Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Infection (moved from "am I infected" forum


  • This topic is locked This topic is locked
27 replies to this topic

#1 SIMMS156

SIMMS156

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 09 December 2012 - 05:32 PM

Getting unwanted adds and explorer stops responding.

Link to "am I infected" posts

http://www.bleepingcomputer.com/forums/topic477727.html/page__p__2915445__fromsearch__1#entry2915445

See Attached logs

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:27 PM

Posted 09 December 2012 - 06:31 PM

Hello SIMMS156 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



Next please follow the instructions below:


  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
  • Don't copy the word "quoted"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\temp\*.exe
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %Public%\Documents\Fonts\*.exe
    %Public%\Documents\Config\*.exe
    %Public%\Documents\*.*
    %ProgramData%\*.*
    %ProgramData%\*.
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.exe
    %commonprogramfiles(x86)%\*.*
    %ProgramFiles%\*.*
    %ProgramFiles%\*.
    %ProgramFiles(x86)%\*.*
    %ProgramFiles(x86)%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %AllUsersProfile%\Microsoft\Windows\DRM\*.tmp
    %AllUsersProfile%\Microsoft\Windows\DRM\*.tmp
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop

  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
    • OTL.txt <-- Will be opened


Since we have different timezone between here and US we will continue tomorrow as I need some sleep now. :)



Regards,
Georgi

cXfZ4wS.png


#3 SIMMS156

SIMMS156
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 09 December 2012 - 09:56 PM

OTL logfile created on: 12/9/2012 4:43:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\windows 7.windows7-HP\Desktop\fix
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.55% Memory free
3.98 Gb Paging File | 2.85 Gb Available in Paging File | 71.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.80 Gb Total Space | 206.95 Gb Free Space | 73.18% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: NTFS

