Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Syshost.exe Infection ? Permission for Command Processor to run...


  • This topic is locked This topic is locked
24 replies to this topic

#1 ishme4nowz

ishme4nowz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 11 August 2012 - 11:41 PM

My computer is an HP DV6-3000t running on 64-bit Windows 7.

Link to my original post.

About in mid-July, I suddenly got this pop-up with the heading: "Security Monitor: WARNING!" The window read: "Attention! System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software. Click Yes to download official intrusion detection system (IDS software)."

On the bottom right-hand, a bubble popped up with the heading: "WARNING!", and it read: "Application cannot be executed. The file TabTip.exe is infected. Please activate your antivirus software."

I don't quite remember what I clicked on the first pop-up but as soon as I got these messages, I downloaded MalwareBytes and did a full scan. I followed the directions for rebooting the computer to delete infections.

A few weeks after using MalwareBytes, another incident occurred. A pop-up with the heading: "System message - Write Fault Error" came up. It read: "A Write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system memory address." At least 15 of these windows popped up.

Another window popped up with just the Microsoft Windows heading and it said: "System Error. Hard disk failure detected. Windows has lost access to the system partition during I/O process. This may also lead to a potential loss of data. It's highly recommended to run complete HDD scan to prevent lost of files, applications and documents stored on your computer." The first option was to Scan and repair (recommended) and it said it Prevents potential disk failure and loss of data. The second option was to Scan later and that Restart [is] required.

A few days after that, I got a Windows pop-up asking for permission to run Command Processor. Since I didn't know much about computers and didn't know what exactly it was, I pressed no, but the same window kept popping up again and again no matter how many times I pressed no. Out of frustration after pressing it about a dozen or so times, I pressed yes. Suddenly, my computer ended up getting rebooted after it closed all my browsers and programs.

I used MalwareBytes and also downloaded Unhide to unhide my files because when the infection rebooted my computer, I couldn't see anything in my Start Menu and most of my icons on my desktop were gone. It said I had about 7 infected files. I followed the direction to reboot to remove them, but even after, MalwareBytes wasn’t able to remove it because of an error. I ran the full scan again and the same infected files were still in my system.

Aside from following the directions given to me on my original post, I’ve only run MalwareBytes a few times. As of right now, my computer works fine but I still want to get rid of whatever infections I have in case it shows up again.



Here is the DDS Log
:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Annis at 15:01:45 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.16318.5447 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\PROGRA~2\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Annis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LF8V9ZX\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingSurrogate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://isearch.avg.com/?cid={6FA327A7-8272-47C6-9E86-2663DB782372}&mid=81eca5d0caad47d0a311a1bad3c91cea-3e1a5f554b282559f26ed7df46d8a8f3a9193a04&lang=en&ds=pp016&pr=sa&d=2012-07-23 00:16:47&v=12.1.0.20&sap=hp
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - C:\PROGRA~2\YREFRE~1\YREFRE~1.DLL
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Google Update] "C:\Users\Annis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe -update plugin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOMEZP~1.LNK - C:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EF83E8D1-59F3-4E48-BBB5-C010982B0526} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
BHO-X64: Swag Bucks - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: RefresherBand Class: {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~2\YREFRE~1\YREFRE~1.DLL
TB-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Annis\AppData\Roaming\Mozilla\Firefox\Profiles\ie75hg71.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Annis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/01/10 10:23:08];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2012-1-10 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2012-1-10 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-10-15 22072]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-1-15 127984]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-2-8 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2012-1-10 2320920]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE [2012-2-20 240408]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE [2012-2-20 193816]
S2 BstHdAndroidSvc;BlueStacks Android Service;"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android --> C:\Program Files (x86)\BlueStacks\HD-Service.exe [?]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe --> C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-1 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-09 06:14:11 78848 ----a-w- C:\Windows\KMSEmulator.exe
2012-08-08 06:25:56 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71D25059-89D9-47D2-8CFA-E278CDEA3BCB}\offreg.dll
2012-08-08 05:44:01 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-08 05:43:44 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-08 05:43:09 -------- d-----w- C:\ProgramData\AVG2012
2012-08-08 05:42:26 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-08 05:39:22 -------- d-----w- C:\ProgramData\MFAData
2012-08-08 05:35:43 643696 ----a-w- C:\autoruns.exe
2012-08-08 05:35:43 561264 ----a-w- C:\autorunsc.exe
2012-08-08 02:34:49 -------- d-----w- C:\ProgramData\BlueStacks
2012-08-04 09:30:14 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71D25059-89D9-47D2-8CFA-E278CDEA3BCB}\mpengine.dll
2012-08-03 11:46:44 -------- d-----w- C:\ProgramData\SecTaskMan
2012-08-03 11:46:39 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-08-02 10:49:29 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-08-02 10:48:57 150736 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-08-02 10:48:47 129176 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-08-02 02:04:00 -------- d-----w- C:\Program Files\CCleaner
2012-07-23 07:17:07 -------- d-----w- C:\Program Files (x86)\hpmonitor
2012-07-23 07:16:31 -------- d-----w- C:\ProgramData\Common Files
2012-07-16 09:03:38 -------- d-----w- C:\Users\Annis\AppData\Roaming\Malwarebytes
2012-07-16 09:03:31 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-16 09:03:30 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-16 09:03:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-16 07:54:58 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-16 07:54:01 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-16 07:53:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-16 07:31:53 -------- d-----w- C:\Users\Annis\AppData\Local\{039B9099-CF18-11E1-8270-B8AC6F996F26}
2012-07-16 07:29:50 -------- d-----w- C:\Users\Annis\AppData\Local\{039B5EBF-CF18-11E1-8270-B8AC6F996F26}
2012-07-16 07:29:46 375808 ----a-w- C:\Users\Annis\AppData\Roaming\erfdsr.dll
2012-07-16 07:28:24 147968 --sha-w- C:\Users\Annis\AppData\Roaming\ziryp.dll
2012-07-14 00:03:46 -------- d-----w- C:\Program Files (x86)\LastPass
2012-07-12 06:51:15 -------- d-----w- C:\Users\Annis\AppData\Roaming\RealNetworks
.
==================== Find3M ====================
.
2012-08-02 10:48:41 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-02 10:48:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-02 01:36:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 01:36:36 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 15:02:53.09 ===============

Attached Files


Edited by ishme4nowz, 11 August 2012 - 11:43 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 13 August 2012 - 10:42 AM

please run the following:

Please download Unhide.exe to your desktop:
  • Double-click on the Unhide.exe icon on your desktop and allow the program to run.
  • This program will remove the hidden attributes from all the files on your system.
  • Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 14 August 2012 - 09:08 PM

ComboFix 12-08-14.05 - Annis 08/14/2012 18:48:45.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.16318.13434 [GMT -7:00]
Running from: c:\users\Annis\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Annis\AppData\Roaming\erfdsr.dll
c:\users\Annis\AppData\Roaming\ziryp.dll
c:\windows\SysWow64\ntdll.dll.1
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 02:00 . 2012-08-15 02:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-15 02:00 . 2012-08-15 02:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 01:50 . 2012-08-15 01:50 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71D25059-89D9-47D2-8CFA-E278CDEA3BCB}\offreg.dll
2012-08-11 01:40 . 2012-08-11 01:40 -------- d-----w- c:\users\Annis\AppData\Roaming\Adobe Mini Bridge CS5
2012-08-11 01:40 . 2012-08-11 01:40 -------- d-----w- c:\users\Annis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-08-11 00:53 . 2012-08-11 00:53 -------- d-----w- c:\users\Annis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-08-08 05:44 . 2012-08-08 05:51 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-08 05:43 . 2012-08-08 05:50 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-08 05:43 . 2012-08-08 05:51 -------- d-----w- c:\programdata\AVG2012
2012-08-08 05:42 . 2012-08-08 05:42 -------- d-----w- c:\program files (x86)\AVG
2012-08-08 05:39 . 2012-08-08 05:47 -------- d-----w- c:\programdata\MFAData
2012-08-08 05:35 . 2012-08-01 20:27 643696 ----a-w- C:\autoruns.exe
2012-08-08 05:35 . 2012-08-01 20:27 561264 ----a-w- C:\autorunsc.exe
2012-08-08 02:34 . 2012-08-12 09:24 -------- d-----w- c:\programdata\BlueStacks
2012-08-04 09:30 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71D25059-89D9-47D2-8CFA-E278CDEA3BCB}\mpengine.dll
2012-08-03 11:46 . 2012-08-08 05:26 -------- d-----w- c:\programdata\SecTaskMan
2012-08-03 11:46 . 2012-08-03 11:46 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-08-02 10:49 . 2012-08-02 10:49 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-08-02 10:48 . 2012-08-02 10:48 150736 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-08-02 10:48 . 2012-08-02 10:48 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-08-02 02:04 . 2012-08-02 02:04 -------- d-----w- c:\program files\CCleaner
2012-07-23 07:17 . 2012-07-24 10:00 -------- d-----w- c:\program files (x86)\hpmonitor
2012-07-23 07:16 . 2012-07-23 07:16 -------- d-----w- c:\programdata\Common Files
2012-07-16 09:03 . 2012-07-16 09:03 -------- d-----w- c:\users\Annis\AppData\Roaming\Malwarebytes
2012-07-16 09:03 . 2012-07-16 09:03 -------- d-----w- c:\programdata\Malwarebytes
2012-07-16 09:03 . 2012-07-16 09:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 09:03 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 07:54 . 2012-07-16 07:54 -------- d-----w- c:\program files\Enigma Software Group
2012-07-16 07:54 . 2012-07-28 20:55 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-16 07:53 . 2012-07-16 07:53 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-16 07:31 . 2012-07-16 07:31 -------- d-----w- c:\users\Annis\AppData\Local\{039B9099-CF18-11E1-8270-B8AC6F996F26}
2012-07-16 07:29 . 2012-07-16 07:29 -------- d-----w- c:\users\Annis\AppData\Local\{039B5EBF-CF18-11E1-8270-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 10:48 . 2009-07-21 20:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-02 10:48 . 2009-07-21 20:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-02 01:36 . 2012-06-27 21:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 01:36 . 2012-06-27 21:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:19 . 2012-06-09 01:05 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:06 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:05 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-09 01:05 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:05 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-09 01:05 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2012-01-11 08:05 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\null.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-01-10 . DD2ED3246F5F4E4B07F385A9520C3C7C . 3899280 . . [6.1.7600.16539] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
[7] 2012-01-10 . 466FD46F58768E56F7B841681014EFF1 . 3899784 . . [6.1.7600.20655] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . DFB0E9F902FDAB7CD2E180E4072D45DD . 3902336 . . [6.1.7600.16841] .. c:\windows\erdnt\cache86\ntoskrnl.exe
[7] 2011-06-23 . DFB0E9F902FDAB7CD2E180E4072D45DD . 3902336 . . [6.1.7600.16841] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2011-06-23 . DFB0E9F902FDAB7CD2E180E4072D45DD . 3902336 . . [6.1.7600.16841] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2011-06-23 . 638A384E9968036D42BDBDE499A1C8B8 . 3911552 . . [6.1.7600.20994] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe
[7] 2010-10-27 . 776201760B5692F10DDA3BE85B54F213 . 3901824 . . [6.1.7600.16695] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[7] 2010-10-27 . C6169F5FDC8399E0C6C0729AB6EF2EF8 . 3911552 . . [6.1.7600.20826] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[7] 2009-07-14 . B9D673F7707219DFD264891A26C21ECB . 3899472 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwag.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-08-02 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
GomezPEER.lnk - c:\program files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe [2011-4-27 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-08 31080]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/01/10 10:23];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-04 203264]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-10-16 22072]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-09 338168]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - c9029f9d23637670
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-01-11 08:23]
.
2012-08-15 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-01-11 08:23]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883064037-2048478377-2091528665-1001Core.job
- c:\users\Annis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 00:52]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883064037-2048478377-2091528665-1001UA.job
- c:\users\Annis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 00:52]
.
2012-08-14 c:\windows\Tasks\HPCeeScheduleForAnnis.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-20 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={6FA327A7-8272-47C6-9E86-2663DB782372}&mid=81eca5d0caad47d0a311a1bad3c91cea-3e1a5f554b282559f26ed7df46d8a8f3a9193a04&lang=en&ds=pp016&pr=sa&d=2012-07-23 00:16&v=12.1.0.20&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Annis\AppData\Roaming\Mozilla\Firefox\Profiles\ie75hg71.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E} - c:\program files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe
AddRemove-InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} - c:\program files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe
AddRemove-InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C} - c:\program files (x86)\InstallShield Installation Information\{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}\setup.exe
AddRemove-InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA} - c:\program files (x86)\InstallShield Installation Information\{C9DCE03F-8CB7-4146-A99C-0612D75177EA}\setup.exe
AddRemove-InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
AddRemove-InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE} - c:\program files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe
AddRemove-InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A} - c:\program files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe
AddRemove-InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5} - c:\program files (x86)\InstallShield Installation Information\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\setup.exe
AddRemove-InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C} - c:\program files (x86)\InstallShield Installation Information\{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}\setup.exe
AddRemove-InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF} - c:\program files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe
AddRemove-{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-{3023EBDA-BF1B-4831-B347-E5018555F26E} - c:\program files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} - c:\program files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
AddRemove-{91A34181-9FAD-43AB-A35F-E7A8945B7E1C} - c:\program files (x86)\InstallShield Installation Information\{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}\setup.exe
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
AddRemove-{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-{C9DCE03F-8CB7-4146-A99C-0612D75177EA} - c:\program files (x86)\InstallShield Installation Information\{C9DCE03F-8CB7-4146-A99C-0612D75177EA}\setup.exe
AddRemove-{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
AddRemove-{D36DD326-7280-11D8-97C8-000129760CBE} - c:\program files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe
AddRemove-{DCCAD079-F92C-44DA-B258-624FC6517A5A} - c:\program files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe
AddRemove-{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001} - c:\program files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe
AddRemove-{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5} - c:\program files (x86)\InstallShield Installation Information\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\setup.exe
AddRemove-{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C} - c:\program files (x86)\InstallShield Installation Information\{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}\setup.exe
AddRemove-{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF} - c:\program files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\c9029f9d23637670]
"ImagePath"="\SystemRoot\System32\Drivers\c9029f9d23637670.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-14 19:05:30
ComboFix-quarantined-files.txt 2012-08-15 02:05
.
Pre-Run: 117,203,034,112 bytes free
Post-Run: 117,713,604,608 bytes free
.
- - End Of File - - B90E8AD7FADA6241916648E87AE47B9A

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 14 August 2012 - 10:15 PM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 15 August 2012 - 03:13 AM

For some reason, my laptop is unable to detect my USBs. I've tried both of my USBs on each of my 3 USB ports and my laptop doesn't detect it. I don't know if this is related but I've also been having problems with printing via USB. Is there another way to do this without using a flashdrive or if there's a way to fix my computer so it can detect USBs?

