik.lua
2012-02-13 19:59 . 2012-02-13 19:59 1658 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\lelombrik.luac
2012-02-13 19:59 . 2012-02-13 19:59 2400 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\megavideo.lua
2012-02-13 19:59 . 2012-02-13 19:59 2171 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\megavideo.luac
2012-02-13 19:59 . 2012-02-13 19:59 2150 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\metacafe.lua
2012-02-13 19:59 . 2012-02-13 19:59 1903 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\metacafe.luac
2012-02-13 19:59 . 2012-02-13 19:59 2039 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\metachannels.lua
2012-02-13 19:59 . 2012-02-13 19:59 1752 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\metachannels.luac
2012-02-13 19:59 . 2012-02-13 19:59 2564 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\mpora.lua
2012-02-13 19:59 . 2012-02-13 19:59 2430 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\mpora.luac
2012-02-13 19:59 . 2012-02-13 19:59 2091 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\pinkbike.lua
2012-02-13 19:59 . 2012-02-13 19:59 1762 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\pinkbike.luac
2012-02-13 19:59 . 2012-02-13 19:59 1224 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\README.txt
2012-02-13 19:59 . 2012-02-13 19:59 722 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\rockbox_fm_presets.lua
2012-02-13 19:59 . 2012-02-13 19:59 1440 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\rockbox_fm_presets.luac
2012-02-13 19:59 . 2012-02-13 19:59 9167 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\youtube.lua
2012-02-13 19:59 . 2012-02-13 19:59 6469 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\youtube.luac
2012-02-13 19:59 . 2012-02-13 19:59 1897 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\youtube_homepage.lua
2012-02-13 19:59 . 2012-02-13 19:59 1734 ----a-w- c:\program files (x86)\Easy Media Player\lua\playlist\youtube_homepage.luac
2012-02-13 19:59 . 2012-02-13 19:59 2554 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\fmc.lua
2012-02-13 19:59 . 2012-02-13 19:59 2301 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\fmc.luac
2012-02-13 19:59 . 2012-02-13 19:59 1832 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\freebox.lua
2012-02-13 19:59 . 2012-02-13 19:59 1456 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\freebox.luac
2012-02-13 19:59 . 2012-02-13 19:59 1642 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\icecast.lua
2012-02-13 19:59 . 2012-02-13 19:59 1292 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\icecast.luac
2012-02-13 19:59 . 2012-02-13 19:59 6258 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\jamendo.lua
2012-02-13 19:59 . 2012-02-13 19:59 6524 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\jamendo.luac
2012-02-13 19:59 . 2012-02-13 19:59 1702 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\metachannels.lua
2012-02-13 19:59 . 2012-02-13 19:59 1281 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\metachannels.luac
2012-02-13 19:59 . 2012-02-13 19:59 779 ----a-w- c:\program files (x86)\Easy Media Player\lua\sd\README.txt
2012-02-13 19:59 . 2012-02-13 19:59 12100 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\unselected.png
2012-02-13 19:59 . 2012-02-13 19:59 12401 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selected\bw.png
2012-02-13 19:59 . 2012-02-13 19:59 12640 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selected\esc.png
2012-02-13 19:59 . 2012-02-13 19:59 12354 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selected\fw.png
2012-02-13 19:59 . 2012-02-13 19:59 12263 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selected\next.png
2012-02-13 19:59 . 2012-02-13 19:59 11547 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selected\play_pause.png
2012-02-13 19:59 . 2012-02-13 19:59 12292 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selected\previous.png
2012-02-13 19:59 . 2012-02-13 19:59 12341 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selected\stop.png
2012-02-13 19:59 . 2012-02-13 19:59 12620 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selected\volume.png
2012-02-13 19:59 . 2012-02-13 19:59 12469 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selection\bw.png
2012-02-13 19:59 . 2012-02-13 19:59 12706 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selection\esc.png
2012-02-13 19:59 . 2012-02-13 19:59 12452 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selection\fw.png
2012-02-13 19:59 . 2012-02-13 19:59 12312 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selection\next.png
2012-02-13 19:59 . 2012-02-13 19:59 11610 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selection\play_pause.png
2012-02-13 19:59 . 2012-02-13 19:59 12347 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selection\previous.png
2012-02-13 19:59 . 2012-02-13 19:59 12446 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selection\stop.png
2012-02-13 19:59 . 2012-02-13 19:59 12689 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\selection\volume.png
2012-02-13 19:59 . 2012-02-13 19:59 1458 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_00.png
2012-02-13 19:59 . 2012-02-13 19:59 2206 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_01.png
2012-02-13 19:59 . 2012-02-13 19:59 2355 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_02.png
2012-02-13 19:59 . 2012-02-13 19:59 2353 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_03.png
2012-02-13 19:59 . 2012-02-13 19:59 2330 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_04.png
2012-02-13 19:59 . 2012-02-13 19:59 2329 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_05.png
2012-02-13 19:59 . 2012-02-13 19:59 2330 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_06.png