Computer Name: WINDOWS7-HP | User Name: windows 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2012/12/09 15:56:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\windows 7.windows7-HP\Desktop\fix\OTL.scr
PRC - [2012/12/04 13:12:58 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 10:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2012/07/27 11:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/17 20:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/07/15 19:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 10:06:12 | 000,251,744 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/06/06 09:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/23 09:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/25 20:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 15:49:34 | 000,113,168 | ---- | M] (DEVGURU Co., LTD) -- C:\Windows\System32\ptumlcmsvc.exe
PRC - [2010/06/03 15:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
PRC - [2009/07/27 14:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/27 06:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/13 16:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009/06/18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/06/17 07:56:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/17 07:56:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/03/02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/18 14:39:34 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/03/18 14:34:57 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll
MOD - [2012/03/18 14:34:45 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8435718626a24beaeefc98d45ae77127\PresentationFramework.ni.dll
MOD - [2012/03/18 14:34:11 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a3f989a61ab0468876629134c49514b2\UIAutomationTypes.ni.dll
MOD - [2012/03/18 14:34:09 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c0508b05f5c28e37711f447a66368e75\PresentationCore.ni.dll
MOD - [2012/03/18 14:33:39 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
MOD - [2012/03/18 14:33:26 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
MOD - [2012/03/18 14:32:56 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/03/18 14:32:51 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012/03/18 14:32:27 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
MOD - [2012/03/18 14:32:18 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/03/18 14:32:10 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/03/18 14:31:58 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/03/18 14:31:41 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/06/24 17:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 17:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/01 10:48:48 | 008,217,088 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/04/01 10:41:58 | 002,267,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/06/01 06:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/01/11 12:59:42 | 000,116,736 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/07/15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/06/17 10:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 10:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 10:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/10 12:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart -- (myAgtSvc)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE -- (EngineServer)
SRV - [2012/12/04 13:13:01 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/19 14:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 11:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/09/12 21:24:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/27 11:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/31 10:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 09:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/02/08 00:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/13 15:49:34 | 000,113,168 | ---- | M] (DEVGURU Co., LTD) [Auto | Running] -- C:\Windows\System32\ptumlcmsvc.exe -- (ptumlcmsvc)
SRV - [2010/08/15 13:22:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/03 15:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2009/07/27 06:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/13 16:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009/06/18 08:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/17 07:56:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/06/13 09:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Users\WINDOW~1.WIN\AppData\Local\Temp\3189.sys -- (3189)
DRV - [2011/05/27 14:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 19:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 11:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 09:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 03:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 02:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 02:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 01:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/01 07:16:14 | 000,168,848 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMLNVsp.sys -- (PTUMLNVsp)
DRV - [2010/12/01 07:16:14 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMLVsp.sys -- (PTUMLVsp)
DRV - [2010/12/01 07:16:14 | 000,084,496 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMLNET61.sys -- (PTUMLNET61)
DRV - [2010/12/01 07:16:14 | 000,059,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMLRMNET.sys -- (PTUMLRMNET)
DRV - [2010/12/01 07:16:12 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMLMdm.sys -- (PTUMLMdm)
DRV - [2010/12/01 07:16:12 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMLCVsp.sys -- (PTUMLCVsp)
DRV - [2010/12/01 07:16:10 | 000,059,664 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMLBUS.sys -- (PTUMLBUS)
DRV - [2010/07/08 06:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 06:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000)
DRV - [2010/07/08 06:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_000.sys -- (NWUSBPort_000)
DRV - [2010/07/08 06:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000)
DRV - [2010/07/08 06:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/07/27 06:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 00:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/13 14:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 14:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 14:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 13:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/02 08:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/05/15 17:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/20 08:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/01 08:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope = {C42C5E93-E3B8-452F-9EAA-E9D2357C8A59}
IE - HKLM\..\SearchScopes\{C42C5E93-E3B8-452F-9EAA-E9D2357C8A59}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\SearchScopes,DefaultScope = {F956131E-03A4-4EB1-AC8D-55518F8FD7DE}
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\SearchScopes\{4BA632CD-BFFA-4DD9-A1C2-29BD78849468}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\SearchScopes\{9784862D-D9D0-41D2-87E5-C8BE1ED1F263}: "URL" = http://search.avg.com/route/?d=4c66e4b1&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\SearchScopes\{C42C5E93-E3B8-452F-9EAA-E9D2357C8A59}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\SearchScopes\{ECBE922F-ACD0-4413-B901-5E9A1909523F}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\SearchScopes\{F956131E-03A4-4EB1-AC8D-55518F8FD7DE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/07/12 18:37:08 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/12/04 23:11:28 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe File not found
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001..\Run: [EPSON Stylus CX7800 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{159EFC8E-175C-4A69-906D-7CD1D5F72A8B}: DhcpNameServer = 69.78.80.231 69.78.134.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE310D6-89A0-4EBC-AC56-F1AA3042D9A3}: DhcpNameServer = 66.174.71.33 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3BAAC1D-86E9-44F0-B13B-5CFA4E377E66}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.350.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cb9040c7-24c0-11e0-92bd-d8d3853fe892}\Shell - "" = AutoRun
O33 - MountPoints2\{cb9040c7-24c0-11e0-92bd-d8d3853fe892}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{cb9040d7-24c0-11e0-92bd-d8d3853fe892}\Shell - "" = AutoRun
O33 - MountPoints2\{cb9040d7-24c0-11e0-92bd-d8d3853fe892}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0116AC7B-1B74-4D8C-8977-D99D662CF61C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {14A34AD8-3F6E-4D46-8985-00CB5920D2AE} - NoIE8Tour
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7711C053-CBEC-24BF-15A7-24773939B67E} - Internet Explorer
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7B347CEF-864F-4DAE-49B5-FD569814EFD0} - Browser Customizations
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {883D24CB-FAC1-C7DC-2198-ADFB8218959D} - NoIE8Tour
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\windows\system32\rundll32.exe C:\windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {B0DD3513-FB5F-450A-81AE-CBF66EDA0280} - Yahoo! Search Settings Update
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{29ECE57F-9389-45D1-ABA8-7B952C7E9081} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2012/12/09 13:50:52 | 000,000,000 | ---D | C] -- C:\Users\windows 7.windows7-HP\Desktop\fix
[2012/12/09 11:17:15 | 000,000,000 | ---D | C] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Malwarebytes
[2012/12/09 11:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/09 11:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/09 11:16:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/12/09 11:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/05 19:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/05 19:00:57 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012/12/05 19:00:57 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/12/05 19:00:57 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/12/05 19:00:57 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/12/05 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/12/05 15:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/05 15:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/04 13:09:59 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/12/01 22:59:05 | 000,000,000 | ---D | C] -- C:\Users\windows 7.windows7-HP\FrostWire
[2012/12/01 22:59:01 | 000,000,000 | ---D | C] -- C:\Users\windows 7.windows7-HP\.frostwire5
[2012/11/29 13:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2012/11/29 13:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PrintProjects
[2012/11/29 13:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
[2012/11/29 13:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\PrintProjects
[2012/11/29 13:00:51 | 000,000,000 | ---D | C] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\KODAK AiO Home Center1234016931
[2012/11/29 12:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/11/29 12:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/11/08 14:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 14:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/08 14:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/11/04 00:24:14 | 000,000,000 | ---D | C] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Roxio
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\System32\QuickTime.qts
[2012/10/15 09:03:38 | 000,123,904 | ---- | C] (Eastman Kodak Company) -- C:\windows\System32\EKAiOWiaCoInst.dll
[2012/10/15 09:03:36 | 000,010,240 | ---- | C] (Eastman Kodak Company) -- C:\windows\System32\EKAiOWiaCoInstRes.dll
[2012/10/08 10:05:44 | 000,604,672 | ---- | C] (Eastman Kodak Company) -- C:\windows\System32\EKIJ5000MON.dll
[2012/10/08 10:05:26 | 000,118,784 | ---- | C] (Eastman Kodak Company) -- C:\windows\System32\EKIJCOINST13.dll
[2012/09/21 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\windows 7.windows7-HP\Documents\trip to alaska 2
[2012/09/21 12:22:00 | 000,000,000 | ---D | C] -- C:\Users\windows 7.windows7-HP\Documents\trip to alaska
[2012/09/12 21:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2012/09/12 21:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone
[2012/09/12 21:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdBackup
[2012/09/12 21:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/09/12 21:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/09/12 21:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2012/12/09 16:42:03 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/09 16:40:22 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 16:39:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/09 16:39:46 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/09 16:32:04 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/09 13:16:37 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/09 13:16:37 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/09 13:08:58 | 203,595,176 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/12/08 18:44:59 | 000,000,288 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{6CAA541C-4775-478D-9207-691B4B3FF2B7}.job
[2012/12/08 12:57:21 | 000,627,082 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/12/08 12:57:21 | 000,107,366 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/12/05 19:00:41 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll
[2012/12/05 19:00:41 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012/12/05 19:00:41 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/12/05 19:00:41 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/12/05 19:00:41 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/12/05 15:43:35 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/04 23:11:28 | 000,000,761 | RHS- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/12/04 13:12:59 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/12/04 13:12:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/12/01 23:18:18 | 000,001,242 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Desktop\Torrent Data - Shortcut.lnk
[2012/11/29 13:04:58 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\PrintProjects.lnk
[2012/11/29 13:04:06 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/29 13:03:12 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2012/11/23 22:27:00 | 000,096,853 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\Vibram-Bikila.jpg
[2012/11/23 22:19:34 | 000,576,100 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\shoe4.png
[2012/11/23 22:18:56 | 000,573,955 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\shoe3.png
[2012/11/23 22:18:07 | 000,568,375 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\shoe2.png
[2012/11/23 22:17:22 | 000,529,473 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\shoe1.png
[2012/11/23 21:58:32 | 000,589,194 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\untitled3.png
[2012/11/23 21:56:49 | 000,201,322 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\58083_001.jpg
[2012/11/23 21:48:10 | 000,494,961 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\untitled2.png
[2012/11/23 21:46:43 | 000,203,021 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\31885_001.jpg
[2012/11/23 21:32:28 | 000,529,742 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\untitled.png
[2012/11/23 21:04:51 | 000,158,383 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\99503_001.jpg
[2012/11/23 21:04:37 | 000,192,511 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\99495_001.jpg
[2012/11/23 21:00:29 | 000,125,090 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\31780_001.jpg
[2012/11/23 20:58:35 | 000,139,179 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\39868_001.jpg
[2012/11/21 09:16:09 | 000,064,608 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\kids.jpg
[2012/11/18 19:25:50 | 002,718,490 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\300389AA.SS6.PS.Elite.QSG.US.5.7.web.pdf
[2012/11/08 14:05:22 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/04 13:58:41 | 043,458,200 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1173.MOV
[2012/11/04 12:35:06 | 000,796,207 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1172.PNG
[2012/11/04 12:34:03 | 021,545,649 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1171.MOV
[2012/11/04 12:32:57 | 096,741,398 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1170.MOV
[2012/11/04 12:31:22 | 016,967,729 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1169.MOV
[2012/11/04 12:30:38 | 048,080,667 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1168.MOV
[2012/11/04 12:28:47 | 015,264,734 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1167.MOV
[2012/11/04 12:28:09 | 042,382,280 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1166.MOV
[2012/11/04 12:26:28 | 030,157,764 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1165.MOV
[2012/11/04 12:24:38 | 041,699,805 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1164.MOV
[2012/11/04 12:23:01 | 046,170,009 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1163.MOV
[2012/11/04 12:21:13 | 033,116,014 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1162.MOV
[2012/11/04 12:18:47 | 057,572,443 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1161.MOV
[2012/11/04 12:00:51 | 033,061,941 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1159.MOV
[2012/11/04 12:00:07 | 005,655,160 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1158.MOV
[2012/11/03 22:57:30 | 000,002,503 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/11/03 22:57:30 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/10/28 15:34:24 | 012,845,773 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1153.MOV
[2012/10/28 15:32:56 | 009,187,819 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1152.MOV
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\System32\QuickTime.qts
[2012/10/19 14:18:02 | 000,440,704 | ---- | M] () -- C:\windows\CouponPrinter.ocx
[2012/10/15 09:03:38 | 000,123,904 | ---- | M] (Eastman Kodak Company) -- C:\windows\System32\EKAiOWiaCoInst.dll
[2012/10/15 09:03:36 | 000,010,240 | ---- | M] (Eastman Kodak Company) -- C:\windows\System32\EKAiOWiaCoInstRes.dll
[2012/10/13 15:19:03 | 002,495,600 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\phone3.JPG
[2012/10/13 15:18:59 | 002,064,138 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\phone2.JPG
[2012/10/13 15:18:55 | 001,876,171 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\phone1.JPG
[2012/10/09 15:32:56 | 048,522,774 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1120.MOV
[2012/10/09 15:30:02 | 012,016,875 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1119.MOV
[2012/10/09 15:26:07 | 035,937,000 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1118.MOV
[2012/10/09 15:23:00 | 059,949,397 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1116.MOV
[2012/10/09 15:20:56 | 044,893,410 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1115.MOV
[2012/10/08 10:05:44 | 000,604,672 | ---- | M] (Eastman Kodak Company) -- C:\windows\System32\EKIJ5000MON.dll
[2012/10/08 10:05:26 | 000,118,784 | ---- | M] (Eastman Kodak Company) -- C:\windows\System32\EKIJCOINST13.dll
[2012/09/30 15:42:34 | 000,036,475 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\il_570xN_247508240.jpg
[2012/09/30 14:39:36 | 000,050,901 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\basketball.jpg
[2012/09/30 14:37:14 | 000,037,442 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\football2.jpg
[2012/09/30 14:32:35 | 000,027,236 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\soccer ball.jpg
[2012/09/30 14:21:45 | 000,027,661 | ---- | M] () -- C:\Users\windows 7.windows7-HP\Documents\football.jpg
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/29 09:14:08 | 000,001,147 | ---- | M] () -- C:\windows\System32\EKAiOWiaCoInst.ini
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/08 18:44:59 | 000,000,288 | -H-- | C] () -- C:\windows\tasks\User_Feed_Synchronization-{6CAA541C-4775-478D-9207-691B4B3FF2B7}.job
[2012/12/05 15:43:35 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/01 23:18:18 | 000,001,242 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Desktop\Torrent Data - Shortcut.lnk
[2012/11/29 13:04:58 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\PrintProjects.lnk
[2012/11/29 13:04:06 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2012/11/29 13:03:12 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Get CleanPrint.lnk
[2012/11/23 22:27:09 | 000,096,853 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\Vibram-Bikila.jpg
[2012/11/23 22:19:33 | 000,576,100 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\shoe4.png
[2012/11/23 22:18:55 | 000,573,955 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\shoe3.png
[2012/11/23 22:18:07 | 000,568,375 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\shoe2.png
[2012/11/23 22:17:22 | 000,529,473 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\shoe1.png
[2012/11/23 21:58:32 | 000,589,194 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\untitled3.png
[2012/11/23 21:56:59 | 000,201,322 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\58083_001.jpg
[2012/11/23 21:48:09 | 000,494,961 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\untitled2.png
[2012/11/23 21:46:53 | 000,203,021 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\31885_001.jpg
[2012/11/23 21:32:28 | 000,529,742 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\untitled.png
[2012/11/23 21:18:45 | 000,192,511 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\99495_001.jpg
[2012/11/23 21:05:13 | 000,158,383 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\99503_001.jpg
[2012/11/23 21:00:54 | 000,125,090 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\31780_001.jpg
[2012/11/23 20:58:47 | 000,139,179 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\39868_001.jpg
[2012/11/22 19:50:02 | 012,845,773 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1153.MOV
[2012/11/22 19:50:00 | 009,187,819 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1152.MOV
[2012/11/22 19:49:51 | 048,522,774 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1120.MOV
[2012/11/22 19:49:48 | 012,016,875 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1119.MOV
[2012/11/22 19:49:41 | 035,937,000 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1118.MOV
[2012/11/22 19:49:30 | 059,949,397 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1116.MOV
[2012/11/22 19:49:21 | 044,893,410 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1115.MOV
[2012/11/22 19:48:02 | 043,458,200 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1173.MOV
[2012/11/22 19:48:02 | 000,796,207 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1172.PNG
[2012/11/22 19:47:57 | 021,545,649 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1171.MOV
[2012/11/22 19:47:38 | 096,741,398 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1170.MOV
[2012/11/22 19:47:35 | 016,967,729 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1169.MOV
[2012/11/22 19:47:26 | 048,080,667 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1168.MOV
[2012/11/22 19:47:23 | 015,264,734 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1167.MOV
[2012/11/22 19:47:14 | 042,382,280 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1166.MOV
[2012/11/22 19:47:09 | 030,157,764 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1165.MOV
[2012/11/22 19:46:58 | 041,699,805 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1164.MOV
[2012/11/22 19:46:48 | 046,170,009 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1163.MOV
[2012/11/22 19:46:41 | 033,116,014 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1162.MOV
[2012/11/22 19:46:29 | 057,572,443 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1161.MOV
[2012/11/22 19:46:23 | 033,061,941 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1159.MOV
[2012/11/22 19:46:22 | 005,655,160 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\IMG_1158.MOV
[2012/11/21 09:16:09 | 000,064,608 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\kids.jpg
[2012/11/18 19:25:50 | 002,718,490 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\300389AA.SS6.PS.Elite.QSG.US.5.7.web.pdf
[2012/11/08 14:05:22 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/10/13 19:45:08 | 000,440,704 | ---- | C] () -- C:\windows\CouponPrinter.ocx
[2012/10/13 15:18:10 | 002,495,600 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\phone3.JPG
[2012/10/13 15:17:40 | 002,064,138 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\phone2.JPG
[2012/10/13 15:17:12 | 001,876,171 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\phone1.JPG
[2012/09/30 15:42:55 | 000,036,475 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\il_570xN_247508240.jpg
[2012/09/30 14:39:49 | 000,050,901 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\basketball.jpg
[2012/09/30 14:37:44 | 000,037,442 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\football2.jpg
[2012/09/30 14:33:05 | 000,027,236 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\soccer ball.jpg
[2012/09/30 14:22:18 | 000,027,661 | ---- | C] () -- C:\Users\windows 7.windows7-HP\Documents\football.jpg
[2012/09/29 09:14:08 | 000,001,147 | ---- | C] () -- C:\windows\System32\EKAiOWiaCoInst.ini
[2011/02/02 12:53:34 | 000,073,220 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2011/02/02 12:53:34 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2011/02/02 12:53:34 | 000,029,114 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2011/02/02 12:53:34 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2011/02/02 12:53:34 | 000,021,021 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2011/02/02 12:53:34 | 000,015,670 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2011/02/02 12:53:34 | 000,013,280 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2011/02/02 12:53:34 | 000,010,673 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2011/02/02 12:53:34 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2011/02/02 12:53:34 | 000,001,140 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2011/02/02 12:53:34 | 000,001,140 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2011/02/02 12:53:34 | 000,001,137 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2011/02/02 12:53:34 | 000,001,130 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2011/02/02 12:53:34 | 000,001,130 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2011/02/02 12:53:34 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2011/02/02 12:53:34 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini