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 15 August 2012 - 03:12 PM

is your USB recognized in normal mode or is it just when you are in the Recovery environment that it is not recognized?


Please run the following:



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 15 August 2012 - 05:07 PM

Sorry, I wasn't being very specific. My laptop under normal conditions isn't reading either of my USBs.


OTL.txt


OTL logfile created on: 8/15/2012 2:44:34 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Annis\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.94 Gb Total Physical Memory | 12.85 Gb Available Physical Memory | 80.67% Memory free
31.87 Gb Paging File | 28.98 Gb Available in Paging File | 90.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274.40 Gb Total Space | 109.48 Gb Free Space | 39.90% Space Free | Partition Type: NTFS
Drive D: | 23.40 Gb Total Space | 3.42 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 90.55 Mb Free Space | 91.16% Space Free | Partition Type: FAT32

Computer Name: ANNIS-PC | User Name: Annis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 14:08:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Annis\Desktop\OTL.exe
PRC - [2012/08/02 03:48:42 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/02/20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/10/25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/09/16 16:27:40 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/09/15 12:30:08 | 000,739,664 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010/03/17 21:57:00 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
PRC - [2010/02/08 17:48:24 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/12/29 15:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/10/15 18:12:20 | 000,025,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2009/10/15 18:10:32 | 000,022,072 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/12 07:03:15 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3be59fc152f841624066c269cc2fff62\System.IdentityModel.ni.dll
MOD - [2012/01/12 07:03:14 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8dba8803fad87c39c0afbdce6c19fdd0\System.Runtime.Serialization.ni.dll
MOD - [2012/01/12 07:03:12 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5107d5be0963a2026d7c8be0796a5b1b\System.ServiceModel.ni.dll
MOD - [2012/01/12 07:03:12 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9123843fd33a30164ceb951c98b7ca2a\SMDiagnostics.ni.dll
MOD - [2012/01/12 06:58:11 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b8ee7bf7d7ac34623238f731b05395a2\System.Web.ni.dll
MOD - [2012/01/12 06:57:59 | 002,147,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\682def34946eb0f2483b315db9ec9123\ReachFramework.ni.dll
MOD - [2012/01/12 06:57:44 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2012/01/12 06:57:38 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2012/01/12 06:57:36 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2012/01/12 06:57:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2012/01/12 06:57:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2012/01/12 06:57:20 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2012/01/12 06:57:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2012/01/12 06:57:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/08/07 17:30:02 | 000,084,432 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\c9029f9d23637670.sys -- (c9029f9d23637670)
SRV:64bit: - [2012/03/04 13:33:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/15 12:30:34 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/01/18 16:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2010/01/14 00:38:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/01/06 02:14:28 | 002,184,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/12/29 15:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/16 15:51:46 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/13 17:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 21:57:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE -- (UNS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/08 17:48:24 | 000,338,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010/01/15 19:17:18 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/14 00:38:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe -- (STacSV)
SRV - [2010/01/06 01:53:54 | 001,791,280 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/04 11:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/15 18:10:32 | 000,022,072 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/07 22:51:05 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/07 17:30:02 | 000,084,432 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\c9029f9d23637670.sys -- (c9029f9d23637670)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/04 13:55:48 | 008,507,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/03/04 13:33:42 | 000,125,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2012/03/04 13:33:20 | 007,767,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/04 13:33:20 | 000,279,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/04 13:31:40 | 001,390,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/11/28 19:28:28 | 000,055,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/29 21:30:10 | 000,020,056 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/01/14 00:38:52 | 000,505,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/13 17:37:18 | 007,675,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/01/11 15:31:04 | 000,232,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/07 11:22:44 | 000,021,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 11:22:40 | 000,035,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 11:22:36 | 000,132,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 11:22:34 | 000,098,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/27 18:45:00 | 000,295,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:31:10 | 000,109,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {C3C75804-6BE3-49FC-AC87-4B8275B1B8EE}
IE - HKLM\..\SearchScopes\{1A3E271E-D959-4678-9BF4-C00245C39A76}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
IE - HKLM\..\SearchScopes\{C3C75804-6BE3-49FC-AC87-4B8275B1B8EE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={6FA327A7-8272-47C6-9E86-2663DB782372}&mid=81eca5d0caad47d0a311a1bad3c91cea-3e1a5f554b282559f26ed7df46d8a8f3a9193a04&lang=en&ds=pp016&pr=sa&d=2012-07-23 00:16:47&v=12.1.0.20&sap=hp
IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\SearchScopes\{1A3E271E-D959-4678-9BF4-C00245C39A76}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={2C93F9AF-F356-4D67-8C0E-8BC3E29A71E4}&mid=81eca5d0caad47d0a311a1bad3c91cea-3e1a5f554b282559f26ed7df46d8a8f3a9193a04&lang=en&ds=AVG&pr=pr&d=2012-08-07 22:51:06&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\SearchScopes\{C3C75804-6BE3-49FC-AC87-4B8275B1B8EE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/01/10 11:31:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/01/10 11:31:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Annis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Annis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/11 01:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/01/11 02:29:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/12 14:47:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012/03/04 13:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/02 03:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 18:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/02 03:49:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{039B5EBF-CF18-11E1-8270-B8AC6F996F26}: C:\Users\Annis\AppData\Local\{039B5EBF-CF18-11E1-8270-B8AC6F996F26}\ [2012/07/16 00:29:50 | 000,000,000 | ---D | M]