2012-02-13 19:59 . 2012-02-13 19:59 2341 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_07.png
2012-02-13 19:59 . 2012-02-13 19:59 2354 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_08.png
2012-02-13 19:59 . 2012-02-13 19:59 2245 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_09.png
2012-02-13 19:59 . 2012-02-13 19:59 1585 ----a-w- c:\program files (x86)\Easy Media Player\osdmenu\default\volume\volume_10.png
2012-02-13 19:59 . 2012-02-13 19:59 182734 ----a-w- c:\program files (x86)\Easy Media Player\skins\default.vlt
2012-02-13 19:59 . 2012-02-13 19:59 167 ----a-w- c:\program files (x86)\Easy Media Player\skins\skin.catalog
2012-02-13 19:59 . 2012-02-13 19:59 9634 ----a-w- c:\program files (x86)\Easy Media Player\skins\skin.dtd
2012-02-13 19:59 . 2012-02-13 19:59 31847 ----a-w- c:\program files (x86)\Easy Media Player\skins\winamp2.xml
2012-02-13 19:59 . 2012-02-13 19:59 64228 ----a-w- c:\program files (x86)\Easy Media Player\skins\fonts\FreeSansBold.ttf
2012-02-13 19:59 . 2012-02-13 19:59 18426 ----a-w- c:\program files (x86)\Easy Media Player\COPYING.txt
2012-02-13 19:59 . 2012-02-13 19:59 281 ----a-w- c:\program files (x86)\Easy Media Player\README.txt
.
---- Directory of c:\windows\SysWow64\%APPDATA% ----
.
2012-04-20 05:37 . 2012-04-26 09:47 262144 --sha-w- c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-26_18.29.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-08 22:17 . 2012-04-27 04:45 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-04-27 08:29 45786 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-27 08:29 40036 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-09 06:55 . 2012-04-27 08:29 12032 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3641754186-3941475806-1904336954-1000_UserData.bin
+ 2011-08-09 12:32 . 2012-04-27 08:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-09 12:32 . 2012-04-26 08:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-09 12:32 . 2012-04-27 08:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-09 12:32 . 2012-04-26 08:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 08:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 08:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-24 21:34 . 2012-04-26 09:08 42592 c:\windows\system32\config\systemprofile\AppData\Local\dplayx.dll
+ 2009-07-14 04:46 . 2012-04-26 20:31 96856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\NWFILTER.dll
+ 2012-04-27 08:45 . 2012-04-27 08:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-26 17:35 . 2012-04-26 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-27 08:45 . 2012-04-27 08:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-26 17:35 . 2012-04-26 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-08 22:17 . 2012-04-27 04:45 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-01-08 22:17 . 2012-04-26 17:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-27 08:41 540672 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-09 20:29 . 2012-04-27 08:26 262206 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-27 08:35 648844 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-26 17:49 648844 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-26 17:49 114764 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-27 08:35 114764 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-26 17:34 318140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-27 08:42 318140 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-26 17:44 8503296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 08:41 8503296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 08:41 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-26 17:44 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-04 2375168]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307000.009\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307000.009\SYMEFA64.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307000.009\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120120.002_504\IDSvia64.sys [2012-01-20 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307000.009\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307000.009\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe [2012-03-27 138232]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-07 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 05:23]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 05:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"MRT"="c:\windows\system32\MRT.exe" [2012-03-29 57249312]
"combofix"="c:\combofix\CF8352.3XE" [2010-11-21 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
IntelC53
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKLM-Run-aHelTFbukWq.exe - c:\programdata\aHelTFbukWq.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-27 01:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 08:53
ComboFix2.txt 2012-04-26 18:32
.
Pre-Run: 575,367,380,992 bytes free
Post-Run: 574,836,670,464 bytes free
.
- - End Of File - - 4099AFD0872625844239D58C7C219752
Upload was successful



and MBAM Log

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.04.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Trina :: TRINA-HP [administrator]

Protection: Disabled

4/27/2012 1:58:02 AM
mbam-log-2012-04-27 (01-58-02).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 343630
Time elapsed: 34 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

0?? weird..

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:04 AM

Posted 28 April 2012 - 08:25 AM

Hi!

This is definitely a bit bizarre.

Download and run this tool to restore your hidden items:

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



Then run a new scan with OTL for me.

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the Posted Image box Cope & Paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users