========== ZeroAccess Check ==========

[2012/12/04 13:04:32 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\@
[2012/12/05 12:13:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\L
[2012/12/07 08:16:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U
[2012/12/09 10:58:01 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\L\00000004.@
[2012/12/04 13:04:34 | 000,002,048 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\00000004.@
[2012/12/04 13:04:39 | 000,232,960 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\00000008.@
[2012/12/04 13:04:34 | 000,001,632 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\000000cb.@
[2012/12/04 13:04:35 | 000,011,776 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\80000000.@
[2012/12/04 13:04:37 | 000,096,256 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\80000032.@
[2010/08/13 15:10:38 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2012/12/09 10:58:01 | 000,000,000 | -HS- | M] () -- C:\windows\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/01/04 00:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 00:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/07/13 16:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 16:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/23 14:29:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2012/07/23 14:29:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2012/07/12 18:37:12 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\AVG10
[2011/07/28 10:44:35 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Elluminate
[2011/06/04 16:23:26 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\EPSON
[2012/12/09 11:55:58 | 000,000,000 | -HSD | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\FA5BB5
[2012/12/09 11:38:41 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Kideaw
[2011/03/02 09:14:33 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Smith Micro
[2012/03/19 07:13:25 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Temp

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/13 16:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/12/09 16:39:46 | 1603,772,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/09 16:39:46 | 2138,365,952 | -HS- | M] () -- C:\pagefile.sys
[2009/10/19 13:43:50 | 000,047,104 | ---- | M] () -- C:\Thumbs.db

< %USERPROFILE%\*.* >
[2012/12/09 16:51:11 | 003,670,016 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat
[2012/12/09 16:51:11 | 000,262,144 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat.LOG1
[2010/08/13 14:57:08 | 000,000,000 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat.LOG2
[2012/09/10 10:24:51 | 000,065,536 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{15d61df9-f877-11e1-9698-d8d3853fe892}.TM.blf
[2012/09/10 10:24:51 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{15d61df9-f877-11e1-9698-d8d3853fe892}.TMContainer00000000000000000001.regtrans-ms
[2012/09/10 10:24:51 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{15d61df9-f877-11e1-9698-d8d3853fe892}.TMContainer00000000000000000002.regtrans-ms
[2012/07/19 09:48:02 | 000,065,536 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{3585ec59-d1d2-11e1-a42d-d8d3853fe892}.TM.blf
[2012/07/19 09:48:02 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{3585ec59-d1d2-11e1-a42d-d8d3853fe892}.TMContainer00000000000000000001.regtrans-ms
[2012/07/19 09:48:02 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{3585ec59-d1d2-11e1-a42d-d8d3853fe892}.TMContainer00000000000000000002.regtrans-ms
[2011/03/04 05:41:37 | 000,065,536 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{3af64838-44e1-11e0-b9e5-d8d3853fe892}.TM.blf
[2011/03/04 05:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{3af64838-44e1-11e0-b9e5-d8d3853fe892}.TMContainer00000000000000000001.regtrans-ms
[2011/03/04 05:41:37 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{3af64838-44e1-11e0-b9e5-d8d3853fe892}.TMContainer00000000000000000002.regtrans-ms
[2011/06/20 14:25:05 | 000,065,536 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{5afb7c7b-9489-11e0-a8fe-d8d3853fe892}.TM.blf
[2011/06/20 14:25:05 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{5afb7c7b-9489-11e0-a8fe-d8d3853fe892}.TMContainer00000000000000000001.regtrans-ms
[2011/06/20 14:25:05 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{5afb7c7b-9489-11e0-a8fe-d8d3853fe892}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 09:30:44 | 000,065,536 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/14 09:30:44 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 09:30:44 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011/09/30 06:20:42 | 000,065,536 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{9d8ddffb-b465-11e0-a449-d8d3853fe892}.TM.blf
[2011/09/30 06:20:42 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{9d8ddffb-b465-11e0-a449-d8d3853fe892}.TMContainer00000000000000000001.regtrans-ms
[2011/09/30 06:20:42 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{9d8ddffb-b465-11e0-a449-d8d3853fe892}.TMContainer00000000000000000002.regtrans-ms
[2012/07/18 05:31:47 | 000,065,536 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{a844b17a-cc7a-11e1-a696-d8d3853fe892}.TM.blf
[2012/07/18 05:31:47 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{a844b17a-cc7a-11e1-a696-d8d3853fe892}.TMContainer00000000000000000001.regtrans-ms
[2012/07/18 05:31:47 | 000,524,288 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.dat{a844b17a-cc7a-11e1-a696-d8d3853fe892}.TMContainer00000000000000000002.regtrans-ms
[2009/07/26 22:37:06 | 000,000,020 | -HS- | M] () -- C:\Users\windows 7.windows7-HP\ntuser.ini

< %USERPROFILE%\temp\*.exe >

< %USERPROFILE%\AppData\Local\*.* >
[2010/08/13 22:31:43 | 000,000,000 | ---- | M] () -- C:\Users\windows 7.windows7-HP\AppData\Local\AtStart.txt
[2010/08/13 22:31:43 | 000,000,000 | ---- | M] () -- C:\Users\windows 7.windows7-HP\AppData\Local\DSwitch.txt
[2012/03/19 04:52:14 | 000,124,272 | ---- | M] () -- C:\Users\windows 7.windows7-HP\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/12/09 11:54:30 | 001,337,612 | -H-- | M] () -- C:\Users\windows 7.windows7-HP\AppData\Local\IconCache.db
[2010/08/13 22:31:43 | 000,000,000 | ---- | M] () -- C:\Users\windows 7.windows7-HP\AppData\Local\QSwitch.txt