[2012/01/16 15:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annis\AppData\Roaming\Mozilla\Extensions
[2012/08/01 18:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annis\AppData\Roaming\Mozilla\Firefox\Profiles\ie75hg71.default\extensions
[2012/01/14 07:17:34 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\Annis\AppData\Roaming\Mozilla\Firefox\Profiles\ie75hg71.default\extensions\DefaultManager@Microsoft
[2012/02/15 22:05:56 | 000,000,000 | ---D | M] (TopLine) -- C:\Users\Annis\AppData\Roaming\Mozilla\Firefox\Profiles\ie75hg71.default\extensions\jid0-uIWxKlEIWnV1103pH2C8N6RsUe0@jetpack
[2012/08/01 18:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/12 00:04:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/02 03:49:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/07/16 00:29:50 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ANNIS\APPDATA\LOCAL\{039B5EBF-CF18-11E1-8270-B8AC6F996F26}
[2012/06/27 14:25:59 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\ANNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IE75HG71.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/27 16:10:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/02 03:48:47 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/08/07 22:51:03 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://isearch.avg.com/?cid={6FA327A7-8272-47C6-9E86-2663DB782372}&mid=81eca5d0caad47d0a311a1bad3c91cea-3e1a5f554b282559f26ed7df46d8a8f3a9193a04&lang=en&ds=pp016&pr=sa&d=2012-07-23 00:16:47&v=12.1.0.20&sap=hp
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={2C93F9AF-F356-4D67-8C0E-8BC3E29A71E4}&mid=81eca5d0caad47d0a311a1bad3c91cea-3e1a5f554b282559f26ed7df46d8a8f3a9193a04&lang=en&ds=AVG&pr=pr&d=2012-08-07 22:51:06&v=12.1.0.21&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: https://isearch.avg.com/?cid={6FA327A7-8272-47C6-9E86-2663DB782372}&mid=81eca5d0caad47d0a311a1bad3c91cea-3e1a5f554b282559f26ed7df46d8a8f3a9193a04&lang=en&ds=pp016&pr=sa&d=2012-07-23 00:16:47&v=12.1.0.20&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Annis\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Annis\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Annis\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Annis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Annis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: TopLine = C:\Users\Annis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobeilankbhodcmefiblahboibnpkkcg\3.8_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Annis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Annis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: ChromeReload = C:\Users\Annis\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Annis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/08/14 19:00:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll ()
O3 - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\Toolbar\WebBrowser: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files (x86)\YRefresher\YRefresher.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF83E8D1-59F3-4E48-BBB5-C010982B0526}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/01 13:27:52 | 000,643,696 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2012/08/01 13:27:52 | 000,561,264 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/08/15 14:08:54 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Annis\Desktop\OTL.exe
[2012/08/14 18:45:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/14 18:45:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/14 18:45:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/14 18:45:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/14 18:45:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/13 17:23:40 | 004,731,615 | R--- | C] (Swearware) -- C:\Users\Annis\Desktop\ComboFix.exe
[2012/08/10 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\Annis\AppData\Roaming\Adobe Mini Bridge CS5
[2012/08/10 18:40:14 | 000,000,000 | ---D | C] -- C:\Users\Annis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/10 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\Annis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/08/10 14:54:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Annis\Desktop\dds.com
[2012/08/08 21:22:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Annis\Desktop\aswMBR.exe
[2012/08/07 22:44:01 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/07 22:43:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/07 22:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/07 22:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/08/07 22:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/07 22:35:43 | 000,643,696 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2012/08/07 22:35:43 | 000,561,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe
[2012/08/07 22:28:19 | 002,691,192 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Annis\Desktop\procexp.exe
[2012/08/07 22:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2012/08/07 19:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2012/08/07 19:30:16 | 003,786,904 | ---- | C] (BlueStack Systems, Inc.) -- C:\Users\Annis\Desktop\BlueStacks-ThinInstaller.exe
[2012/08/06 16:11:27 | 000,000,000 | ---D | C] -- C:\Users\Annis\Desktop\152CANON
[2012/08/06 14:39:55 | 000,000,000 | ---D | C] -- C:\Users\Annis\Desktop\151CANON
[2012/08/03 04:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/08/03 04:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/08/03 04:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012/08/02 20:28:13 | 000,000,000 | ---D | C] -- C:\Users\Annis\Desktop\MP3 Songs
[2012/08/02 03:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/08/01 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/01 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/01 18:59:53 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\Annis\Desktop\ccsetup321.exe
[2012/08/01 18:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/01 18:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/29 18:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lunascape6
[2012/07/23 00:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012/07/23 00:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012/07/23 00:15:40 | 000,000,000 | ---D | C] -- C:\Users\Annis\Documents\xwidget
[2012/07/22 22:12:02 | 000,000,000 | ---D | C] -- C:\Users\Annis\Desktop\Desktop Pictures & Videos
[2012/07/22 20:52:15 | 000,000,000 | ---D | C] -- C:\Users\Annis\Desktop\Wallpapers
[90 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[5 C:\Users\Annis\Desktop\*.tmp files -> C:\Users\Annis\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 14:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-883064037-2048478377-2091528665-1001UA.job
[2012/08/15 14:08:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Annis\Desktop\OTL.exe
[2012/08/15 04:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-883064037-2048478377-2091528665-1001Core.job
[2012/08/14 19:00:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/14 18:56:00 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/08/14 18:44:55 | 004,731,615 | R--- | M] (Swearware) -- C:\Users\Annis\Desktop\ComboFix.exe
[2012/08/14 18:40:04 | 001,489,841 | ---- | M] () -- C:\Users\Annis\Desktop\Just To Dream 3.psd
[2012/08/14 15:17:33 | 000,002,449 | ---- | M] () -- C:\Users\Annis\Desktop\Google Chrome.lnk
[2012/08/14 07:57:58 | 000,093,025 | ---- | M] () -- C:\Users\Annis\Desktop\Just To Dream 2.jpg
[2012/08/14 07:57:46 | 000,990,842 | ---- | M] () -- C:\Users\Annis\Desktop\Just To Dream 2.psd
[2012/08/14 07:24:56 | 000,099,692 | ---- | M] () -- C:\Users\Annis\Desktop\Just To Dream.jpg
[2012/08/14 07:24:34 | 000,683,562 | ---- | M] () -- C:\Users\Annis\Desktop\Just To Dream.psd
[2012/08/13 19:01:02 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 19:01:02 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 18:56:02 | 000,000,200 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/08/13 18:55:35 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012/08/13 18:55:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAnnis.job
[2012/08/13 18:55:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 18:54:59 | 4242,952,190 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 16:14:49 | 000,050,477 | ---- | M] () -- C:\Users\Annis\Desktop\Defogger.exe
[2012/08/12 13:07:33 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/12 13:07:33 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/12 13:07:33 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/12 02:24:03 | 000,001,879 | ---- | M] () -- C:\Users\Annis\Desktop\Start BlueStacks.lnk
[2012/08/12 01:43:07 | 003,786,904 | ---- | M] (BlueStack Systems, Inc.) -- C:\Users\Annis\Desktop\BlueStacks-ThinInstaller.exe
[2012/08/11 23:19:41 | 005,013,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/11 23:19:11 | 640,357,185 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/11 03:45:01 | 000,862,602 | ---- | M] () -- C:\Users\Annis\Desktop\Untitled-2.psd
[2012/08/11 03:44:54 | 000,091,344 | ---- | M] () -- C:\Users\Annis\Desktop\Untitled-3.psd
[2012/08/11 03:44:39 | 000,055,741 | ---- | M] () -- C:\Users\Annis\Desktop\Untitled-4.psd
[2012/08/11 03:44:34 | 000,160,090 | ---- | M] () -- C:\Users\Annis\Desktop\Untitled-5.psd
[2012/08/10 17:38:28 | 005,838,252 | ---- | M] () -- C:\Users\Annis\Desktop\InstallJumi6.21.exe
[2012/08/10 14:54:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Annis\Desktop\dds.com
[2012/08/09 19:48:15 | 000,248,055 | ---- | M] () -- C:\Users\Annis\Desktop\4.jpg
[2012/08/09 19:44:51 | 002,832,634 | ---- | M] () -- C:\Users\Annis\Desktop\3.jpg
[2012/08/09 19:30:07 | 000,507,877 | ---- | M] () -- C:\Users\Annis\Desktop\2.jpg
[2012/08/09 19:28:41 | 000,141,238 | ---- | M] () -- C:\Users\Annis\Desktop\ClickHandler.ashx.jpg
[2012/08/08 21:22:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Annis\Desktop\aswMBR.exe
[2012/08/07 22:51:05 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/07 22:50:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/07 22:50:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/07 22:50:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/07 22:44:16 | 000,027,520 | ---- | M] () -- C:\Users\Annis\AppData\Local\dt.dat
[2012/08/07 17:30:02 | 000,084,432 | ---- | M] () -- C:\Windows\SysNative\drivers\c9029f9d23637670.sys
[2012/08/06 00:22:34 | 000,090,551 | ---- | M] () -- C:\Users\Annis\Desktop\cart 3.png
[2012/08/06 00:20:50 | 000,091,439 | ---- | M] () -- C:\Users\Annis\Desktop\cart 2.png
[2012/08/06 00:20:07 | 000,105,384 | ---- | M] () -- C:\Users\Annis\Desktop\cart.png
[2012/08/03 04:46:41 | 000,001,153 | ---- | M] () -- C:\Users\Annis\Desktop\Security Task Manager.lnk
[2012/08/03 00:11:42 | 002,818,353 | ---- | M] () -- C:\Users\Annis\Desktop\The Ting Tings - Hit Me Down Sonny (Audio) - YouTube.mp3
[2012/08/02 03:49:22 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/08/02 03:48:44 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/08/01 22:57:15 | 076,604,230 | ---- | M] () -- C:\Users\Annis\Desktop\Ryan's 21st Birthday Video.m4v
[2012/08/01 19:04:01 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/01 19:00:16 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\Annis\Desktop\ccsetup321.exe
[2012/08/01 18:57:12 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/01 13:27:52 | 000,643,696 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2012/08/01 13:27:52 | 000,561,264 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe
[2012/07/29 18:46:02 | 000,007,599 | ---- | M] () -- C:\Users\Annis\AppData\Local\Resmon.ResmonCfg
[2012/07/23 00:06:54 | 010,616,551 | ---- | M] () -- C:\Users\Annis\Desktop\TwinkleWish.themepack
[2012/07/23 00:06:23 | 006,448,753 | ---- | M] () -- C:\Users\Annis\Desktop\Daydream.themepack
[2012/07/23 00:06:11 | 012,632,044 | ---- | M] () -- C:\Users\Annis\Desktop\Calligraphy.themepack
[2012/07/23 00:05:45 | 007,490,544 | ---- | M] () -- C:\Users\Annis\Desktop\MSH_LEAS.themepack
[2012/07/22 23:50:04 | 000,142,686 | ---- | M] () -- C:\Users\Annis\Desktop\1277288245-13YCMEV.jpg
[90 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[5 C:\Users\Annis\Desktop\*.tmp files -> C:\Users\Annis\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 18:45:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/14 18:45:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/14 18:45:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/14 18:45:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/14 18:45:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/14 08:25:36 | 001,489,841 | ---- | C] () -- C:\Users\Annis\Desktop\Just To Dream 3.psd
[2012/08/14 07:57:55 | 000,093,025 | ---- | C] () -- C:\Users\Annis\Desktop\Just To Dream 2.jpg
[2012/08/14 07:57:44 | 000,990,842 | ---- | C] () -- C:\Users\Annis\Desktop\Just To Dream 2.psd
[2012/08/14 07:24:46 | 000,099,692 | ---- | C] () -- C:\Users\Annis\Desktop\Just To Dream.jpg
[2012/08/14 07:24:32 | 000,683,562 | ---- | C] () -- C:\Users\Annis\Desktop\Just To Dream.psd
[2012/08/13 16:14:48 | 000,050,477 | ---- | C] () -- C:\Users\Annis\Desktop\Defogger.exe
[2012/08/11 23:20:12 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012/08/11 03:44:58 | 000,862,602 | ---- | C] () -- C:\Users\Annis\Desktop\Untitled-2.psd
[2012/08/11 03:44:54 | 000,091,344 | ---- | C] () -- C:\Users\Annis\Desktop\Untitled-3.psd
[2012/08/11 03:44:39 | 000,055,741 | ---- | C] () -- C:\Users\Annis\Desktop\Untitled-4.psd
[2012/08/11 03:44:34 | 000,160,090 | ---- | C] () -- C:\Users\Annis\Desktop\Untitled-5.psd
[2012/08/10 17:37:37 | 005,838,252 | ---- | C] () -- C:\Users\Annis\Desktop\InstallJumi6.21.exe
[2012/08/09 19:48:14 | 000,248,055 | ---- | C] () -- C:\Users\Annis\Desktop\4.jpg
[2012/08/09 19:44:50 | 002,832,634 | ---- | C] () -- C:\Users\Annis\Desktop\3.jpg
[2012/08/09 19:30:07 | 000,507,877 | ---- | C] () -- C:\Users\Annis\Desktop\2.jpg
[2012/08/09 19:28:40 | 000,141,238 | ---- | C] () -- C:\Users\Annis\Desktop\ClickHandler.ashx.jpg
[2012/08/07 22:50:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/07 22:50:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/07 22:50:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/07 22:44:16 | 000,027,520 | ---- | C] () -- C:\Users\Annis\AppData\Local\dt.dat
[2012/08/07 22:35:43 | 000,049,648 | ---- | C] () -- C:\Users\Annis\Desktop\autoruns.chm
[2012/08/07 22:28:19 | 000,072,268 | ---- | C] () -- C:\Users\Annis\Desktop\procexp.chm
[2012/08/07 19:35:17 | 000,001,879 | ---- | C] () -- C:\Users\Annis\Desktop\Start BlueStacks.lnk
[2012/08/07 17:30:02 | 000,084,432 | ---- | C] () -- C:\Windows\SysNative\drivers\c9029f9d23637670.sys
[2012/08/06 00:22:33 | 000,090,551 | ---- | C] () -- C:\Users\Annis\Desktop\cart 3.png
[2012/08/06 00:20:49 | 000,091,439 | ---- | C] () -- C:\Users\Annis\Desktop\cart 2.png
[2012/08/06 00:20:07 | 000,105,384 | ---- | C] () -- C:\Users\Annis\Desktop\cart.png
[2012/08/03 04:46:41 | 000,001,153 | ---- | C] () -- C:\Users\Annis\Desktop\Security Task Manager.lnk
[2012/08/03 04:34:50 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/03 04:34:50 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\Westward 3.lnk
[2012/08/03 04:34:50 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2012/08/03 04:34:50 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/08/03 04:34:50 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/08/03 04:34:49 | 000,002,268 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2012/08/03 04:34:49 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/08/03 04:34:49 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/08/03 04:34:49 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\Play Life Quest.lnk
[2012/08/03 04:34:49 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2012/08/03 04:34:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/03 04:34:49 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/08/03 04:34:49 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/08/03 04:34:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/08/03 04:34:49 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/08/03 04:34:49 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/08/03 04:34:49 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/08/03 04:34:49 | 000,001,273 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GomezPEER.lnk
[2012/08/03 04:34:49 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\Evaluation Version of Real Lives.lnk
[2012/08/03 04:34:49 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/08/03 04:34:49 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012/08/03 04:34:49 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/08/03 04:34:49 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/08/03 04:34:49 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\Lunascape6.lnk
[2012/08/03 04:34:49 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/08/03 04:34:49 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/08/03 04:34:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 04:34:49 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/08/03 04:34:49 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\Date Warp Demo.lnk
[2012/08/03 04:34:49 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\BumpTop.lnk
[2012/08/03 04:34:49 | 000,000,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/08/03 04:34:49 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/03 04:34:49 | 000,000,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/08/03 04:34:48 | 000,002,300 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
[2012/08/03 04:34:48 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Barnes & Noble Desktop eReader.lnk
[2012/08/03 04:34:48 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP TouchSmart Internet TV.lnk
[2012/08/03 04:34:48 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP SimplePass Identity Protection.lnk
[2012/08/03 04:34:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/08/03 04:34:47 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/08/03 04:34:47 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/08/03 04:34:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/03 04:34:47 | 000,002,274 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/08/03 04:34:47 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012/08/03 04:34:47 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/08/03 04:34:46 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012/08/03 00:11:32 | 002,818,353 | ---- | C] () -- C:\Users\Annis\Desktop\The Ting Tings - Hit Me Down Sonny (Audio) - YouTube.mp3
[2012/08/01 23:24:51 | 640,357,185 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/01 22:51:06 | 076,604,230 | ---- | C] () -- C:\Users\Annis\Desktop\Ryan's 21st Birthday Video.m4v
[2012/08/01 18:57:12 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/01 18:57:12 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/29 18:46:02 | 000,007,599 | ---- | C] () -- C:\Users\Annis\AppData\Local\Resmon.ResmonCfg
[2012/07/23 00:06:46 | 010,616,551 | ---- | C] () -- C:\Users\Annis\Desktop\TwinkleWish.themepack
[2012/07/23 00:06:16 | 006,448,753 | ---- | C] () -- C:\Users\Annis\Desktop\Daydream.themepack
[2012/07/23 00:06:01 | 012,632,044 | ---- | C] () -- C:\Users\Annis\Desktop\Calligraphy.themepack
[2012/07/23 00:05:39 | 007,490,544 | ---- | C] () -- C:\Users\Annis\Desktop\MSH_LEAS.themepack
[2012/07/22 23:50:07 | 000,142,686 | ---- | C] () -- C:\Users\Annis\Desktop\1277288245-13YCMEV.jpg
[2012/07/22 12:18:28 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForAnnis.job
[2012/07/16 00:40:30 | 000,016,896 | ---- | C] () -- C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\U\80000000.@
[2012/07/16 00:40:30 | 000,001,712 | ---- | C] () -- C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\U\00000001.@
[2012/03/04 13:34:27 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/01/11 16:52:00 | 000,002,048 | -HS- | C] () -- C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\@
[2012/01/11 01:23:32 | 000,647,168 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2012/01/11 01:23:32 | 000,000,183 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/01/10 11:38:36 | 000,028,672 | ---- | C] () -- C:\Windows\SNVerifyDLL.dll
[2012/01/10 11:20:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/10 11:13:19 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/01/10 11:12:18 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2012/01/10 11:12:18 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2012/03/12 20:15:33 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\Big Fish Games
[2012/08/10 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/10 12:51:37 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\DigitalPersona
[2012/04/18 22:18:02 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\Gomez
[2012/01/11 20:41:35 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\Lunascape
[2012/01/11 18:28:11 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\Maxthon3
[2012/02/18 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\ooVoo Details
[2012/01/11 20:38:22 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\Opera
[2012/02/25 12:57:22 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\RenPy
[2012/08/10 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/08/01 19:11:32 | 000,000,000 | ---D | M] -- C:\Users\Annis\AppData\Roaming\uTorrent
[2012/03/23 00:56:07 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DigitalPersona
[2012/03/23 00:59:13 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Opera
[2012/08/13 18:56:02 | 000,000,200 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/08/14 18:56:00 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2012/05/24 11:44:48 | 000,023,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/08/01 13:27:52 | 000,643,696 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe
[2012/08/01 13:27:52 | 000,561,264 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe

< MD5 for: EXPLORER.EXE >
[2010/03/03 20:20:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2012/01/10 11:01:19 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/03/03 20:20:44 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/03/03 20:19:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2012/01/10 11:01:19 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/03 20:19:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2012/01/10 11:01:19 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/03 20:19:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2012/01/10 11:01:19 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/03 20:20:44 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/03 20:19:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/03 20:20:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/01/10 11:01:19 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2012/01/10 11:01:19 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2012/01/10 11:01:19 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2012/01/10 11:01:19 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200BEKT-60V5T1
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 274.00GB
Starting Offset: 209715200
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 23.00GB
Starting Offset: 294840696832
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 319963529216
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9D6EAEC3

< End of report >






Extras.txt

OTL Extras logfile created on: 8/15/2012 2:44:34 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Annis\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.94 Gb Total Physical Memory | 12.85 Gb Available Physical Memory | 80.67% Memory free
31.87 Gb Paging File | 28.98 Gb Available in Paging File | 90.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274.40 Gb Total Space | 109.48 Gb Free Space | 39.90% Space Free | Partition Type: NTFS
Drive D: | 23.40 Gb Total Space | 3.42 Gb Free Space | 14.61% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 90.55 Mb Free Space | 91.16% Space Free | Partition Type: FAT32

Computer Name: ANNIS-PC | User Name: Annis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-883064037-2048478377-2091528665-1001\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0724D9CE-EC07-44A4-A6C0-0B6EFE0FDF79}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B1395F6-B265-4D0C-A9C7-5D267E98AEF4}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C1F44DD-84A2-49C2-8E1B-9C992A8BDB41}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{1FBA97F2-42A6-433E-A4AC-8B6D8BFD847E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{240B85F5-660A-4A82-9DE1-3DDC4A357410}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25EB4FC4-456C-4BD8-8CBD-E9B720181600}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{281B1AAA-4E82-4304-8CBD-03BA364E9A03}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2952F99E-EA59-42B8-A134-74D9CF24F727}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C122E02-6F37-46FF-9CD1-29C4EF888677}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D9510A6-3FFC-4332-BF31-C55E8743291E}" = lport=137 | protocol=17 | dir=in | app=system |
"{3FAC5D79-FEEF-4D30-BFBB-0DF10D108615}" = rport=137 | protocol=17 | dir=out | app=system |
"{4774B026-86FE-4EBB-B693-40012D41D722}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{573242EA-5934-4D15-8A8C-46211F183449}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5BB048DC-F0D9-45D5-B8CD-F320C1BEEEAC}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{6510E526-1FAB-4B84-92B8-19CB89BB4743}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7AB2E92D-0B6B-4156-A74F-70D5BD5CB203}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81945F5F-3728-4D03-BEA8-5B96FDC70BFA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8813D8E9-9382-4DA8-8A89-B9A1F18B041C}" = rport=445 | protocol=6 | dir=out | app=system |
"{91338AB2-6066-4287-966F-9F8938021683}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{913BFE6F-D3FC-43ED-9047-197860680FD3}" = lport=445 | protocol=6 | dir=in | app=system |
"{9F16B25D-3BA0-4BE4-827D-D7CF94539B40}" = rport=139 | protocol=6 | dir=out | app=system |
"{A391143A-CA9B-4075-8BE7-1888BD461A12}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{A399E118-92AE-47AF-A09D-0781726B41DF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A904B915-2325-43E6-B9A0-35D59D4282F7}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{B42EE0FF-F9B0-4D0D-AFD0-F6BAA74F982C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C8A46FFD-46D5-40F3-A106-399E0B511E6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D0D1C82F-43AF-4CA6-B350-4C2609EE5968}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D76A46EF-F233-42FC-BC94-76819F301C9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECEE9325-F336-42AC-B267-A4C9496228A0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EFCF0CC0-4506-4F6B-9575-443AB117F0CB}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{F5306A9F-2A85-4CFE-BEC8-B649C4DCBE0A}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BD227E-F5CE-4F06-87E5-DB09A02E502E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartmusic.exe |
"{0342E564-A76C-41D4-8E2C-36A4E5336588}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E0A424D-DBF8-4FA3-81F0-DE11156AAD5A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12D61EC5-3C80-4B39-B802-468EC3D1E408}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{16C2A840-2BC6-4B95-AB78-B7D28A7C9183}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
"{1A563B0D-1C93-448D-8772-03A1D6F819D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B55ED76-AF98-492E-8A49-133177151115}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1BFD97DF-2285-4DAE-A359-0D0004B8CBA8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\hpitv.exe |
"{204B5459-621F-4AB4-BCC9-4F0E7A8CA9F9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\kernel\clml\clmlsvc.exe |
"{21F67542-F7F4-4B48-888C-B061824A9F6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2552B0A2-2011-4AF0-B028-044D9FF51883}" = protocol=6 | dir=out | app=system |
"{25ED8F9D-1EE3-4EA7-A6FF-FC0ED0ADC5BB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{26D38497-1B35-4ACC-9527-2B29A726C0A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{28D986B7-55AA-48C5-AE4C-D887506109C4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{2B05EFC9-8639-4E0B-AB5D-17CAC9BD9610}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BC2C58A-29B1-40E7-AE85-D0D0AC47FA24}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2E839B04-6E7E-4255-A11D-6394F088C866}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartphoto.exe |
"{39B8C25A-C22C-4705-9D07-9BEF73D21FD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A14119B-0615-4A63-B15D-A1F860DCABFE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3E639962-F728-46ED-8F9F-B283AFE554D7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F81D267-C7F8-42F0-8D05-7F4F09AFFBE1}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"{410C8818-CDF3-4D92-97C8-CC67C8AA0453}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{492772DF-54F8-402E-80E7-7F159C0E2ED2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4BC15504-93FD-4350-8E50-A0F44D5AA013}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D8EBD4B-3516-4333-9107-6443660FC735}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe |
"{4EC2F578-2F76-415B-B21F-C9F4FE43F34F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{54CDE53F-03DF-409D-A9C0-1A64CCF53BCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56421F3F-C79D-411B-89FD-E544F6E6D6E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{5B1C130D-F5C0-4D38-95BA-A7BE5819603E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C675540-7B01-496A-9276-6A24375E43CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5ECA7CE6-2378-4656-81B3-D1352E46D28E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{601CFD20-F41A-4605-8DAE-9AE9FC4D1E92}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartvideo.exe |
"{611A13CB-6EF7-4AB9-A6BE-B6B1B2AC234F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D208136-AA71-4516-A144-9C591AADA56D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8110FB99-383B-4DB5-8D39-AD578A828A6E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{89A39998-EFBB-4B41-9B4E-681987AF1A55}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8B1BFEE1-F8D0-4EFD-8C2F-8747A69FD3B2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qp.exe |
"{8D46D383-4D23-446D-BFDB-46FDEF1B2026}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\tsmagent.exe |
"{8DB94804-6D8B-4600-8E66-E3E3AFB31BF8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8FC770E1-3D7D-460A-967A-16329A7658EC}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\cinemanow\cinemanow.exe |
"{94C077CD-4795-43EA-9E62-58AAA0F53A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
"{A1CD654C-7A9E-400C-B21A-ADCBD562CA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{A2524335-7BD1-4F04-AA8D-9A749C832B7C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{A60D0602-2639-4B9B-A90D-DD862E2A5F16}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\photoagent.exe |
"{A7ED1427-D3C2-4CDB-92BA-D00312F8F2DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{ABC01853-34C0-40CD-9D59-B7758B03F5AD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{AC114576-8D71-46EA-82A8-4A069AF94363}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF0A125C-D01C-49DA-8660-5AF9C0171D1A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{B5C79CD5-B508-4090-80BE-8F464E29CF66}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{B7497A70-E356-4080-8342-C3B7CD73F448}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BA404BA4-7FE4-43DA-B1C1-F5DA150E0D3B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BBD67AA5-E173-4260-81A5-C9D19C8F1F3F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BE38BBB3-7DEA-4B83-A177-35EE671AD9EB}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe |
"{C313B151-B21A-441F-97F9-ED3DDFEDFFA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1FDD2D8-9751-4060-A685-B673FB51CE2D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\cinemanow\cinemanow.exe |
"{DF9323A3-5BC4-4384-B71D-FF57E53E22E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E14D82DD-423F-4133-8D31-C15CF162D739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1E49DBF-0FC1-45A2-AC63-995719E97B00}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E36C793D-7850-4A6E-8774-F0EBA42D6173}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E4AE47BF-B1F8-4511-A411-CE7752C6ECB9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EB271743-A1A2-4E5D-8AB1-E252EF3F1314}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{EC5063DC-CE87-4754-B954-5E4E31FDED26}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{EF883D16-40C9-4D88-85CF-02157E9E1A88}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F2BD9EDC-14FE-44E7-AEAB-3022D88CC951}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{F3B30D74-BA63-4C80-B467-BDD630382460}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{F586DACD-B9E2-4119-9980-5F49737FE137}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qpservice.exe |
"{FEA6A6AB-376F-4458-830B-3DCF5F07A336}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe |
"TCP Query User{18DD3BC3-857D-4C74-8F67-89EC486D320D}C:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"TCP Query User{61FA54DC-8A88-4911-AC52-28964D2E90AC}C:\users\annis\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\annis\appdata\local\akamai\netsession_win.exe |
"TCP Query User{BDD1FDE6-33D0-4D06-A68D-8E57531C5C0F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{C0B7E81B-161A-4F7B-8255-BCFBF93D0AE3}C:\users\annis\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\annis\desktop\utorrent.exe |
"TCP Query User{C2ED8A4B-088F-491A-AEC1-1F8E3C15A8C4}C:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"TCP Query User{C748E8BE-2339-49A1-9715-4963DA8FE3BD}C:\users\annis\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\annis\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D61441B6-932E-4B81-BD1E-5C7ED72DA41C}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{ECFF51D9-6EC2-48C1-9163-B9BC3C07082A}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{78B57E75-3265-4FD1-8E73-798F25AA4FCA}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{89D156C9-259A-40BB-99D5-53D29AACF0D5}C:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"UDP Query User{8D145387-5B81-4F93-9AA5-14EC41BC68F6}C:\users\annis\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\annis\appdata\local\akamai\netsession_win.exe |
"UDP Query User{9DCFC592-E74E-4F80-9C82-66E633D961B5}C:\users\annis\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\annis\desktop\utorrent.exe |
"UDP Query User{AF243A95-EFD4-4E28-86C3-486E497F9825}C:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"UDP Query User{D2240737-EFAE-4508-8A82-CB26D7A2D27D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{DCA3914E-FCC8-4FB5-8110-F5CDFCD7F290}C:\users\annis\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\annis\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DE0611F4-A9D6-4C1D-8E60-2AFED0757EA8}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0279C882-B150-44B6-A769-A7C8A2F31CE3}" = HP Wireless Assistant
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}" = HP SimplePass Identity Protection
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{8AFF4862-67E5-E142-2E62-3CAAF2535F38}" = ccc-utility64
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE5017A6-7525-4EE9-99DA-2EF1F6C16B1B}" = Validity Sensors DDK
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB07515A-48AC-9996-16EE-3A3DC8CF8D8E}" = ATI Catalyst Install Manager
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{6807F13C-A925-4DD8-80C0-24D93A6FFE83}" = HP TouchSmart Paint it! by Corel
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{053BC793-EB2F-48B6-AB61-6B76CCCCB041}" = HP TouchSmart Clock
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08C94F9D-EB51-D748-E299-E347A2C14A81}" = PX Profile Update
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09767B62-590A-1020-8CB0-B6A9E7657812}" = Catalyst Control Center Localization All
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11070051-3806-4F34-8F1D-A7874ADC296C}" = HP TouchSmart Paint it! by Corel - Core
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{12A98725-C278-32D9-11CA-ADCFF8D58FEB}" = PX Profile Update
"{15436D38-68EF-4D20-A794-755F54E7E955}" = HP Software Framework
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1691E33B-7C15-4379-A1D7-1D7AE350B366}_is1" = Date Warp Demo 1.01
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19DEAB79-F09C-29D6-35A5-4687B4764684}" = CCC Help Swedish
"{1AFC20E3-35B0-4916-9809-F6C46A92A695}" = HP TouchSmart Weather
"{1E6E990A-728D-4700-9B0A-2CA541C93A12}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B88A14-02F9-48D4-ACEC-6D8F5F3E8A83}" = HP User Guides 0176
"{21A15356-D9F7-43AC-9545-0B520F001B73}" = DigiFish Dolphin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2752631F-ABA9-4B43-A7E2-35C03512AAE3}" = HP TouchSmart Canvas
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AE9A32B-68FE-4824-942C-9A7C322C65AB}" = HP TouchSmart Notes
"{2EAD4824-D6C6-A16C-ED41-4C2020FDD696}" = CCC Help Dutch
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
"{3038CD20-F17C-506D-9BF2-0F3EB97A2700}" = CCC Help Polish
"{3390B9D7-2849-9F58-C665-0D5F993048AF}" = Catalyst Control Center Graphics Previews Common
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{394FA67A-FF0A-4356-BB77-D85E5A300BDE}" = HP QuickWeb Installer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C19AEEC-7779-4FA5-A1DA-AEB93E674294}" = Corel Paint it! touch - IPM
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE91D75-5721-4662-AE9E-AEF5C6BF41D4}" = ccc-core-static
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44625CE9-056A-E1D0-7BC9-A92BAFD25DA6}" = Catalyst Control Center Graphics Previews Vista
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAB69C5-7763-4BB8-9D06-733292AA6E0C}" = Bing Bar
"{50B6B3A8-445B-5B2D-6553-BA78EE4D1F04}" = CCC Help Finnish
"{585FF0CC-212B-0314-E666-F397049EEE71}" = CCC Help Greek
"{5932A032-0BD3-4EEA-9FC3-5E4C98B770C5}" = HP TouchSmart Paint it! by Corel - Langauge
"{5CBE8F58-049D-49FE-B4E3-A23CF3194771}" = HP TouchSmart Paint it! by Corel - Langauge
"{5F10FEF8-0538-4BB7-9020-E553C85427E9}" = HP TouchSmart
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6807F13C-A925-4DD8-80C0-24D93A6FFE83}" = HP TouchSmart Paint it! by Corel - ICA
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6C3A9359-C3AA-4665-B15B-5E5C3210819F}" = HP TouchSmart Calendar
"{6FDD0469-1CF8-D99F-0519-F1A3A43D77E2}" = CCC Help Russian
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{717AF628-0084-90E1-79A0-7F659B788C31}" = CCC Help English
"{7381CCA5-EC17-F984-6419-B4394B6E8E74}" = CCC Help Spanish
"{766486B3-441B-4376-A5F8-0AE2E4BDFB3C}" = HP TouchSmart Paint it! by Corel - Langauge
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77B559D7-CBF8-43FE-90BB-BDB6A30E9B61}" = HP TouchSmart Paint it! by Corel - Langauge
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82345F61-BFF9-5C3C-CFB9-7C1EEE767B3B}" = CCC Help Czech
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP TouchSmart Tutorials
"{864BC409-6229-452C-B1FD-FA960D13F824}" = HP TouchSmart Paint it! by Corel - Langauge
"{86ADFDB7-802C-56E9-EC2A-23E4C1C141C7}" = CCC Help German
"{86F6AA6D-B7AD-6D03-420A-AFDE56C75408}" = CCC Help Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ABB6A99-E2D5-47E4-905A-2FD4657D235E}" = HP TouchSmart RSS
"{8CEC6313-9514-9FCC-7CD3-6478A35CBD85}" = CCC Help Turkish
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{9026C330-4966-A9F8-4D87-E95C1B63EBB0}" = CCC Help Portuguese
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9597A6B3-1285-E727-5ED4-255D98732263}" = CCC Help Korean
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{989AE288-134B-BC58-2B64-9290AB3C1F48}" = CCC Help Japanese
"{992DC59A-84D7-530A-BE52-81C568C9D5A3}" = CCC Help French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D9B305D-9116-EC3B-D1CC-5A2D4CFEE8B5}" = CCC Help Hungarian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A47E0F21-7A96-8D55-A900-208C3DE1B640}" = CCC Help Norwegian
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAE1C743-0AD9-3E9C-4FC1-10E130034EAA}" = CCC Help Italian
"{ABFD25DE-AA93-43AB-BF49-E21EFF8D5812}" = HP TouchSmart Twitter
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B770307B-2E7E-4BAD-BF75-1511A76AD277}" = HP TouchSmart Paint it! by Corel - Content
"{BFA6DE67-F8EF-427B-B962-D03ADAF56734}" = HP TouchSmart Paint it! by Corel - Langauge
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC7553CB-AB4E-5BCA-DC44-54D823B83E60}" = Catalyst Control Center InstallProxy
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D277C3F7-8F5C-D6A5-6ACB-1BC8F48FACD9}" = Catalyst Control Center InstallProxy
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA668184-F0D3-1801-9BFD-938FDB721AF0}" = CCC Help Thai
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFD6EBE3-F0DA-4E24-9202-37AF8D20888B}" = HP TouchSmart Browser
"{E1FD99EF-7312-426E-A9BD-92ECD2093B4A}" = HP TouchSmart Paint it! by Corel - Langauge
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP TouchSmart Internet TV
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F33B9785-B646-4564-849B-BEE3A1700694}" = HP TouchSmart Paint it! by Corel - Langauge
"{F388F272-CC4B-C62B-D078-7641849D58F8}" = CCC Help Danish
"{F6512561-AC1B-A85C-4096-3281228C93BF}" = CCC Help Chinese Traditional
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9A36074-25AD-4F2E-969E-AEDF452DC57B}" = HP TouchSmart Paint it! by Corel - Langauge
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Android SDK Tools" = Android SDK Tools
"BFGC" = Big Fish Games: Game Manager
"BFG-Life Quest" = Life Quest&reg;
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.2 (beta)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"GomezPEER" = GomezPEER
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP TouchSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP TouchSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP TouchSmart Photo
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP TouchSmart Internet TV
"InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = HP TouchSmart Video
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
"Lucky Rabbit Reflex! Demo Version" = Lucky Rabbit Reflex! Demo Version 1.13
"Lunascape6" = Lunascape6 (All Users)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"Opera 11.61.1250" = Opera 11.61
"RE: Alistair++" = RE: Alistair++ 1
"Real Lives 2004" = Real Lives 2004
"RealPlayer 15.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.8d
"Sims2Pack Clean Installer" = Sims2Pack Clean Installer
"SimSheep2" = SimSheep2
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"uTorrent" = µTorrent
"Virtual U" = Virtual U
"Westward 3" = Westward 3 (remove only)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082124" = Blasterball 3
"WT082125" = Bob the Builder Can-Do-Zoo
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082427" = Slingo Deluxe
"WT082432" = Ancient Hearts
"WT082433" = Bookworm Adventures
"WT082438" = Build-a-lot 2
"WT082441" = Dora's World Adventure
"WT082443" = Jewel Quest 3
"WT082447" = Mah Jong Medley
"WT082458" = Tradewinds Legends
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083472" = Airport Mania
"WT083473" = Bounce Symphony
"WT083489" = JoJo's Fashion Show
"WT083490" = Skip-Bo - Castaway Caper
"WT083491" = TextTwist 2
"WT083697" = Build-a-lot
"YRefresher_is1" = Yrefresher 1.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-883064037-2048478377-2091528665-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"For The Morning Sun" = For The Morning Sun
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"Spirited Heart Demo" = Spirited Heart Demo