< %USERPROFILE%\AppData\Local\*. >
[2011/02/05 10:31:09 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Adobe
[2011/02/14 15:20:09 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Apple
[2011/07/08 15:05:12 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Apple Computer
[2010/08/13 14:57:08 | 000,000,000 | -HSD | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Application Data
[2012/11/23 20:16:21 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Diagnostics
[2011/01/22 14:38:19 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Downloaded Installations
[2012/11/29 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Eastman Kodak Company
[2012/12/07 11:30:25 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Eastman_Kodak_Company
[2012/12/07 11:27:55 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\ElevatedDiagnostics
[2011/04/11 14:51:55 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Google
[2010/08/13 23:46:35 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Hewlett-Packard
[2010/08/13 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Hewlett-Packard_Company
[2010/08/13 14:57:08 | 000,000,000 | -HSD | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\History
[2012/09/30 14:45:58 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Microsoft
[2010/08/21 16:28:12 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Microsoft Games
[2012/11/15 16:10:12 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\PDFC
[2010/08/21 11:56:57 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Roxio
[2012/12/09 16:43:12 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Temp
[2010/08/13 14:57:08 | 000,000,000 | -HSD | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Temporary Internet Files
[2011/07/08 15:05:29 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\VirtualStore
[2011/02/14 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Local\Yahoo

< %USERPROFILE%\AppData\Local\temp\*.exe >
[2008/09/10 08:17:30 | 000,073,728 | R--- | M] () -- C:\Users\windows 7.windows7-HP\AppData\Local\temp\eject.exe
[2012/12/04 13:00:21 | 000,089,248 | -HS- | M] (Adobe Systems, Inc.) -- C:\Users\windows 7.windows7-HP\AppData\Local\temp\InstallFlashPlayer.exe
[2012/12/05 18:55:51 | 000,912,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\windows 7.windows7-HP\AppData\Local\temp\jre-6u37-windows-i586-iftw.exe
[56 C:\Users\windows 7.windows7-HP\AppData\Local\temp\*.tmp files -> C:\Users\windows 7.windows7-HP\AppData\Local\temp\*.tmp -> ]

< %USERPROFILE%\AppData\Roaming\*.* >

< %USERPROFILE%\AppData\Roaming\*. >
[2011/02/05 10:31:09 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Adobe
[2012/11/15 16:00:34 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Apple Computer
[2012/07/12 18:37:12 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\AVG10
[2011/07/28 10:44:35 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Elluminate
[2011/06/04 16:23:26 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\EPSON
[2012/12/09 11:55:58 | 000,000,000 | -HSD | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\FA5BB5
[2010/08/13 22:42:21 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Hewlett-Packard
[2010/08/13 15:10:38 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\HP TCS
[2010/08/13 14:58:03 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\hpqLog
[2010/08/13 22:31:19 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Identities
[2010/08/13 15:05:10 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\InstallShield
[2012/12/09 11:38:41 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Kideaw
[2012/11/29 13:00:51 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\KODAK AiO Home Center1234016931
[2012/12/09 11:01:26 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Macromedia
[2012/12/09 11:17:15 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Malwarebytes
[2012/09/30 14:45:58 | 000,000,000 | --SD | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Microsoft
[2012/11/04 00:24:22 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Roxio
[2011/03/02 09:14:33 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Smith Micro
[2012/03/19 07:13:25 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Temp
[2011/01/22 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Verizon Wireless
[2012/07/24 17:22:28 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Yahoo!

< %Public%\Documents\Fonts\*.exe >

< %Public%\Documents\Config\*.exe >

< %Public%\Documents\*.* >
[2009/07/13 19:41:57 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini

< %ProgramData%\*.* >
[2010/01/11 13:18:24 | 000,000,188 | ---- | M] () -- C:\ProgramData\HPWALog.txt

< %ProgramData%\*. >
[2012/12/05 15:42:48 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/06 12:52:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011/03/02 09:14:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2011/03/17 07:35:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/13 19:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/07/12 14:38:29 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG10
[2012/07/12 18:37:03 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012
[2011/04/24 15:35:37 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2011/03/17 06:35:21 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2009/07/13 19:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/13 19:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/07/28 12:39:14 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2009/07/13 19:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/09/12 21:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2010/08/13 22:30:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard
[2012/12/09 16:40:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Kodak
[2011/03/20 05:17:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Leapfrog
[2012/12/09 11:16:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012/12/05 18:58:40 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2012/07/12 18:36:36 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2012/03/18 14:02:56 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/07/04 06:22:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/09/02 21:20:03 | 000,000,000 | ---D | M] -- C:\ProgramData\PDFC
[2012/11/29 13:04:58 | 000,000,000 | ---D | M] -- C:\ProgramData\PrintProjects
[2012/09/16 11:34:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Rosetta Stone
[2012/09/12 21:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\RosettaStoneLtdBackup
[2010/01/11 13:12:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Roxio
[2010/08/13 13:05:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2012/11/04 00:24:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Sonic
[2009/07/13 19:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/07/28 10:37:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2010/08/13 13:06:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Symantec
[2009/07/13 19:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/01/11 13:12:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2011/02/12 07:07:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Verizon Wireless
[2012/11/29 13:04:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Visan
[2011/02/12 07:07:30 | 000,000,000 | ---D | M] -- C:\ProgramData\WEngineLite
[2011/05/12 14:51:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Yahoo!
[2012/07/19 13:45:43 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %CommonProgramFiles%\*.* >

< %CommonProgramFiles%\ComObjects*.exe >
Invalid Environment Variable: commonprogramfiles(x86)

< %ProgramFiles%\*.* >
[2009/07/13 19:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %ProgramFiles%\*. >
[2011/06/29 11:17:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/07/18 11:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/07/08 07:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2012/03/18 16:20:14 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/13 13:00:07 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2012/12/05 19:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/11/29 12:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2011/03/20 05:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/08/13 14:52:20 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011/06/11 18:37:57 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/07/14 21:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/11 13:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/08/13 15:04:40 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2010/01/11 12:59:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/08/13 14:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/03/18 14:28:09 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/12/05 15:42:01 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2012/12/05 15:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/07/28 10:37:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/07/23 14:30:55 | 000,000,000 | ---D | M] -- C:\Program Files\Kodak
[2011/03/20 05:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\LeapFrog
[2010/08/13 15:06:29 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2012/12/09 11:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/11 12:50:00 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2012/03/18 14:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/27 02:09:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/01/11 13:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/11 13:13:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/08/13 13:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/01/11 13:06:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/03/19 04:09:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/09/08 08:54:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/13 19:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/15 13:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/01/22 14:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\Novatel Wireless
[2010/08/13 15:10:36 | 000,000,000 | R--D | M] -- C:\Program Files\Online Services
[2011/03/02 09:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\PANTECH
[2010/01/11 12:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Complete
[2012/11/29 13:04:58 | 000,000,000 | ---D | M] -- C:\Program Files\PrintProjects
[2012/11/08 14:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/07/13 19:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/09/12 21:30:55 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2010/01/11 13:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2012/11/03 22:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/08/13 15:09:15 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/08/13 13:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/08/13 18:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/07/13 19:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/02/12 07:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon Wireless
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/08/13 15:08:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/08/13 15:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 19:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/08/13 23:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2010/08/13 14:56:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/05/13 05:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
Invalid Environment Variable: ProgramFiles(x86)
Invalid Environment Variable: ProgramFiles(x86)

< %programdata%\Microsoft\Windows\DRM\*.tmp >
[1 C:\ProgramData\Microsoft\Windows\DRM\*.tmp files -> C:\ProgramData\Microsoft\Windows\DRM\*.tmp -> ]

< %programdata%\Microsoft\Windows\DRM\*.tmp >
[1 C:\ProgramData\Microsoft\Windows\DRM\*.tmp files -> C:\ProgramData\Microsoft\Windows\DRM\*.tmp -> ]

< %AllUsersProfile%\Microsoft\Windows\DRM\*.tmp >
[1 C:\ProgramData\Microsoft\Windows\DRM\*.tmp files -> C:\ProgramData\Microsoft\Windows\DRM\*.tmp -> ]

< %AllUsersProfile%\Microsoft\Windows\DRM\*.tmp >
[1 C:\ProgramData\Microsoft\Windows\DRM\*.tmp files -> C:\ProgramData\Microsoft\Windows\DRM\*.tmp -> ]

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >

< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >

< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >

< %windir%\temp\*.exe >
[2010/11/22 09:34:09 | 001,475,650 | ---- | M] (AVG Technologies ) -- C:\windows\temp\AVGProductUpdate.exe
[44 C:\windows\temp\*.tmp files -> C:\windows\temp\*.tmp -> ]

< %windir%\*. >
[2010/08/13 14:52:20 | 000,000,000 | ---D | M] -- C:\windows\addins
[2012/12/09 11:55:58 | 000,000,000 | ---D | M] -- C:\windows\AppCompat
[2011/05/03 04:46:57 | 000,000,000 | ---D | M] -- C:\windows\AppPatch
[2012/11/29 13:04:55 | 000,000,000 | R-SD | M] -- C:\windows\assembly
[2010/08/13 14:43:37 | 000,000,000 | ---D | M] -- C:\windows\Boot
[2010/08/13 14:43:37 | 000,000,000 | ---D | M] -- C:\windows\Branding
[2010/11/29 23:00:30 | 000,000,000 | ---D | M] -- C:\windows\CheckSur
[2010/08/13 14:52:20 | 000,000,000 | ---D | M] -- C:\windows\Cursors
[2011/03/12 08:46:12 | 000,000,000 | ---D | M] -- C:\windows\debug
[2010/08/13 14:43:37 | 000,000,000 | ---D | M] -- C:\windows\diagnostics
[2010/08/13 23:22:23 | 000,000,000 | ---D | M] -- C:\windows\DigitalLocker
[2012/11/28 18:20:58 | 000,000,000 | ---D | M] -- C:\windows\Downloaded Program Files
[2012/03/18 14:28:11 | 000,000,000 | ---D | M] -- C:\windows\ehome
[2010/08/13 14:51:11 | 000,000,000 | ---D | M] -- C:\windows\en-US
[2012/03/19 04:09:33 | 000,000,000 | R-SD | M] -- C:\windows\Fonts
[2010/08/13 14:43:42 | 000,000,000 | ---D | M] -- C:\windows\Globalization
[2010/08/13 14:43:44 | 000,000,000 | ---D | M] -- C:\windows\Help
[2010/08/13 15:06:21 | 000,000,000 | ---D | M] -- C:\windows\HPQ
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\IME
[2012/12/09 16:47:56 | 000,000,000 | ---D | M] -- C:\windows\inf
[2012/12/05 19:01:27 | 000,000,000 | -HSD | M] -- C:\windows\Installer
[2011/06/11 18:41:21 | 000,000,000 | ---D | M] -- C:\windows\L2Schemas
[2009/07/13 17:03:55 | 000,000,000 | ---D | M] -- C:\windows\LiveKernelReports
[2011/03/26 07:01:40 | 000,000,000 | ---D | M] -- C:\windows\Logs
[2011/06/11 18:41:21 | 000,000,000 | R-SD | M] -- C:\windows\Media
[2012/03/19 05:19:07 | 000,000,000 | ---D | M] -- C:\windows\Microsoft.NET
[2012/12/09 13:09:03 | 000,000,000 | ---D | M] -- C:\windows\Minidump
[2011/02/09 09:04:35 | 000,000,000 | ---D | M] -- C:\windows\ModemLogs
[2011/03/26 07:02:03 | 000,000,000 | -H-D | M] -- C:\windows\msdownld.tmp
[2010/08/13 14:44:02 | 000,000,000 | ---D | M] -- C:\windows\OEMCert
[2010/08/13 14:52:25 | 000,000,000 | ---D | M] -- C:\windows\Offline Web Pages
[2010/08/13 13:01:26 | 000,000,000 | ---D | M] -- C:\windows\Options
[2010/08/13 12:52:23 | 000,000,000 | ---D | M] -- C:\windows\Panther
[2010/01/11 13:05:46 | 000,000,000 | ---D | M] -- C:\windows\PCHEALTH
[2010/08/13 14:44:02 | 000,000,000 | ---D | M] -- C:\windows\Performance
[2010/08/13 14:44:02 | 000,000,000 | ---D | M] -- C:\windows\PLA
[2011/03/27 06:32:18 | 000,000,000 | ---D | M] -- C:\windows\PolicyDefinitions
[2012/12/09 14:48:03 | 000,000,000 | ---D | M] -- C:\windows\Prefetch
[2012/09/06 12:52:36 | 000,000,000 | ---D | M] -- C:\windows\registration
[2012/03/18 15:19:21 | 000,000,000 | ---D | M] -- C:\windows\rescache
[2010/08/13 14:44:02 | 000,000,000 | ---D | M] -- C:\windows\Resources
[2009/07/13 17:05:02 | 000,000,000 | ---D | M] -- C:\windows\SchCache
[2010/08/13 14:44:02 | 000,000,000 | ---D | M] -- C:\windows\schemas
[2010/08/13 14:44:02 | 000,000,000 | ---D | M] -- C:\windows\security
[2009/07/13 19:34:14 | 000,000,000 | ---D | M] -- C:\windows\ServiceProfiles
[2010/08/13 23:22:23 | 000,000,000 | ---D | M] -- C:\windows\servicing
[2010/08/13 14:44:08 | 000,000,000 | ---D | M] -- C:\windows\Setup
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\ShellNew
[2010/08/15 13:21:49 | 000,000,000 | ---D | M] -- C:\windows\SoftwareDistribution
[2010/08/13 14:44:08 | 000,000,000 | ---D | M] -- C:\windows\Speech
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system
[2012/12/09 16:47:56 | 000,000,000 | ---D | M] -- C:\windows\System32
[2010/08/13 14:52:34 | 000,000,000 | ---D | M] -- C:\windows\TAPI
[2012/12/08 18:44:59 | 000,000,000 | ---D | M] -- C:\windows\Tasks
[2012/12/09 16:43:16 | 000,000,000 | ---D | M] -- C:\windows\Temp
[2009/07/13 17:04:02 | 000,000,000 | ---D | M] -- C:\windows\tracing
[2012/03/19 07:20:36 | 000,000,000 | ---D | M] -- C:\windows\twain_32
[2010/08/13 14:25:48 | 000,000,000 | ---D | M] -- C:\windows\Vss
[2010/08/13 14:25:48 | 000,000,000 | ---D | M] -- C:\windows\Web
[2012/07/23 14:31:01 | 000,000,000 | ---D | M] -- C:\windows\winsxs

< %windir%\installer\*. >
[2010/08/13 14:18:29 | 000,000,000 | -HSD | M] -- C:\windows\installer\$PatchCache$
[2011/02/12 07:05:31 | 000,000,000 | ---D | M] -- C:\windows\installer\vzam
[2012/11/29 13:01:44 | 000,000,000 | ---D | M] -- C:\windows\installer\{0645A454-AD44-4F0D-99CF-6B762735AD1F}
[2010/08/13 14:43:57 | 000,000,000 | ---D | M] -- C:\windows\installer\{08E81ABD-79F7-49C2-881F-FD6CB0975693}
[2012/12/05 15:43:32 | 000,000,000 | ---D | M] -- C:\windows\installer\{1B6C0E95-182C-48E0-9C4B-4F916308249C}
[2010/08/13 14:43:57 | 000,000,000 | ---D | M] -- C:\windows\installer\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
[2010/08/13 15:08:14 | 000,000,000 | ---D | M] -- C:\windows\installer\{205C6BDD-7B73-42DE-8505-9A093F35A238}
[2010/08/13 15:09:15 | 000,000,000 | ---D | M] -- C:\windows\installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
[2012/12/05 19:00:34 | 000,000,000 | ---D | M] -- C:\windows\installer\{26A24AE4-039D-4CA4-87B4-2F83216037FF}
[2012/11/29 13:02:21 | 000,000,000 | ---D | M] -- C:\windows\installer\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
[2012/03/19 07:20:38 | 000,000,000 | ---D | M] -- C:\windows\installer\{376348C2-E372-48BC-A138-E896757BD86A}
[2010/08/13 15:08:19 | 000,000,000 | ---D | M] -- C:\windows\installer\{45338B07-A236-4270-9A77-EBB4115517B5}
[2012/12/05 15:30:54 | 000,000,000 | ---D | M] -- C:\windows\installer\{459699C3-9430-4381-964B-4248D87B49F9}
[2012/11/08 13:55:45 | 000,000,000 | ---D | M] -- C:\windows\installer\{48B41C3A-9A92-4B81-B653-C97FEB85C910}
[2011/02/12 07:07:31 | 000,000,000 | ---D | M] -- C:\windows\installer\{4ED66399-6D95-43C0-964B-D2B9C8EC52FB}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{54CC7901-804D-4155-B353-21F0CC9112AB}
[2012/11/29 13:04:06 | 000,000,000 | ---D | M] -- C:\windows\installer\{56BA241F-580C-43D2-8403-947241AAE633}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
[2011/07/21 18:07:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
[2012/07/19 13:46:28 | 000,000,000 | ---D | M] -- C:\windows\installer\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}
[2011/07/18 11:49:54 | 000,000,000 | ---D | M] -- C:\windows\installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2012/03/18 16:20:14 | 000,000,000 | ---D | M] -- C:\windows\installer\{79155F2B-9895-49D7-8612-D92580E0DE5B}
[2012/09/12 21:31:01 | 000,000,000 | ---D | M] -- C:\windows\installer\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{82EF29B1-9B60-4142-A155-0599216DD053}
[2010/08/15 13:22:31 | 000,000,000 | ---D | M] -- C:\windows\installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2012/12/05 15:45:31 | 000,000,000 | ---D | M] -- C:\windows\installer\{8CC68433-5837-4075-B81F-EA7E4F14CE60}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
[2012/07/04 06:15:54 | 000,000,000 | ---D | M] -- C:\windows\installer\{90120000-006E-0409-0000-0000000FF1CE}
[2012/07/04 06:16:18 | 000,000,000 | ---D | M] -- C:\windows\installer\{90120000-006E-040C-0000-0000000FF1CE}
[2012/07/04 06:16:27 | 000,000,000 | ---D | M] -- C:\windows\installer\{90120000-006E-0416-0000-0000000FF1CE}
[2012/07/04 06:16:10 | 000,000,000 | ---D | M] -- C:\windows\installer\{90120000-006E-0C0A-0000-0000000FF1CE}
[2012/07/04 06:21:54 | 000,000,000 | ---D | M] -- C:\windows\installer\{91120000-0031-0000-0000-0000000FF1CE}
[2012/09/09 11:21:34 | 000,000,000 | ---D | M] -- C:\windows\installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
[2012/11/08 14:05:22 | 000,000,000 | ---D | M] -- C:\windows\installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
[2011/07/14 21:21:10 | 000,000,000 | ---D | M] -- C:\windows\installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
[2012/03/18 14:03:45 | 000,000,000 | ---D | M] -- C:\windows\installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}
[2010/08/13 14:55:45 | 000,000,000 | ---D | M] -- C:\windows\installer\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
[2011/07/14 21:21:11 | 000,000,000 | ---D | M] -- C:\windows\installer\{BE06114F-559D-11E0-B5A1-001D0926B1BF}
[2012/11/29 13:03:11 | 000,000,000 | ---D | M] -- C:\windows\installer\{BE94C681-68E2-4561-8ABC-8D2E799168B4}
[2012/03/19 07:21:45 | 000,000,000 | ---D | M] -- C:\windows\installer\{BFBCF96F-7361-486A-965C-54B17AC35421}
[2011/02/15 07:23:28 | 000,000,000 | ---D | M] -- C:\windows\installer\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
[2010/08/13 15:09:04 | 000,000,000 | ---D | M] -- C:\windows\installer\{C7AE4EC3-9C13-4213-8457-74D16B353F91}
[2012/12/05 15:27:01 | 000,000,000 | ---D | M] -- C:\windows\installer\{CCE825DB-347A-4004-A186-5F4A6FDD8547}
[2012/12/05 15:45:09 | 000,000,000 | ---D | M] -- C:\windows\installer\{D6B3114F-945B-4980-BF7A-AF12E9161A0F}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{EC877639-07AB-495C-BFD1-D63AF9140810}
[2010/08/13 14:43:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
[2012/11/29 13:02:58 | 000,000,000 | ---D | M] -- C:\windows\installer\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}
[2011/01/22 14:38:37 | 000,000,000 | ---D | M] -- C:\windows\installer\{F19553C5-F843-4C27-BF9F-9DE4D901B895}
[2010/08/15 13:22:14 | 000,000,000 | ---D | M] -- C:\windows\installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
[2012/11/03 22:57:30 | 000,000,000 | ---D | M] -- C:\windows\installer\{FA4C2D53-205F-4245-9717-F3761154824D}