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2012 11:18:18 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14271876

Error - 7/14/2012 11:18:18 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14271876

Error - 7/14/2012 11:18:20 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/14/2012 11:18:20 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14273187

Error - 7/14/2012 11:18:20 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14273187

Error - 7/14/2012 11:18:21 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/14/2012 11:18:21 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274435

Error - 7/14/2012 11:18:21 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274435

Error - 7/14/2012 11:18:22 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/14/2012 11:18:22 AM | Computer Name = Annis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14275932

[ Hewlett-Packard Events ]
Error - 5/20/2012 3:50:57 PM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 6/10/2012 3:40:11 PM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 6/10/2012 3:40:12 PM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 6/24/2012 3:48:00 PM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 6/24/2012 3:48:01 PM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/9/2012 5:51:36 PM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/9/2012 5:51:37 PM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/15/2012 12:10:14 AM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 7/15/2012 12:10:14 AM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 8/12/2012 4:06:24 PM | Computer Name = Annis-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ HP Wireless Assistant Events ]
Error - 8/11/2012 3:21:04 PM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 8/11/2012 3:29:48 PM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 8/11/2012 3:29:48 PM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 8/11/2012 11:43:58 PM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/12/2012 2:22:07 AM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/12/2012 8:12:09 AM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 8/12/2012 8:12:09 AM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Not supported at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

at HPPA_Service.CurrentConfiguration.GetPanelBrightnessPercentage()

Error - 8/12/2012 8:12:25 AM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

Error - 8/12/2012 8:12:25 AM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.

Error - 8/13/2012 9:57:26 PM | Computer Name = Annis-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE

[ System Events ]
Error - 8/13/2012 9:55:14 PM | Computer Name = Annis-PC | Source = Service Control Manager | ID = 7000
Description = The BlueStacks Hypervisor service failed to start due to the following
error: %%2

Error - 8/13/2012 9:55:14 PM | Computer Name = Annis-PC | Source = Service Control Manager | ID = 7000
Description = The BlueStacks Log Rotator Service service failed to start due to
the following error: %%2

Error - 8/13/2012 9:55:17 PM | Computer Name = Annis-PC | Source = Service Control Manager | ID = 7001
Description = The BlueStacks Android Service service depends on the BlueStacks Hypervisor
service which failed to start because of the following error: %%2

Error - 8/13/2012 9:55:19 PM | Computer Name = Annis-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgtp

Error - 8/13/2012 9:57:20 PM | Computer Name = Annis-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%31

Error - 8/13/2012 9:57:20 PM | Computer Name = Annis-PC | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%31

Error - 8/14/2012 11:19:59 AM | Computer Name = Annis-PC | Source = bowser | ID = 8003
Description =

Error - 8/14/2012 9:55:03 PM | Computer Name = Annis-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/14/2012 9:59:33 PM | Computer Name = Annis-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/14/2012 10:00:32 PM | Computer Name = Annis-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 15 August 2012 - 06:44 PM

Did your computer recognize your USB drives prior to becoming infected?


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    SRV:64bit: - [2012/08/07 17:30:02 | 000,084,432 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\c9029f9d23637670.sys -- (c9029f9d23637670)
    DRV:64bit: - [2012/08/07 17:30:02 | 000,084,432 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\c9029f9d23637670.sys -- (c9029f9d23637670)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
    IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
    IE - HKU\S-1-5-21-883064037-2048478377-2091528665-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [2012/08/07 17:30:02 | 000,084,432 | ---- | M] () -- C:\Windows\SysNative\drivers\c9029f9d23637670.sys
    [2012/07/16 00:40:30 | 000,016,896 | ---- | C] () -- C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\U\80000000.@
    [2012/07/16 00:40:30 | 000,001,712 | ---- | C] () -- C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\U\00000001.@
    [2012/01/11 16:52:00 | 000,002,048 | -HS- | C] () -- C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\@
    
    :Files
    rmdir C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e} /c
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log



NEXT



please re-run aswMBR, post the fresh log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 15 August 2012 - 10:46 PM

Yes, both my USBs were recognized by my laptop before any infection occurred.


OTL



All processes killed
========== OTL ==========
Error: No service named c9029f9d23637670 was found to stop!
Service\Driver key c9029f9d23637670 not found.
File C:\Windows\SysNative\drivers\c9029f9d23637670.sys not found.
Error: No service named c9029f9d23637670 was found to stop!
Service\Driver key c9029f9d23637670 not found.
File C:\Windows\SysNative\drivers\c9029f9d23637670.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-883064037-2048478377-2091528665-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-883064037-2048478377-2091528665-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
File C:\Windows\SysNative\drivers\c9029f9d23637670.sys not found.
C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\U\80000000.@ moved successfully.
C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\U\00000001.@ moved successfully.
C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e}\@ moved successfully.
========== FILES ==========
< rmdir C:\Users\Annis\AppData\Local\{d20c2a9c-87c7-3cca-66c5-70fb2b1d810e} /c >
C:\Users\Annis\Desktop\cmd.bat deleted successfully.
C:\Users\Annis\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Annis\Desktop\cmd.bat deleted successfully.
C:\Users\Annis\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Annis
->Temp folder emptied: 1425166 bytes
->Temporary Internet Files folder emptied: 55272117 bytes
->Java cache emptied: 38992 bytes
->FireFox cache emptied: 156039061 bytes
->Google Chrome cache emptied: 408902675 bytes
->Opera cache emptied: 19436926 bytes
->Flash cache emptied: 8784203 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Opera cache emptied: 13164807 bytes
->Flash cache emptied: 42472 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1714186 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2018 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 634.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08152012_203632

Files\Folders moved on Reboot...
C:\Users\Annis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Annis\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...






aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 20:43:38
-----------------------------
20:43:38.652 OS Version: Windows x64 6.1.7600
20:43:38.667 Number of processors: 8 586 0x1E05
20:43:38.667 ComputerName: ANNIS-PC UserName: Annis
20:43:40.633 Initialze error C0000001 - driver not loaded
20:44:00.987 Service scanning
20:44:04.747 Service c9029f9d23637670 C:\Windows\System32\Drivers\c9029f9d23637670.sys **HIDDEN**
20:44:16.868 Modules scanning
20:44:16.868 Disk 0 trace - called modules:
20:44:16.883
20:44:16.883 Scan finished successfully
20:44:48.083 The log file has been saved successfully to "C:\Users\Annis\Desktop\aswMBR2.txt"

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 16 August 2012 - 07:47 AM

Please run the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Rootkit::
C:\Windows\System32\Drivers\c9029f9d23637670.sys