< %windir%\system32\*. >
[2012/12/04 13:09:59 | 000,000,000 | -HSD | M] -- C:\windows\system32\%APPDATA%
[2009/07/13 19:56:48 | 000,000,000 | ---D | M] -- C:\windows\system32\0409
[2010/08/13 14:52:25 | 000,000,000 | ---D | M] -- C:\windows\system32\AdvancedInstallers
[2011/06/11 18:41:21 | 000,000,000 | ---D | M] -- C:\windows\system32\ar-SA
[2011/06/11 18:41:21 | 000,000,000 | ---D | M] -- C:\windows\system32\bg-BG
[2010/08/15 10:36:12 | 000,000,000 | ---D | M] -- C:\windows\system32\Boot
[2012/12/05 18:48:20 | 000,000,000 | ---D | M] -- C:\windows\system32\catroot
[2012/12/05 15:30:46 | 000,000,000 | ---D | M] -- C:\windows\system32\catroot2
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\system32\CodeIntegrity
[2010/08/13 23:22:18 | 000,000,000 | ---D | M] -- C:\windows\system32\com
[2012/12/03 11:54:37 | 000,000,000 | ---D | M] -- C:\windows\system32\config
[2011/06/11 18:41:21 | 000,000,000 | ---D | M] -- C:\windows\system32\cs-CZ
[2011/06/11 18:41:21 | 000,000,000 | ---D | M] -- C:\windows\system32\da-DK
[2011/06/11 18:41:21 | 000,000,000 | ---D | M] -- C:\windows\system32\de-DE
[2010/08/13 23:22:23 | 000,000,000 | ---D | M] -- C:\windows\system32\Dism
[2012/12/09 11:55:58 | 000,000,000 | ---D | M] -- C:\windows\system32\drivers
[2012/12/05 15:30:50 | 000,000,000 | ---D | M] -- C:\windows\system32\DriverStore
[2012/09/21 12:32:16 | 000,000,000 | ---D | M] -- C:\windows\system32\DRVSTORE
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\el-GR
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\en
[2012/03/18 14:28:11 | 000,000,000 | ---D | M] -- C:\windows\system32\en-US
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\es-ES
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\et-EE
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\fi-FI
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\fr-FR
[2009/07/13 19:42:25 | 000,000,000 | ---D | M] -- C:\windows\system32\FxsTmp
[2009/07/13 17:03:57 | 000,000,000 | ---D | M] -- C:\windows\system32\GroupPolicy
[2009/07/13 17:03:57 | 000,000,000 | ---D | M] -- C:\windows\system32\GroupPolicyUsers
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\he-IL
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\hr-HR
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\hu-HU
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\system32\ias
[2010/08/13 14:52:32 | 000,000,000 | ---D | M] -- C:\windows\system32\icsxml
[2010/08/13 14:44:55 | 000,000,000 | ---D | M] -- C:\windows\system32\IME
[2009/07/13 17:05:45 | 000,000,000 | ---D | M] -- C:\windows\system32\inetsrv
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\it-IT
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\ja-JP
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\ko-KR
[2012/11/29 13:02:58 | 000,000,000 | ---D | M] -- C:\windows\system32\kodak
[2010/08/13 14:57:39 | 000,000,000 | ---D | M] -- C:\windows\system32\Lang
[2011/03/02 09:03:48 | 000,000,000 | ---D | M] -- C:\windows\system32\LogFiles
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\lt-LT
[2011/06/11 18:41:23 | 000,000,000 | ---D | M] -- C:\windows\system32\lv-LV
[2012/09/06 12:52:53 | 000,000,000 | ---D | M] -- C:\windows\system32\Macromed
[2010/08/13 14:52:32 | 000,000,000 | ---D | M] -- C:\windows\system32\manifeststore
[2010/08/15 10:34:28 | 000,000,000 | --SD | M] -- C:\windows\system32\Microsoft
[2012/03/18 14:28:09 | 000,000,000 | ---D | M] -- C:\windows\system32\migration
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\system32\migwiz
[2010/08/13 14:52:32 | 000,000,000 | ---D | M] -- C:\windows\system32\Msdtc
[2010/08/13 23:22:23 | 000,000,000 | ---D | M] -- C:\windows\system32\MUI
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\nb-NO
[2012/12/02 15:23:02 | 000,000,000 | ---D | M] -- C:\windows\system32\NDF
[2010/08/13 14:45:00 | 000,000,000 | ---D | M] -- C:\windows\system32\NetworkList
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\nl-NL
[2010/08/13 14:45:00 | 000,000,000 | ---D | M] -- C:\windows\system32\OEM
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\system32\oobe
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\pl-PL
[2010/08/13 23:21:25 | 000,000,000 | ---D | M] -- C:\windows\system32\Printing_Admin_Scripts
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\pt-BR
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\pt-PT
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\system32\ras
[2009/07/26 17:15:02 | 000,000,000 | ---D | M] -- C:\windows\system32\Recovery
[2010/08/13 14:45:03 | 000,000,000 | ---D | M] -- C:\windows\system32\restore
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\ro-RO
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\ru-RU
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\system32\Setup
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\sk-SK
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\sl-SI
[2010/08/13 23:22:23 | 000,000,000 | ---D | M] -- C:\windows\system32\slmgr
[2010/08/13 14:45:03 | 000,000,000 | ---D | M] -- C:\windows\system32\SMI
[2010/08/13 14:45:03 | 000,000,000 | ---D | M] -- C:\windows\system32\Speech
[2010/08/13 14:45:04 | 000,000,000 | ---D | M] -- C:\windows\system32\spool
[2010/08/13 14:45:04 | 000,000,000 | ---D | M] -- C:\windows\system32\spp
[2011/06/11 18:41:29 | 000,000,000 | ---D | M] -- C:\windows\system32\sppui
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\sr-Latn-CS
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\sv-SE
[2012/12/05 14:41:02 | 000,000,000 | ---D | M] -- C:\windows\system32\sysprep
[2012/12/04 23:10:31 | 000,000,000 | ---D | M] -- C:\windows\system32\Tasks
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\th-TH
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\tr-TR
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\uk-UA
[2010/08/15 10:36:11 | 000,000,000 | ---D | M] -- C:\windows\system32\Wat
[2012/09/06 12:52:53 | 000,000,000 | ---D | M] -- C:\windows\system32\wbem
[2010/08/13 23:22:23 | 000,000,000 | ---D | M] -- C:\windows\system32\WCN
[2012/12/09 10:59:45 | 000,000,000 | ---D | M] -- C:\windows\system32\wdi
[2012/09/06 12:52:53 | 000,000,000 | ---D | M] -- C:\windows\system32\wfp
[2009/07/13 19:52:30 | 000,000,000 | ---D | M] -- C:\windows\system32\WinBioDatabase
[2010/08/13 14:51:52 | 000,000,000 | ---D | M] -- C:\windows\system32\WinBioPlugIns
[2010/08/13 14:45:07 | 000,000,000 | ---D | M] -- C:\windows\system32\WindowsPowerShell
[2009/07/13 17:37:09 | 000,000,000 | ---D | M] -- C:\windows\system32\winevt
[2010/08/13 23:22:23 | 000,000,000 | ---D | M] -- C:\windows\system32\winrm
[2010/08/15 10:23:49 | 000,000,000 | ---D | M] -- C:\windows\system32\x64
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\zh-CN
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\zh-HK
[2011/06/11 18:41:24 | 000,000,000 | ---D | M] -- C:\windows\system32\zh-TW

< %windir%\sysnative\*. >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\syswow64\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\system32\drivers\mbam.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\syswow64\drivers\*.sys /90 >

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2012/10/08 10:05:42 | 000,225,792 | ---- | M] (Eastman Kodak Company) -- C:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2009/07/13 16:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 16:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\Spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /rp /s >

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\temp\*.* /S /MD5 >

< %systemroot%\assembly\GAC\*.ini >
[2012/12/09 10:58:01 | 000,000,000 | -HS- | M] () -- C:\windows\assembly\GAC\Desktop.ini

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SystemRoot%\assembly\GAC_MSIL\*.ini >

< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
[2012/12/04 13:04:32 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\@
[2012/12/09 10:58:01 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\L\00000004.@
[2012/12/04 13:04:34 | 000,002,048 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\00000004.@
[2012/12/04 13:04:39 | 000,232,960 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\00000008.@
[2012/12/04 13:04:34 | 000,001,632 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\000000cb.@
[2012/12/04 13:04:35 | 000,011,776 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\80000000.@
[2012/12/04 13:04:37 | 000,096,256 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\80000032.@

< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 16:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
"" = Microsoft WBEM New Event Subsystem
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 16:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
"" = Microsoft WBEM New Event Subsystem
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 16:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 00:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >
"" = Start Menu Pin
"ImplementsVerbs" = startpin;startunpin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 00:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/13 16:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = fastprox.dll -- [2009/07/13 16:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32]
"" = shell32.dll -- [2012/01/04 00:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2012/01/04 00:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009/07/13 16:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)

< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/01/04 00:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = fastprox.dll -- [2009/07/13 16:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s >

< HKEY_CURRENT_USER\Software\MSOLoad /s >

< bcdedit /enum all /v >C:\boot.txt /c >
The boot configuration data store could not be opened.
The requested system device cannot be found.

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: WINDOWS7-HP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 300 MB Healthy System
Volume 2 C NTFS Partition 282 GB Healthy Boot
Volume 3 D HP_RECOVERY NTFS Partition 14 GB Healthy

< MD5 for: AFD.SYS >
[2011/04/24 17:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 17:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/19 23:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/24 17:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 17:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/24 18:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/13 14:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 16:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 16:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 16:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 16:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 16:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CSC.SYS >
[2009/07/13 14:15:13 | 000,387,584 | ---- | M] (Microsoft Corporation) MD5=27C9490BDD0AE48911AB8CF1932591ED -- C:\Windows\winsxs\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_9e1e9f0abd3adf87\csc.sys
[2010/11/19 23:44:36 | 000,388,096 | ---- | M] (Microsoft Corporation) MD5=3C2177A897B4CA2788C6FB0C3FD81D4B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_a04fb2d2ba296321\csc.sys

< MD5 for: DFSC.SYS >
[2011/04/26 17:33:46 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=83D1ECEA8FAAE75604C0FA49AC7AD996 -- C:\Windows\System32\drivers\dfsc.sys
[2011/04/26 17:33:46 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=83D1ECEA8FAAE75604C0FA49AC7AD996 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys
[2011/04/26 17:24:42 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=886E8C1608146CC355DDD455F5C8DD87 -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys
[2009/07/13 14:14:17 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=8E09E52EE2E3CEB199EF3DD99CF9E3FB -- C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys
[2010/11/19 23:42:32 | 000,078,336 | ---- | M] (Microsoft Corporation) MD5=F024449C97EC1E464AAFFDA18593DB88 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_89a197c9445dfde9\dfsc.sys

< MD5 for: DISK.SYS >
[2009/07/13 16:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/13 16:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/13 16:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: EXPLORER.EXE >
[2009/10/05 21:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 20:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 16:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 20:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 20:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 20:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/25 20:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 03:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 20:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 20:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 20:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 21:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/05 20:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: I8042PRT.SYS >
[2009/07/13 14:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\drivers\i8042prt.sys
[2009/07/13 14:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_0c4a1880f2aa5a72\i8042prt.sys
[2009/07/13 14:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys
[2009/07/13 14:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_9724c3fc3a4c81ef\i8042prt.sys
[2009/07/13 14:11:24 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=F151F0BDC47F4A28B1B20A0818EA36D6 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys

< MD5 for: LSASS.EXE >
[2011/11/16 22:09:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=05F38CB7CAB3CE8E9A1812D517DA93EF -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[2011/11/16 20:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=81951F51E318AECC2D68559E47485CC4 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[2011/11/16 20:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\System32\lsass.exe
[2011/11/16 20:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=C2243FF9E9AAD0C30E8B1A0914DA15B6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[2009/07/13 16:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009/07/13 16:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009/07/13 16:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2011/11/16 20:24:04 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FBCB2DFA40862DAA7B1534C9538208A5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe

< MD5 for: NETBT.SYS >
[2010/11/19 23:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009/07/13 14:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\System32\drivers\netbt.sys
[2009/07/13 14:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 03:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 16:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 16:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: SCECLI.DLL >
[2009/07/13 16:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 16:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 03:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERIAL.SYS >
[2009/07/13 14:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\System32\drivers\serial.sys
[2009/07/13 14:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009/07/13 14:45:33 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5FB7FCEA0490D821F26F39CC5EA3D1E2 -- C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys

< MD5 for: SERVICES.EXE >
[2009/07/13 16:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 16:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 16:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 16:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/24 19:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/06/20 20:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011/09/29 07:02:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011/04/24 19:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/13 16:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 03:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011/09/29 07:17:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011/09/29 06:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\System32\drivers\tcpip.sys
[2011/09/29 06:43:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011/09/29 07:03:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011/04/24 21:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011/04/24 19:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011/06/20 20:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010/06/13 21:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010/06/13 21:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011/06/20 20:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011/06/20 21:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 03:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 16:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 16:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 16:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 16:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 16:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 03:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 16:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 16:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 21:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/27 21:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 20:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 03:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 16:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:27 PM

Posted 10 December 2012 - 02:22 PM

Hi,


  • Please download ListParts.exe and save it to your desktop.
  • Double click the Posted Image icon
  • Check the box beside List BCD
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop.
  • Please copy and paste the contents in your reply.



Regards,
Georgi

Edited by B-boy/StyLe/, 10 December 2012 - 03:18 PM.
Updated instructions.

cXfZ4wS.png


#5 SIMMS156

SIMMS156
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 10 December 2012 - 07:59 PM

ListParts by Farbar Version: 30-10-2012
Ran by windows 7 (administrator) on 10-12-2012 at 15:56:48
Windows 7 (X86)
Running From: C:\Users\windows 7.windows7-HP\Desktop\fix
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 46%
Total physical RAM: 2039.3 MB
Available physical RAM: 1085.27 MB
Total Pagefile: 4078.61 MB
Available Pagefile: 2856.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.66 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:282.8 GB) (Free:205.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 5120 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 300 MB 1024 KB
Partition 2 Primary 282 GB 301 MB
Partition 3 Primary 14 GB 283 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 300 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 282 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================
The boot configuration data store could not be opened.
The requested system device cannot be found.


****** End Of Log ******

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:27 PM

Posted 11 December 2012 - 01:16 PM

Hi,



Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Regards,
Georgi

cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:27 PM

Posted 13 December 2012 - 10:13 AM

Hi,


Are you still with me?



Regards,
Georgi

cXfZ4wS.png


#8 SIMMS156

SIMMS156
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 13 December 2012 - 01:27 PM

It created four logs. See attachments.