Driver::
c9029f9d23637670F

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 17 August 2012 - 02:10 AM

ComboFix

ComboFix 12-08-17.01 - Annis 08/16/2012 22:46:19.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.16318.13627 [GMT -7:00]
Running from: c:\users\Annis\Desktop\ComboFix.exe
Command switches used :: c:\users\Annis\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_c9029f9d23637670
-------\Service_c9029f9d23637670
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 05:55 . 2012-08-17 05:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-17 05:55 . 2012-08-17 05:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 05:55 . 2012-08-17 05:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-16 03:36 . 2012-08-16 03:36 -------- d-----w- C:\_OTL
2012-08-12 06:20 . 2012-08-17 05:57 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-08-11 01:40 . 2012-08-11 01:40 -------- d-----w- c:\users\Annis\AppData\Roaming\Adobe Mini Bridge CS5
2012-08-11 01:40 . 2012-08-11 01:40 -------- d-----w- c:\users\Annis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-08-11 00:53 . 2012-08-11 00:53 -------- d-----w- c:\users\Annis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-08-08 05:44 . 2012-08-08 05:51 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-08 05:43 . 2012-08-08 05:50 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-08 05:43 . 2012-08-08 05:51 -------- d-----w- c:\programdata\AVG2012
2012-08-08 05:42 . 2012-08-08 05:42 -------- d-----w- c:\program files (x86)\AVG
2012-08-08 05:39 . 2012-08-08 05:47 -------- d-----w- c:\programdata\MFAData
2012-08-08 05:35 . 2012-08-01 20:27 643696 ----a-w- C:\autoruns.exe
2012-08-08 05:35 . 2012-08-01 20:27 561264 ----a-w- C:\autorunsc.exe
2012-08-08 02:34 . 2012-08-16 06:17 -------- d-----w- c:\programdata\BlueStacks
2012-08-04 09:30 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71D25059-89D9-47D2-8CFA-E278CDEA3BCB}\mpengine.dll
2012-08-03 11:46 . 2012-08-08 05:26 -------- d-----w- c:\programdata\SecTaskMan
2012-08-03 11:46 . 2012-08-03 11:46 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-08-02 10:49 . 2012-08-02 10:49 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-08-02 10:48 . 2012-08-02 10:48 150736 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-08-02 10:48 . 2012-08-02 10:48 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-08-02 02:04 . 2012-08-02 02:04 -------- d-----w- c:\program files\CCleaner
2012-07-23 07:17 . 2012-07-24 10:00 -------- d-----w- c:\program files (x86)\hpmonitor
2012-07-23 07:16 . 2012-07-23 07:16 -------- d-----w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 10:48 . 2009-07-21 20:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-02 10:48 . 2009-07-21 20:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-02 01:36 . 2012-06-27 21:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 01:36 . 2012-06-27 21:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46 . 2012-07-16 09:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-09 01:05 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-09 01:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:06 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:05 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-09 01:05 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-09 01:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-09 01:05 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-09 01:05 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2012-01-11 08:05 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\drivers\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_423c286802951189\kbdclass.sys
.
[7] 2009-07-14 . CAD515DBD07D082BB317D9928CE8962C . 947776 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[7] 2009-07-14 . CAD515DBD07D082BB317D9928CE8962C . 947776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2012-01-10 . 1AD8FEF2D6AC7116B68B887A9782FD33 . 1657216 . . [6.1.7600.16592] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16592_none_02584e6636a76a74\ntfs.sys
[7] 2012-01-10 . 57CE88567C456E3E55070195BCA8C4C0 . 1685888 . . [6.1.7600.20712] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20712_none_03386c774f8427dd\ntfs.sys
[7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[7] 2011-03-11 . 867C1395F0100CBE9ACD73B1C2741149 . 1685888 . . [6.1.7600.20921] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_032ca00d4f8d24c5\ntfs.sys
[7] 2011-03-11 . 378E0E0DFEA67D98AE6EA53ADBBD76BC . 1657216 . . [6.1.7600.16778] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_0273f3c63691c4ea\ntfs.sys
[7] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[7] 2009-07-14 . 356698A13C4630D5B31C37378D469196 . 1659984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
[7] 2011-03-11 . 378E0E0DFEA67D98AE6EA53ADBBD76BC . 1657216 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[7] 2011-09-29 . 3810F06A4D74A7D62641EE73D6B3C660 . 1912176 . . [6.1.7601.21828] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[7] 2011-09-29 . F18F56EFC0BFB9C87BA01C37B27F4DA5 . 1897328 . . [6.1.7600.16889] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[7] 2011-09-29 . AC3E29880DB5659532A1AA3439304A43 . 1886064 . . [6.1.7600.21060] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[7] 2011-04-25 . B77977AEB2FF159D01DB08A309989C5F . 1927552 . . [6.1.7601.21712] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[7] 2011-04-25 . 92CE29D95AC9DD2D0EE9061D551BA250 . 1923968 . . [6.1.7601.17603] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[7] 2011-04-25 . 61DC720BB065D607D5823F13D2A64321 . 1896832 . . [6.1.7600.16802] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[7] 2011-04-25 . 1F748D5439B65E0BEBD92F65048F030D . 1893248 . . [6.1.7600.20951] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[7] 2009-07-14 . 912107716BAB424C7870E8E6AF5E07E1 . 1898576 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[7] 2011-09-29 . F18F56EFC0BFB9C87BA01C37B27F4DA5 . 1897328 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2009-07-13 . 079125C4B17B01FCAEEBCE0BCB290C0F . 99840 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[7] 2009-07-13 . 079125C4B17B01FCAEEBCE0BCB290C0F . 99840 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-01-10 . FD787551F58F9686CEC6353F693EF571 . 5509008 . . [6.1.7600.16539] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_c85f67d7cda7ed04\ntoskrnl.exe
[7] 2012-01-10 . 7B7253D90EF53BAFCDC96C888B1DB4F3 . 5485448 . . [6.1.7600.20655] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_c8cf63a2e6d95f54\ntoskrnl.exe
[7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[7] 2011-06-23 . 12EC6D619756240886680523392EEF9C . 5474688 . . [6.1.7600.20994] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_c8a3295ae6faad36\ntoskrnl.exe
[7] 2011-06-23 . EBECACD545E280FE7A0A2CBFC0AC29BD . 5507968 . . [6.1.7600.16841] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_c84c9b4dcdb735b2\ntoskrnl.exe
[7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[7] 2010-10-27 . E6FC5686F6BB6F0CEB1107E6D064A944 . 5477248 . . [6.1.7600.20826] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_c8f0d77ce6c01f26\ntoskrnl.exe
[7] 2010-10-27 . E2EA143288BFF3D6B3AEB88C3BC02DAF . 5510528 . . [6.1.7600.16695] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_c81a890dcddc2c75\ntoskrnl.exe
[7] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[7] 2011-06-23 . EBECACD545E280FE7A0A2CBFC0AC29BD . 5507968 . . [6.1.7600.16841] .. c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_02.00.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-16 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-14 01:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-14 01:55 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 03:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-14 01:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-04 02:33 . 2012-08-16 03:42 53324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-17 05:59 41290 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-13 23:38 . 2009-07-13 23:38 15360 c:\windows\system32\vga.dll
+ 2009-07-14 00:16 . 2009-07-14 00:16 17408 c:\windows\system32\tsddd.dll
+ 2009-07-14 00:16 . 2009-07-14 01:32 32256 c:\windows\system32\RDPREFDD.dll
+ 2009-07-13 23:19 . 2009-07-14 01:45 57424 c:\windows\system32\PSHED.DLL
+ 2009-07-13 23:19 . 2009-07-14 01:41 36864 c:\windows\system32\pcwum.dll
+ 2009-07-13 23:22 . 2009-07-14 01:48 32832 c:\windows\system32\mcupdate_AuthenticAMD.dll
+ 2012-01-11 23:53 . 2011-02-05 12:41 20352 c:\windows\system32\kdusb.dll
+ 2012-01-11 23:53 . 2011-02-05 12:41 17792 c:\windows\system32\kdcom.dll
+ 2012-01-11 23:53 . 2011-02-05 12:41 19328 c:\windows\system32\kd1394.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 10240 c:\windows\system32\kbdnecat.dll
+ 2009-07-13 23:37 . 2009-07-14 01:41 12288 c:\windows\system32\KBDKOR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:41 12800 c:\windows\system32\KBDJPN.DLL
+ 2009-07-13 23:38 . 2009-07-13 23:38 14848 c:\windows\system32\framebuf.dll
+ 2009-07-13 23:37 . 2009-07-14 01:27 34816 c:\windows\system32\f3ahvoas.dll
+ 2009-07-14 00:10 . 2009-07-14 00:10 21504 c:\windows\system32\drivers\ws2ifsl.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 16464 c:\windows\system32\drivers\wmilib.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 14336 c:\windows\system32\drivers\wmiacpi.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 40448 c:\windows\system32\drivers\winusb.sys
+ 2009-07-13 23:29 . 2009-07-14 01:45 22096 c:\windows\system32\drivers\wimmount.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 12800 c:\windows\system32\drivers\wfplwf.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 42064 c:\windows\system32\drivers\WdfLdr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 21056 c:\windows\system32\drivers\wd.sys
+ 2009-07-13 23:37 . 2009-07-13 23:37 42496 c:\windows\system32\drivers\watchdog.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 88576 c:\windows\system32\drivers\wanarp.sys
+ 2009-07-14 00:02 . 2009-07-14 00:02 27776 c:\windows\system32\drivers\wacompen.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 17920 c:\windows\system32\drivers\vwifimp.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 59904 c:\windows\system32\drivers\vwififlt.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 24576 c:\windows\system32\drivers\vwifibus.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 71760 c:\windows\system32\drivers\volmgr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 17488 c:\windows\system32\drivers\viaide.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 29184 c:\windows\system32\drivers\vgapnp.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 29184 c:\windows\system32\drivers\vga.sys
+ 2009-07-14 00:01 . 2009-07-14 01:45 36432 c:\windows\system32\drivers\vdrvroot.sys
+ 2012-01-13 00:35 . 2011-03-29 03:32 30720 c:\windows\system32\drivers\usbuhci.sys
+ 2012-01-13 00:34 . 2011-03-11 04:31 91136 c:\windows\system32\drivers\USBSTOR.SYS
+ 2009-07-14 00:35 . 2009-07-14 00:35 41984 c:\windows\system32\drivers\usbscan.sys
+ 2009-07-14 00:35 . 2009-07-14 00:35 31744 c:\windows\system32\drivers\usbrpm.sys
+ 2009-07-14 00:38 . 2009-07-14 00:38 25088 c:\windows\system32\drivers\usbprint.sys
+ 2012-01-13 00:35 . 2011-03-29 03:32 25600 c:\windows\system32\drivers\usbohci.sys
+ 2012-01-13 00:35 . 2011-03-29 03:32 52224 c:\windows\system32\drivers\usbehci.sys
+ 2012-01-13 00:35 . 2011-03-29 03:32 99328 c:\windows\system32\drivers\usbccgp.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 32896 c:\windows\system32\drivers\USBCAMD2.sys
+ 2011-08-03 01:38 . 2011-08-03 01:38 51712 c:\windows\system32\drivers\usbaapl64.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\drivers\usb8023.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 48640 c:\windows\system32\drivers\umbus.sys
+ 2009-07-13 23:38 . 2009-07-14 01:45 64592 c:\windows\system32\drivers\ULIAGPKX.SYS
+ 2009-07-13 23:38 . 2009-07-14 01:45 64080 c:\windows\system32\drivers\UAGP35.SYS
+ 2009-07-14 00:16 . 2009-07-14 00:16 38400 c:\windows\system32\drivers\tssecsrv.sys
+ 2009-07-14 00:16 . 2009-07-14 01:45 62544 c:\windows\system32\drivers\termdd.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 23552 c:\windows\system32\drivers\tdtcp.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 15872 c:\windows\system32\drivers\tdpipe.sys
+ 2009-07-13 23:21 . 2009-07-13 23:21 26624 c:\windows\system32\drivers\tdi.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 44544 c:\windows\system32\drivers\tcpipreg.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 29184 c:\windows\system32\drivers\tape.sys
+ 2009-07-14 00:00 . 2009-07-14 01:45 12496 c:\windows\system32\drivers\swenum.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 68864 c:\windows\system32\drivers\stream.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45 24656 c:\windows\system32\drivers\stexstor.sys
+ 2009-07-13 20:27 . 2009-07-14 01:45 19008 c:\windows\system32\drivers\spldr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 20992 c:\windows\system32\drivers\smclib.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 93184 c:\windows\system32\drivers\smb.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45 80464 c:\windows\system32\drivers\sisraid4.sys
+ 2009-06-10 20:37 . 2009-07-14 01:45 43584 c:\windows\system32\drivers\sisraid2.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 16896 c:\windows\system32\drivers\sfloppy.sys
+ 2012-01-10 18:01 . 2012-01-10 18:01 14336 c:\windows\system32\drivers\sffp_sd.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 13824 c:\windows\system32\drivers\sffp_mmc.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 14336 c:\windows\system32\drivers\sffdisk.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 26624 c:\windows\system32\drivers\sermouse.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 94208 c:\windows\system32\drivers\serial.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 23552 c:\windows\system32\drivers\serenum.sys
+ 2009-07-14 02:36 . 2009-06-10 20:37 23040 c:\windows\system32\drivers\secdrv.sys
+ 2009-07-13 23:50 . 2009-07-13 23:50 29696 c:\windows\system32\drivers\scfilter.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 76800 c:\windows\system32\drivers\rspndr.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 11264 c:\windows\system32\drivers\rootmdm.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 41472 c:\windows\system32\drivers\RNDISMP.sys
+ 2009-07-14 00:17 . 2009-07-14 00:17 24064 c:\windows\system32\drivers\rdpbus.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 83968 c:\windows\system32\drivers\rassstp.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 92672 c:\windows\system32\drivers\raspppoe.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 14848 c:\windows\system32\drivers\rasacd.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 46592 c:\windows\system32\drivers\qwavedrv.sys
+ 2012-01-11 09:27 . 2011-11-29 02:28 55856 c:\windows\system32\drivers\PxHlpa64.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 60416 c:\windows\system32\drivers\processr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 50768 c:\windows\system32\drivers\pcw.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 48720 c:\windows\system32\drivers\pciidex.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 12352 c:\windows\system32\drivers\pciide.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 75840 c:\windows\system32\drivers\partmgr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 97280 c:\windows\system32\drivers\parport.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 72832 c:\windows\system32\drivers\ohci1394.sys
+ 2009-07-13 23:21 . 2009-07-13 23:21 24576 c:\windows\system32\drivers\nsiproxy.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 44032 c:\windows\system32\drivers\npfs.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 51264 c:\windows\system32\drivers\nfrd960.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 44544 c:\windows\system32\drivers\netbios.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 57856 c:\windows\system32\drivers\ndproxy.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 56320 c:\windows\system32\drivers\ndisuio.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 24064 c:\windows\system32\drivers\ndistapi.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 35328 c:\windows\system32\drivers\ndiscap.sys
+ 2009-07-13 23:23 . 2009-07-14 01:48 60496 c:\windows\system32\drivers\mup.sys
+ 2009-07-14 00:02 . 2009-07-14 00:02 15360 c:\windows\system32\drivers\MTConfig.sys
+ 2009-07-13 23:31 . 2009-07-14 01:48 32320 c:\windows\system32\drivers\mssmbios.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 11136 c:\windows\system32\drivers\mskssrv.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48 15424 c:\windows\system32\drivers\msisadrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 26112 c:\windows\system32\drivers\msfs.sys
+ 2009-07-14 00:01 . 2009-07-14 01:48 30272 c:\windows\system32\drivers\msahci.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 77312 c:\windows\system32\drivers\mpsdrv.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48 94784 c:\windows\system32\drivers\mountmgr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 31232 c:\windows\system32\drivers\mouhid.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48 49216 c:\windows\system32\drivers\mouclass.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 30208 c:\windows\system32\drivers\monitor.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 40448 c:\windows\system32\drivers\modem.sys
+ 2009-06-10 20:37 . 2009-07-14 01:48 35392 c:\windows\system32\drivers\megasas.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 22016 c:\windows\system32\drivers\mcd.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 65600 c:\windows\system32\drivers\lsi_sas2.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 60928 c:\windows\system32\drivers\lltdio.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 20992 c:\windows\system32\drivers\ksthunk.sys
+ 2012-01-14 07:27 . 2011-11-17 07:17 95088 c:\windows\system32\drivers\ksecdd.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 33280 c:\windows\system32\drivers\kbdhid.sys
+ 2009-07-13 23:31 . 2009-07-14 01:48 20544 c:\windows\system32\drivers\isapnp.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 17920 c:\windows\system32\drivers\irenum.sys
+ 2009-07-13 23:47 . 2009-07-13 23:47 78848 c:\windows\system32\drivers\IPMIDrv.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 82944 c:\windows\system32\drivers\ipfltdrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 62464 c:\windows\system32\drivers\intelppm.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48 16960 c:\windows\system32\drivers\intelide.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 44112 c:\windows\system32\drivers\iirsp.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48 14416 c:\windows\system32\drivers\hwpolicy.sys
+ 2009-07-13 21:59 . 2009-07-14 01:47 77888 c:\windows\system32\drivers\HpSAMD.sys
+ 2009-07-08 21:49 . 2009-07-08 21:49 30008 c:\windows\system32\drivers\hpdskflt.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 30208 c:\windows\system32\drivers\hidusb.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 32896 c:\windows\system32\drivers\hidparse.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 46592 c:\windows\system32\drivers\hidir.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 76288 c:\windows\system32\drivers\hidclass.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 26624 c:\windows\system32\drivers\hidbatt.sys
+ 2009-09-17 20:54 . 2009-09-17 20:54 56344 c:\windows\system32\drivers\HECIx64.sys
+ 2009-07-13 22:53 . 2009-06-10 20:31 31232 c:\windows\system32\drivers\hcw85cir.sys
+ 2012-01-27 01:19 . 2009-05-18 21:17 34152 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2009-07-13 23:38 . 2009-07-14 01:47 65088 c:\windows\system32\drivers\GAGP30KX.SYS
+ 2009-07-13 23:26 . 2009-07-14 01:47 55376 c:\windows\system32\drivers\fsdepends.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47 23104 c:\windows\system32\drivers\fs_rec.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 24576 c:\windows\system32\drivers\flpydisk.sys
+ 2009-07-13 23:25 . 2009-07-13 23:25 34304 c:\windows\system32\drivers\filetrace.sys
+ 2009-07-13 23:34 . 2009-07-14 01:47 70224 c:\windows\system32\drivers\fileinfo.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 29696 c:\windows\system32\drivers\fdc.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 98816 c:\windows\system32\drivers\dxg.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 16896 c:\windows\system32\drivers\dxapi.sys
+ 2010-01-30 04:30 . 2010-01-30 04:30 20056 c:\windows\system32\drivers\dvmio.sys
+ 2009-07-13 23:21 . 2009-07-14 01:43 55128 c:\windows\system32\drivers\dumpfve.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47 28736 c:\windows\system32\drivers\Dumpata.sys
+ 2012-01-11 23:53 . 2011-04-22 20:18 27008 c:\windows\system32\drivers\Diskdump.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47 73280 c:\windows\system32\drivers\disk.sys
+ 2009-07-13 23:37 . 2009-07-13 23:37 40448 c:\windows\system32\drivers\discache.sys
+ 2009-07-14 00:01 . 2009-07-14 01:47 24144 c:\windows\system32\drivers\crcdisk.sys
+ 2009-07-14 00:01 . 2009-07-14 01:47 39504 c:\windows\system32\drivers\crashdmp.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 38912 c:\windows\system32\drivers\CompositeBus.sys
+ 2009-07-13 23:31 . 2009-07-14 01:52 21584 c:\windows\system32\drivers\compbatt.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 17488 c:\windows\system32\drivers\cmdide.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 17664 c:\windows\system32\drivers\CmBatt.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 45568 c:\windows\system32\drivers\circlass.sys
+ 2012-01-11 09:27 . 2009-06-23 11:00 10224 c:\windows\system32\drivers\cdralw2k.sys
+ 2012-01-11 09:27 . 2009-06-23 11:00 10224 c:\windows\system32\drivers\cdr4_xp.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 92160 c:\windows\system32\drivers\cdfs.sys
+ 2012-01-10 18:19 . 2010-01-07 18:22 21160 c:\windows\system32\drivers\btwrchid.sys
+ 2012-01-10 18:19 . 2010-01-07 18:22 35104 c:\windows\system32\drivers\btwl2cap.sys
+ 2012-01-10 18:19 . 2010-01-07 18:22 98344 c:\windows\system32\drivers\btwaudio.sys
+ 2012-01-13 00:35 . 2011-04-28 03:58 80384 c:\windows\system32\drivers\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 72192 c:\windows\system32\drivers\bthmodem.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\drivers\bthenum.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41 14720 c:\windows\system32\drivers\BrUsbSer.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41 14976 c:\windows\system32\drivers\BrUsbMdm.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41 47104 c:\windows\system32\drivers\BrSerWdm.sys
+ 2009-07-14 01:05 . 2009-07-14 01:01 95232 c:\windows\system32\drivers\bridge.sys
+ 2009-07-14 01:19 . 2009-06-10 20:41 18432 c:\windows\system32\drivers\BrFiltLo.sys
+ 2012-01-11 23:52 . 2011-02-23 05:15 90624 c:\windows\system32\drivers\bowser.sys
+ 2009-07-13 23:35 . 2009-07-13 23:35 45056 c:\windows\system32\drivers\blbdrive.sys
+ 2009-07-13 23:31 . 2009-07-14 01:52 28240 c:\windows\system32\drivers\battc.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 24128 c:\windows\system32\drivers\atapi.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52 97856 c:\windows\system32\drivers\arcsas.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52 87632 c:\windows\system32\drivers\arc.sys
+ 2009-07-13 23:52 . 2009-07-13 23:52 61440 c:\windows\system32\drivers\appid.sys
+ 2012-01-13 00:34 . 2011-03-11 06:22 27008 c:\windows\system32\drivers\amdxata.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 60928 c:\windows\system32\drivers\amdppm.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 64512 c:\windows\system32\drivers\amdk8.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 15440 c:\windows\system32\drivers\amdide.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 15440 c:\windows\system32\drivers\aliide.sys
+ 2009-07-13 23:38 . 2009-07-14 01:52 61008 c:\windows\system32\drivers\AGP440.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 60416 c:\windows\system32\drivers\agilevpn.sys
+ 2009-07-13 23:27 . 2009-07-13 23:27 12288 c:\windows\system32\drivers\acpipmi.sys
+ 2009-07-08 21:48 . 2009-07-08 21:48 41272 c:\windows\system32\drivers\Accelerometer.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 68096 c:\windows\system32\drivers\1394bus.sys
+ 2012-01-11 23:54 . 2011-10-26 05:19 43520 c:\windows\system32\csrsrv.dll
+ 2009-07-13 23:19 . 2009-07-14 01:52 23120 c:\windows\system32\BOOTVID.DLL
+ 2012-01-11 07:54 . 2012-08-17 05:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-11 07:54 . 2012-08-14 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-11 07:54 . 2012-08-17 05:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-11 07:54 . 2012-08-14 01:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-11 07:54 . 2012-08-17 05:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-11 07:54 . 2012-08-14 01:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-10 19:52 . 2012-08-15 01:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-10 19:52 . 2012-08-17 05:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-10 19:52 . 2012-08-17 05:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-10 19:52 . 2012-08-15 01:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-11 07:50 . 2012-08-17 05:59 9412 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883064037-2048478377-2091528665-1001_UserData.bin