Attached Files



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:27 PM

Posted 13 December 2012 - 02:56 PM

Hi,


Can you please rerun TDSSKiller one more time as described before?

Also please post a new log from Listparts (with List BCD checked).

Then we will proceed with the rest of the treatment.

Thanks!


Regards,
Georgi

cXfZ4wS.png


#10 SIMMS156

SIMMS156
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 15 December 2012 - 03:30 AM

ListParts by Farbar Version: 30-10-2012
Ran by windows 7 (administrator) on 14-12-2012 at 23:21:34
Windows 7 (X86)
Running From: C:\Users\windows 7.windows7-HP\Desktop\fix
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 48%
Total physical RAM: 2039.3 MB
Available physical RAM: 1044.53 MB
Total Pagefile: 4078.61 MB
Available Pagefile: 2690.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.74 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:282.8 GB) (Free:206.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 5120 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 300 MB 1024 KB
Partition 2 Primary 282 GB 301 MB
Partition 3 Primary 14 GB 283 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 300 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 282 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {6bfcb76f-a752-11df-af94-f683d0ae19c4}
resumeobject {6bfcb76e-a752-11df-af94-f683d0ae19c4}
displayorder {6bfcb76f-a752-11df-af94-f683d0ae19c4}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {6bfcb770-a752-11df-af94-f683d0ae19c4}

Windows Boot Loader
-------------------
identifier {6bfcb76f-a752-11df-af94-f683d0ae19c4}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {6bfcb770-a752-11df-af94-f683d0ae19c4}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {6bfcb76e-a752-11df-af94-f683d0ae19c4}
nx OptIn

Windows Boot Loader
-------------------
identifier {6bfcb770-a752-11df-af94-f683d0ae19c4}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{6bfcb771-a752-11df-af94-f683d0ae19c4}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{6bfcb771-a752-11df-af94-f683d0ae19c4}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {6bfcb76e-a752-11df-af94-f683d0ae19c4}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {6bfcb771-a752-11df-af94-f683d0ae19c4}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

#11 SIMMS156

SIMMS156
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 15 December 2012 - 03:33 AM

The TDSS Killer log was too long to post and the file was too large to attach.

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:27 PM

Posted 15 December 2012 - 03:57 AM

Hi,


That look a lot better now. :)
Can you please zip and upload the TDSSKiller log here
Then post the link to the log in your next reply.


Thanks!



Regards,
Georgi

cXfZ4wS.png


#13 SIMMS156

SIMMS156
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 16 December 2012 - 01:38 AM

http://www.filedropper.com/tdsskiller2815014122012231622log

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:27 PM

Posted 16 December 2012 - 05:23 AM

Hi,



STEP 1



Please re-run TDSSKiller and delete the following object:

\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user



  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside Detect TDLFS file system .
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • From the drop-down menu choose delete ONLY for TDSS File System (if present):
    Posted Image
  • Post the log at pastebin and post the link to the log in your next reply.


STEP 2



Download the MCPR tool and run it to clean the remnants from McAfee.



We need to run an OTL Fix



  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart -- (myAgtSvc)
    SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE -- (EngineServer)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Users\WINDOW~1.WIN\AppData\Local\Temp\3189.sys -- (3189)
    DRV - [2009/05/15 17:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe File not found
    O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe File not found
    O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
    O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.350.dll File not found
    [2012/12/05 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3367181633-4262288108-3957277410-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O33 - MountPoints2\{cb9040c7-24c0-11e0-92bd-d8d3853fe892}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb9040c7-24c0-11e0-92bd-d8d3853fe892}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
    O33 - MountPoints2\{cb9040d7-24c0-11e0-92bd-d8d3853fe892}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb9040d7-24c0-11e0-92bd-d8d3853fe892}\Shell\AutoRun\command - "" = F:\VZAccess_Manager.exe /z detect
    [2012/12/04 13:04:32 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\@
    [2012/12/05 12:13:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\L
    [2012/12/07 08:16:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U
    [2012/12/09 10:58:01 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\L\00000004.@
    [2012/12/04 13:04:34 | 000,002,048 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\00000004.@
    [2012/12/04 13:04:39 | 000,232,960 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\00000008.@
    [2012/12/04 13:04:34 | 000,001,632 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\000000cb.@
    [2012/12/04 13:04:35 | 000,011,776 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\80000000.@
    [2012/12/04 13:04:37 | 000,096,256 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\80000032.@
    [2010/08/13 15:10:38 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
    [2012/12/09 10:58:01 | 000,000,000 | -HS- | M] () -- C:\windows\assembly\GAC\Desktop.ini
    [2012/12/09 11:55:58 | 000,000,000 | -HSD | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\FA5BB5
    [2012/12/09 11:38:41 | 000,000,000 | ---D | M] -- C:\Users\windows 7.windows7-HP\AppData\Roaming\Kideaw
    [2008/09/10 08:17:30 | 000,073,728 | R--- | M] () -- C:\Users\windows 7.windows7-HP\AppData\Local\temp\eject.exe
    [1 C:\ProgramData\Microsoft\Windows\DRM\*.tmp files -> C:\ProgramData\Microsoft\Windows\DRM\*.tmp -> ]
    [2012/12/04 13:09:59 | 000,000,000 | -HSD | M] -- C:\windows\system32\%APPDATA%
    :files
    C:\ProgramData\Microsoft\DRM\*.tmp
    C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135
    :commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.



Next let's try to fix the broken services.



Backup Your Registry




Now please download fix.reg and save it to your desktop.

Now double click on it. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

Now reboot the computer.



Regards,
Georgi

cXfZ4wS.png


#15 SIMMS156

SIMMS156
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 16 December 2012 - 04:16 PM

http://www.filedropper.com/tdsskiller2815016122012114559log

All processes killed
========== OTL ==========
Service myAgtSvc stopped successfully!
Service myAgtSvc deleted successfully!
File C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart not found.
Service EngineServer stopped successfully!
Service EngineServer deleted successfully!
File C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE not found.
Service 3189 stopped successfully!
Service 3189 deleted successfully!
File C:\Users\WINDOW~1.WIN\AppData\Local\Temp\3189.sys not found.
Error: Unable to stop service mfetdik!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfetdik deleted successfully.
C:\Windows\System32\drivers\mfetdik.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfee Managed Services Tray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MVS Splash deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\myrm\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D034FC3-013F-4b95-B544-44D49ABE3E76}\ deleted successfully.
File {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.350.dll File not found not found.
Folder C:\ProgramData\McAfee\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3367181633-4262288108-3957277410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3367181633-4262288108-3957277410-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb9040c7-24c0-11e0-92bd-d8d3853fe892}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb9040c7-24c0-11e0-92bd-d8d3853fe892}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb9040c7-24c0-11e0-92bd-d8d3853fe892}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb9040c7-24c0-11e0-92bd-d8d3853fe892}\ not found.
File F:\VZAccess_Manager.exe /z detect not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb9040d7-24c0-11e0-92bd-d8d3853fe892}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb9040d7-24c0-11e0-92bd-d8d3853fe892}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb9040d7-24c0-11e0-92bd-d8d3853fe892}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb9040d7-24c0-11e0-92bd-d8d3853fe892}\ not found.
File F:\VZAccess_Manager.exe /z detect not found.
C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\@ moved successfully.
C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\L folder moved successfully.
C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U folder moved successfully.
File C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\L\00000004.@ not found.
File C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\00000004.@ not found.
File C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\00000008.@ not found.
File C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\000000cb.@ not found.
File C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\80000000.@ not found.
File C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135\U\80000032.@ not found.
C:\windows\assembly\Desktop.ini moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
C:\Users\windows 7.windows7-HP\AppData\Roaming\FA5BB5 folder moved successfully.
C:\Users\windows 7.windows7-HP\AppData\Roaming\Kideaw folder moved successfully.
C:\Users\windows 7.windows7-HP\AppData\Local\temp\eject.exe moved successfully.
C:\ProgramData\Microsoft\Windows\DRM\569A.tmp deleted successfully.
C:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\windows\System32\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\windows\System32\%APPDATA%\Microsoft folder moved successfully.
C:\windows\System32\%APPDATA% folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\Microsoft\DRM\*.tmp not found.
C:\$Recycle.Bin\S-1-5-18\$79640ab204a8ad1ba8a4c93dc5cb0135 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 101433 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: windows 7
->Temp folder emptied: 23715495 bytes
->Temporary Internet Files folder emptied: 5962481 bytes

User: windows 7.windows7-HP
->Temp folder emptied: 88748213 bytes
->Temporary Internet Files folder emptied: 479450045 bytes
->Java cache emptied: 31506026 bytes
->Google Chrome cache emptied: 7389403 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 3399 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 499229032 bytes
RecycleBin emptied: 6418026 bytes

Total Files Cleaned = 1,090.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12162012_120441

Files\Folders moved on Reboot...
C:\Users\windows 7.windows7-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\windows 7.windows7-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\windows 7.windows7-HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users