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDYCL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDYCC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDYBA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDYAK.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDWOL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDVNTC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUZB.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDUSX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUSR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUSL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUSA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDUS.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDURDU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDUR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDUKX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUK.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDUGHR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUGHR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDTURME.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDTUQ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDTUF.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDTIPRC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTH3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTH2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTH1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTH0.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTAT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDTAJIK.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSYR2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSYR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDSW09.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSW.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSP.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDSORST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDSORS1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDSOREX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDSN1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDSMSNO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDSMSFI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDSL1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDSL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDSG.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSF.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDRU1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDRU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDROST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDROPR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDRO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDPO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDPL1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDPL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDPASH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDNSO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDNO1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDNO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDNEPR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\kbdnecnt.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbdnec95.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbdnec.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDNE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMONMO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDMON.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMLT48.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMLT47.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDMAORI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMACST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMAC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDLV1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDLV.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDLT2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDLT1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDLT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\kbdlk41a.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDLAO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDLA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDKYR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDKHMR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDKAZ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDIULAT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDIT142.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDIT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDIR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDINUK2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDINTEL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINTAM.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINPUN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDINORI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDINMAR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDINMAL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDINKAN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDINHIN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINGUJ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDINDEV.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINBEN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINBE2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINBE1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINASA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDIC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDIBO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbdibm02.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDHU1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 9728 c:\windows\system32\KBDHEPT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHELA3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHELA2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDHEB.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHE319.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHE220.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDHE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDHAU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDGRLND.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDGR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDGR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDGKL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbdgeoqw.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbdgeoer.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 6144 c:\windows\system32\KBDGEO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDGAE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDFR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDFO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDFI1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDFI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDFC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDFA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDEST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDES.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDDV.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDDIV2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDDIV1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDDA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDCZ2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDCZ1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDCZ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDCR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDCAN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDCA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDBULG.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDBLR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBHC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBGPH1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBGPH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDBENE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDBASH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDAZEL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDAZE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbdax2.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDARMW.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDARME.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDAL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDA3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDA2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDA1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\kbd106n.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbd106.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbd103.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\kbd101c.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbd101b.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbd101a.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\kbd101.dll
+ 2012-01-13 00:35 . 2011-03-29 03:32 7936 c:\windows\system32\drivers\usbd.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 9728 c:\windows\system32\drivers\umpass.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 8192 c:\windows\system32\drivers\RDPREFMP.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 7680 c:\windows\system32\drivers\RDPENCDD.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 7680 c:\windows\system32\drivers\RDPCDD.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 8064 c:\windows\system32\drivers\mstee.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 6784 c:\windows\system32\drivers\mspqm.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 7168 c:\windows\system32\drivers\mspclock.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 8192 c:\windows\system32\drivers\mshidkmdf.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 9728 c:\windows\system32\drivers\errdev.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 5632 c:\windows\system32\drivers\drmkaud.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41 8704 c:\windows\system32\drivers\BrFiltUp.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 6656 c:\windows\system32\drivers\beep.sys
- 2012-08-14 01:55 . 2012-08-14 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 05:57 . 2012-08-17 05:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-17 05:57 . 2012-08-17 05:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-14 01:55 . 2012-08-14 01:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-11 23:53 . 2011-02-05 12:39 603976 c:\windows\system32\winload.exe
+ 2009-07-14 00:16 . 2009-07-14 01:32 147456 c:\windows\system32\RDPENCDD.dll
+ 2009-07-14 00:16 . 2009-07-14 00:16 194048 c:\windows\system32\rdpdd.dll
+ 2009-07-14 02:36 . 2012-08-16 03:44 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-12 20:07 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 03:44 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-12 20:07 106522 c:\windows\system32\perfc009.dat
+ 2009-07-13 23:22 . 2009-07-14 01:48 255552 c:\windows\system32\mcupdate_GenuineIntel.dll
+ 2009-07-13 23:19 . 2009-07-14 01:47 263232 c:\windows\system32\hal.dll
+ 2009-06-10 20:35 . 2009-06-10 20:35 389120 c:\windows\system32\drivers\yk62x64.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 172544 c:\windows\system32\drivers\WUDFRd.sys
+ 2009-07-14 00:05 . 2009-07-14 00:05 112128 c:\windows\system32\drivers\WUDFPf.sys
+ 2009-07-13 23:22 . 2009-07-14 01:45 654928 c:\windows\system32\drivers\Wdf01000.sys
+ 2009-07-13 22:04 . 2009-06-10 21:01 740864 c:\windows\system32\drivers\VSTCNXT6.SYS
+ 2009-07-13 22:04 . 2009-06-10 21:01 292864 c:\windows\system32\drivers\VSTAZL6.SYS
+ 2009-06-10 20:37 . 2009-07-14 01:45 161872 c:\windows\system32\drivers\vsmraid.sys
+ 2009-07-13 23:20 . 2009-07-14 01:45 294992 c:\windows\system32\drivers\volsnap.sys
+ 2009-07-13 23:20 . 2009-07-14 01:45 363584 c:\windows\system32\drivers\volmgrx.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 129024 c:\windows\system32\drivers\videoprt.sys
+ 2009-07-14 00:01 . 2009-07-14 01:45 217680 c:\windows\system32\drivers\vhdmp.sys
+ 2012-01-12 11:01 . 2010-03-04 04:40 184832 c:\windows\system32\drivers\usbvideo.sys
+ 2012-01-13 00:35 . 2011-03-29 03:32 324608 c:\windows\system32\drivers\usbport.sys
+ 2012-01-13 00:35 . 2011-03-29 03:32 343040 c:\windows\system32\drivers\usbhub.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 100352 c:\windows\system32\drivers\usbcir.sys
+ 2010-03-04 03:21 . 2010-03-04 03:21 327680 c:\windows\system32\drivers\udfs.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 125440 c:\windows\system32\drivers\tunnel.sys
+ 2012-01-10 18:15 . 2010-01-14 07:38 505856 c:\windows\system32\drivers\stwrt64.sys
+ 2012-01-13 00:34 . 2011-03-11 06:23 187264 c:\windows\system32\drivers\storport.sys
+ 2012-01-11 23:53 . 2011-04-29 03:12 161792 c:\windows\system32\drivers\srvnet.sys
+ 2012-01-11 23:53 . 2011-04-29 03:12 399872 c:\windows\system32\drivers\srv2.sys
+ 2012-01-11 23:53 . 2011-04-29 03:13 461312 c:\windows\system32\drivers\srv.sys
+ 2009-06-10 20:48 . 2009-06-10 20:48 426496 c:\windows\system32\drivers\spsys.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 109056 c:\windows\system32\drivers\sdbus.sys
+ 2009-07-14 00:01 . 2009-07-14 01:45 171600 c:\windows\system32\drivers\scsiport.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 104016 c:\windows\system32\drivers\sbp2port.sys
+ 2012-01-10 18:15 . 2010-01-11 22:31 232992 c:\windows\system32\drivers\RtsUStor.sys
+ 2012-01-10 18:16 . 2009-11-28 01:45 295424 c:\windows\system32\drivers\Rt64win7.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 145920 c:\windows\system32\drivers\rmcast.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 158720 c:\windows\system32\drivers\rfcomm.sys
+ 2009-07-13 23:34 . 2009-07-14 01:45 214096 c:\windows\system32\drivers\rdyboost.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 204800 c:\windows\system32\drivers\rdpwd.sys
+ 2009-07-13 23:24 . 2009-07-13 23:24 309248 c:\windows\system32\drivers\rdbss.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 111616 c:\windows\system32\drivers\raspptp.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 130048 c:\windows\system32\drivers\rasl2tp.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45 128592 c:\windows\system32\drivers\ql40xx.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 230400 c:\windows\system32\drivers\portcls.sys
+ 2009-07-13 23:51 . 2009-07-14 01:01 651264 c:\windows\system32\drivers\PEAuth.sys
+ 2009-07-13 23:31 . 2009-07-14 01:45 220752 c:\windows\system32\drivers\pcmcia.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 183872 c:\windows\system32\drivers\pci.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 131584 c:\windows\system32\drivers\pacer.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 318976 c:\windows\system32\drivers\nwifi.sys
+ 2012-01-13 00:34 . 2011-03-11 06:23 166272 c:\windows\system32\drivers\nvstor.sys
+ 2012-01-13 00:34 . 2011-03-11 06:23 148352 c:\windows\system32\drivers\nvraid.sys
+ 2009-07-13 23:38 . 2009-07-14 01:48 122960 c:\windows\system32\drivers\NV_AGP.SYS
+ 2009-07-13 23:21 . 2009-07-14 01:48 374864 c:\windows\system32\drivers\netio.sys
+ 2009-07-13 23:21 . 2009-07-13 23:21 259072 c:\windows\system32\drivers\netbt.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 164352 c:\windows\system32\drivers\ndiswan.sys
+ 2009-07-13 23:21 . 2009-07-14 01:48 367168 c:\windows\system32\drivers\msrpc.sys
+ 2009-07-14 00:01 . 2009-07-14 01:48 224832 c:\windows\system32\drivers\msiscsi.sys
+ 2009-07-14 00:01 . 2009-07-14 01:48 140352 c:\windows\system32\drivers\msdsm.sys
+ 2012-01-11 23:54 . 2011-05-04 02:51 126464 c:\windows\system32\drivers\mrxsmb20.sys
+ 2012-01-11 23:54 . 2011-07-09 02:44 287744 c:\windows\system32\drivers\mrxsmb10.sys
+ 2012-01-11 23:54 . 2011-05-04 02:51 157696 c:\windows\system32\drivers\mrxsmb.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23 140800 c:\windows\system32\drivers\mrxdav.sys
+ 2009-07-14 00:01 . 2009-07-14 01:48 155216 c:\windows\system32\drivers\mpio.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 284736 c:\windows\system32\drivers\MegaSR.sys
+ 2009-07-13 23:26 . 2009-07-13 23:26 113152 c:\windows\system32\drivers\luafv.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 115776 c:\windows\system32\drivers\lsi_scsi.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 106560 c:\windows\system32\drivers\lsi_sas.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 114752 c:\windows\system32\drivers\lsi_fc.sys
+ 2012-01-14 07:27 . 2011-11-17 07:17 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-01-12 11:01 . 2010-03-04 04:32 243712 c:\windows\system32\drivers\ks.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 120320 c:\windows\system32\drivers\irda.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 116224 c:\windows\system32\drivers\ipnat.sys
+ 2012-01-13 00:34 . 2011-03-11 06:23 410496 c:\windows\system32\drivers\iaStorV.sys
+ 2012-03-04 20:32 . 2010-04-13 17:44 540696 c:\windows\system32\drivers\iaStor.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 105472 c:\windows\system32\drivers\i8042prt.sys
+ 2009-07-13 23:22 . 2009-07-13 23:22 751616 c:\windows\system32\drivers\http.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 100864 c:\windows\system32\drivers\hidbth.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 350208 c:\windows\system32\drivers\HdAudio.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 122368 c:\windows\system32\drivers\hdaudbus.sys
+ 2009-07-13 23:21 . 2009-07-14 01:47 288336 c:\windows\system32\drivers\FWPKCLNT.SYS
+ 2012-01-11 23:53 . 2009-09-26 06:20 223448 c:\windows\system32\drivers\fvevol.sys
+ 2009-07-13 23:20 . 2009-07-14 01:47 290368 c:\windows\system32\drivers\fltMgr.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23 204800 c:\windows\system32\drivers\fastfat.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23 195072 c:\windows\system32\drivers\exfat.sys
+ 2009-06-10 20:36 . 2009-07-14 01:47 530496 c:\windows\system32\drivers\elxstor.sys
+ 2012-01-11 23:53 . 2011-01-26 06:53 265088 c:\windows\system32\drivers\dxgmms1.sys
+ 2012-01-11 23:53 . 2011-01-26 06:53 982912 c:\windows\system32\drivers\dxgkrnl.sys
+ 2009-07-14 00:06 . 2009-07-14 01:01 116224 c:\windows\system32\drivers\drmk.sys
+ 2012-01-11 23:54 . 2011-04-27 02:57 102400 c:\windows\system32\drivers\dfsc.sys
+ 2012-01-14 07:27 . 2011-11-17 07:15 460296 c:\windows\system32\drivers\cng.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 178752 c:\windows\system32\drivers\Classpnp.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 147456 c:\windows\system32\drivers\cdrom.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34 468480 c:\windows\system32\drivers\bxvbda.sys
+ 2012-01-10 18:19 . 2010-01-07 18:22 132648 c:\windows\system32\drivers\btwavdt.sys
+ 2012-01-13 00:35 . 2011-04-28 03:58 552448 c:\windows\system32\drivers\bthport.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 118784 c:\windows\system32\drivers\bthpan.sys
+ 2009-07-14 01:19 . 2009-07-14 01:19 286720 c:\windows\system32\drivers\BrSerId.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34 270848 c:\windows\system32\drivers\b57nd60a.sys
+ 2012-03-04 20:34 . 2012-03-04 20:33 279040 c:\windows\system32\drivers\atikmpag.sys
+ 2012-03-04 20:34 . 2012-03-04 20:33 125456 c:\windows\system32\drivers\AtiHdmi.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 155728 c:\windows\system32\drivers\ataport.sys
+ 2009-06-10 20:37 . 2009-07-14 01:52 194128 c:\windows\system32\drivers\amdsbs.sys
+ 2012-01-13 00:34 . 2011-03-11 06:22 107904 c:\windows\system32\drivers\amdsata.sys
+ 2012-01-11 23:54 . 2011-04-25 02:44 499712 c:\windows\system32\drivers\afd.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52 182864 c:\windows\system32\drivers\adpu320.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52 339536 c:\windows\system32\drivers\adpahci.sys
+ 2009-06-10 20:36 . 2009-07-14 01:52 491088 c:\windows\system32\drivers\adp94xx.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 334416 c:\windows\system32\drivers\acpi.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 227840 c:\windows\system32\drivers\1394ohci.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 367696 c:\windows\system32\clfs.sys
+ 2009-07-13 23:22 . 2009-07-14 01:43 780224 c:\windows\system32\ci.dll
+ 2012-01-11 23:53 . 2011-01-26 06:31 144384 c:\windows\system32\cdd.dll
+ 2012-01-11 23:53 . 2011-02-19 04:13 367104 c:\windows\system32\atmfd.dll
+ 2009-07-14 05:01 . 2012-08-17 05:56 501432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-14 01:54 501432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-16 06:17 . 2012-08-16 06:17 186008 c:\windows\Installer\MSI9F4A.tmp-\HD-LibraryHandler.dll
+ 2012-08-16 06:17 . 2012-08-16 06:17 127128 c:\windows\Installer\MSI542C.tmp-\HD-ShortcutHandler.dll
+ 2012-08-16 06:17 . 2012-08-16 06:17 127128 c:\windows\Installer\MSI4AA7.tmp-\HD-ShortcutHandler.dll
+ 2012-08-16 06:17 . 2012-08-16 06:17 127128 c:\windows\Installer\MSI41B1.tmp-\HD-ShortcutHandler.dll
+ 2012-08-16 06:17 . 2012-08-16 06:17 186008 c:\windows\Installer\MSI41B1.tmp-\HD-LibraryHandler.dll
+ 2012-08-16 06:17 . 2012-08-16 06:17 127128 c:\windows\Installer\MSI3E85.tmp-\HD-ShortcutHandler.dll
+ 2012-01-11 23:52 . 2011-11-24 05:00 3141632 c:\windows\system32\win32k.sys
+ 2009-07-13 22:04 . 2009-06-10 21:01 1485312 c:\windows\system32\drivers\VSTDPV6.SYS
+ 2012-03-04 20:31 . 2012-03-04 20:31 1390640 c:\windows\system32\drivers\SynTP.sys
+ 2009-06-10 20:37 . 2009-07-14 01:45 1524816 c:\windows\system32\drivers\ql2300.sys
+ 2012-03-04 20:55 . 2012-03-04 20:55 8507392 c:\windows\system32\drivers\NETwNs64.sys
+ 2009-06-10 20:35 . 2009-06-10 20:35 5434368 c:\windows\system32\drivers\netw5v64.sys
+ 2010-01-14 00:37 . 2010-01-14 00:37 7675392 c:\windows\system32\drivers\NETw5s64.sys
+ 2009-06-10 20:37 . 2009-06-10 20:37 6108416 c:\windows\system32\drivers\igdkmd64.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34 3286016 c:\windows\system32\drivers\evbda.sys
+ 2010-01-22 17:13 . 2010-01-22 17:13 6233088 c:\windows\system32\drivers\atipmdag.sys
+ 2012-03-04 20:34 . 2012-03-04 20:33 7767552 c:\windows\system32\drivers\atikmdag.sys
+ 2009-06-20 02:09 . 2009-06-20 02:09 1394688 c:\windows\system32\drivers\athrx.sys
+ 2012-01-11 08:53 . 2012-08-17 05:56 29914400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883064037-2048478377-2091528665-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwag.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwag.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-08-02 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
GomezPEER.lnk - c:\program files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe [2011-4-27 73728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-08 31080]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.exe [2012-02-20 240408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-03-04 8507392]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/01/10 10:23];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 23:48 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-04 203264]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.exe [2012-02-20 193816]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2009-10-16 22072]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-09 338168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-04 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-04 279040]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-14 7675392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - C9029F9D23637670
*Deregistered* - c9029f9d23637670
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-01-11 08:23]
.
2012-08-17 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2012-01-11 08:23]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883064037-2048478377-2091528665-1001Core.job
- c:\users\Annis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 00:52]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883064037-2048478377-2091528665-1001UA.job
- c:\users\Annis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 00:52]
.
2012-08-14 c:\windows\Tasks\HPCeeScheduleForAnnis.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 11:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-20 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"combofix"="c:\combofix\CF19431.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg.com/?cid={6FA327A7-8272-47C6-9E86-2663DB782372}&mid=81eca5d0caad47d0a311a1bad3c91cea-3e1a5f554b282559f26ed7df46d8a8f3a9193a04&lang=en&ds=pp016&pr=sa&d=2012-07-23 00:16&v=12.1.0.20&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Annis\AppData\Roaming\Mozilla\Firefox\Profiles\ie75hg71.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\c9029f9d23637670]
"ImagePath"="\SystemRoot\System32\Drivers\c9029f9d23637670.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\progra~2\Gomez\GOMEZP~1\jre\bin\java.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-08-16 23:05:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-17 06:05
ComboFix2.txt 2012-08-15 02:05
.
Pre-Run: 116,223,287,296 bytes free
Post-Run: 116,168,507,392 bytes free
.
- - End Of File - - 2A308723672F3D95DA85A15C721B24ED





TDSSKiller




23:42:41.0935 2312 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
23:42:42.0481 2312 ============================================================
23:42:42.0481 2312 Current date / time: 2012/08/16 23:42:42.0481
23:42:42.0481 2312 SystemInfo:
23:42:42.0481 2312
23:42:42.0481 2312 OS Version: 6.1.7600 ServicePack: 0.0
23:42:42.0481 2312 Product type: Workstation
23:42:42.0481 2312 ComputerName: ANNIS-PC
23:42:42.0481 2312 UserName: Annis
23:42:42.0481 2312 Windows directory: C:\Windows
23:42:42.0481 2312 System windows directory: C:\Windows
23:42:42.0481 2312 Running under WOW64
23:42:42.0481 2312 Processor architecture: Intel x64
23:42:42.0481 2312 Number of processors: 8
23:42:42.0481 2312 Page size: 0x1000
23:42:42.0481 2312 Boot type: Normal boot
23:42:42.0481 2312 ============================================================
23:42:43.0698 2312 BG loaded
23:42:46.0851 2312 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:42:46.0871 2312 ============================================================
23:42:46.0871 2312 \Device\Harddisk0\DR0:
23:42:46.0871 2312 MBR partitions:
23:42:46.0871 2312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:42:46.0871 2312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x224CB000
23:42:46.0871 2312 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2252F000, BlocksNum 0x2ECB800
23:42:46.0871 2312 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
23:42:46.0871 2312 ============================================================
23:42:47.0121 2312 C: <-> \Device\Harddisk0\DR0\Partition2
23:42:47.0238 2312 D: <-> \Device\Harddisk0\DR0\Partition3
23:42:47.0253 2312 E: <-> \Device\Harddisk0\DR0\Partition4
23:42:47.0253 2312 ============================================================
23:42:47.0253 2312 Initialize success
23:42:47.0253 2312 ============================================================

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 17 August 2012 - 08:48 AM

the TDSSKiller log wasn't complete if you could re-post it again

and that file regenerated, so we need to find another way to deal with it

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 17 August 2012 - 10:44 PM

Oh, sorry about that! Here's the TDSSKiller Log:


23:42:41.0935 2312 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
23:42:42.0481 2312 ============================================================
23:42:42.0481 2312 Current date / time: 2012/08/16 23:42:42.0481
23:42:42.0481 2312 SystemInfo:
23:42:42.0481 2312
23:42:42.0481 2312 OS Version: 6.1.7600 ServicePack: 0.0
23:42:42.0481 2312 Product type: Workstation
23:42:42.0481 2312 ComputerName: ANNIS-PC
23:42:42.0481 2312 UserName: Annis
23:42:42.0481 2312 Windows directory: C:\Windows
23:42:42.0481 2312 System windows directory: C:\Windows
23:42:42.0481 2312 Running under WOW64
23:42:42.0481 2312 Processor architecture: Intel x64
23:42:42.0481 2312 Number of processors: 8
23:42:42.0481 2312 Page size: 0x1000
23:42:42.0481 2312 Boot type: Normal boot
23:42:42.0481 2312 ============================================================
23:42:43.0698 2312 BG loaded
23:42:46.0851 2312 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:42:46.0871 2312 ============================================================
23:42:46.0871 2312 \Device\Harddisk0\DR0:
23:42:46.0871 2312 MBR partitions:
23:42:46.0871 2312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:42:46.0871 2312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x224CB000
23:42:46.0871 2312 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2252F000, BlocksNum 0x2ECB800
23:42:46.0871 2312 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
23:42:46.0871 2312 ============================================================
23:42:47.0121 2312 C: <-> \Device\Harddisk0\DR0\Partition2
23:42:47.0238 2312 D: <-> \Device\Harddisk0\DR0\Partition3
23:42:47.0253 2312 E: <-> \Device\Harddisk0\DR0\Partition4
23:42:47.0253 2312 ============================================================
23:42:47.0253 2312 Initialize success
23:42:47.0253 2312 ============================================================
00:10:01.0366 1708 Deinitialize success

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:42 PM

Posted 18 August 2012 - 07:24 AM

if that's all there is to the log, then it didn't run properly if you could please run it again and give it plenty of time to complete

thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 ishme4nowz

ishme4nowz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 18 August 2012 - 08:42 AM

Alright so I ran it again and this time, there were no threats found? It processed 454 objects and when I click on Details, it says that all the files are OK. No log was produced either. When I ran it for the very first time that resulted in the first log, it found only one threat (which was selected to be deleted) and the rest were listed as being at medium risk (all selected to be skipped). This time, only an option to start another scan shows up after finishing the scan - no reboot or log.

Edited by ishme4nowz, 18 August 2012 - 08:51 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users