Recommended for You:
Fix up your PC Fast

TuneUp Utilities 2012 takes out the trash: Get back long lost disk space and performance in a snap – Free Download!






You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » serious infection plese help

View previous topic View next topic Go down  Message [Page 1 of 1]

1 serious infection plese help on Thu Mar 18, 2010 3:20 pm

demi


New Member
OTL logfile created on: 3/17/2010 6:08:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\demi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.10 Gb Total Space | 45.59 Gb Free Space | 45.55% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.86 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEMI
Current User Name: demi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\demi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\demi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos1.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.com/play/classic/SimCityX.cab (SimCityX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.116.46.115 24.205.192.61 71.9.127.107
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\demi\Pictures\Scenic Travels\100_1782.JPG
O24 - Desktop BackupWallPaper: C:\Users\demi\Pictures\Scenic Travels\100_1782.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/25 01:41:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{4cb4d689-5802-11de-86a2-001b24eac661}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{4cb4d689-5802-11de-86a2-001b24eac661}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = secfile] -- "C:\Users\demi\AppData\Local\ave.exe" /START "%1" %* ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/02/23 19:44:52 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Windows\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/17 18:06:23 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Users\demi\Desktop\OTL.exe
[2010/03/16 13:31:51 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/16 13:31:48 | 000,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/16 13:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/10 04:02:33 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/10 04:02:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/24 08:56:47 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/24 08:56:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/24 08:55:40 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/24 08:55:39 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/24 08:55:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/24 08:55:33 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/24 08:55:33 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/24 08:55:33 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/24 08:55:31 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/24 08:55:31 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/24 08:55:30 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/24 08:55:22 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/24 08:55:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/24 08:55:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/17 22:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

========== Files - Modified Within 30 Days ==========

[2010/03/17 18:15:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{10FC80AD-2E66-408E-BBBE-9D5F9A05D05D}.job
[2010/03/17 18:13:38 | 002,621,440 | -HS- | M] () -- C:\Users\demi\NTUSER.DAT
[2010/03/17 18:06:31 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\demi\Desktop\OTL.exe
[2010/03/17 17:49:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 17:49:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/17 17:24:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/17 17:04:10 | 000,010,054 | -HS- | M] () -- C:\Users\demi\AppData\Local\21mn5E
[2010/03/17 17:04:10 | 000,010,054 | -HS- | M] () -- C:\ProgramData\21mn5E
[2010/03/17 15:56:27 | 000,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/17 15:56:27 | 000,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/17 15:56:27 | 000,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/17 15:53:28 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/17 15:50:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/17 15:49:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/17 15:49:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/17 13:08:29 | 000,524,288 | -HS- | M] () -- C:\Users\demi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/03/17 13:08:29 | 000,065,536 | -HS- | M] () -- C:\Users\demi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/03/17 13:08:20 | 002,486,352 | -H-- | M] () -- C:\Users\demi\AppData\Local\IconCache.db
[2010/03/16 13:31:51 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/16 13:21:20 | 000,092,584 | ---- | M] () -- C:\Users\demi\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/16 10:25:13 | 000,352,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/16 00:56:26 | 000,200,704 | -HS- | M] () -- C:\Users\demi\AppData\Local\ave.exe
[2010/03/15 20:00:01 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - demi.job
[2010/03/08 16:51:25 | 000,027,810 | ---- | M] () -- C:\Users\demi\AppData\Roaming\nvModes.001
[2010/03/05 02:07:35 | 000,000,349 | ---- | M] () -- C:\Users\demi\Downloads\Documents\Gaelic phrases and meanings.rtf
[2010/03/05 00:09:29 | 000,462,750 | ---- | M] () -- C:\Users\demi\Desktop\Mental Health AL app.pdf
[2010/03/02 06:53:06 | 000,001,049 | ---- | M] () -- C:\Users\demi\Downloads\Documents\FMLA extension request.rtf
[2010/02/28 08:18:56 | 000,001,889 | ---- | M] () -- C:\Users\demi\Downloads\Documents\trip to Mobile alternate route.rtf
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/22 07:55:13 | 000,001,333 | ---- | M] () -- C:\Users\demi\Downloads\Documents\letter to mary re moving out.rtf
[2010/02/21 20:37:39 | 000,001,266 | ---- | M] () -- C:\Users\demi\Downloads\Documents\FMLA request.rtf
[2010/02/20 16:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/20 16:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/17 22:50:11 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2010/03/16 13:31:51 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/16 00:56:26 | 000,200,704 | -HS- | C] () -- C:\Users\demi\AppData\Local\ave.exe
[2010/03/16 00:56:26 | 000,010,054 | -HS- | C] () -- C:\Users\demi\AppData\Local\21mn5E
[2010/03/16 00:56:26 | 000,010,054 | -HS- | C] () -- C:\ProgramData\21mn5E
[2010/03/05 02:05:12 | 000,000,349 | ---- | C] () -- C:\Users\demi\Downloads\Documents\Gaelic phrases and meanings.rtf
[2010/03/05 00:09:29 | 000,462,750 | ---- | C] () -- C:\Users\demi\Desktop\Mental Health AL app.pdf
[2010/03/02 06:53:06 | 000,001,049 | ---- | C] () -- C:\Users\demi\Downloads\Documents\FMLA extension request.rtf
[2010/02/28 08:18:55 | 000,001,889 | ---- | C] () -- C:\Users\demi\Downloads\Documents\trip to Mobile alternate route.rtf
[2010/02/21 20:44:31 | 000,001,333 | ---- | C] () -- C:\Users\demi\Downloads\Documents\letter to mary re moving out.rtf
[2010/02/21 20:37:38 | 000,001,266 | ---- | C] () -- C:\Users\demi\Downloads\Documents\FMLA request.rtf
[2010/02/17 22:50:11 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/12/24 12:35:20 | 000,005,315 | ---- | C] () -- C:\Windows\System32\9537virus3adz.dll
[2009/12/24 08:16:10 | 000,007,247 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/12/14 11:36:03 | 000,003,128 | ---- | C] () -- C:\Windows\System32\1907virus58z.dll
[2009/11/23 08:29:01 | 000,007,206 | ---- | C] () -- C:\Windows\System32\2312h5cz9oole4.dll
[2009/11/22 19:32:39 | 000,163,840 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/22 19:32:36 | 000,564,224 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/11/22 19:32:35 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/22 19:32:35 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/22 19:32:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/11/22 19:32:33 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/22 19:32:33 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/15 03:53:42 | 000,016,939 | ---- | C] () -- C:\Windows\System32\z42ca5dware19.dll
[2009/11/09 00:13:00 | 000,006,985 | ---- | C] () -- C:\Windows\System32\14c9threat574z.dll
[2009/10/20 18:27:00 | 000,011,246 | ---- | C] () -- C:\Windows\System32\20972spa5bot91z.dll
[2009/10/07 19:27:36 | 000,011,038 | ---- | C] () -- C:\Windows\System32\18b4vi51698z.dll
[2009/10/04 00:06:26 | 000,003,214 | ---- | C] () -- C:\Windows\System32\1559spywa5z1412.dll
[2009/10/02 09:36:35 | 000,013,796 | ---- | C] () -- C:\Windows\System32\5z95troj6d7.dll
[2009/09/25 18:33:49 | 000,004,202 | ---- | C] () -- C:\Windows\System32\1z45wo9m7c5.dll
[2009/09/17 19:13:26 | 000,008,394 | ---- | C] () -- C:\Windows\System32\98916zackto5l728.dll
[2009/09/10 21:30:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/04 12:25:49 | 000,014,968 | ---- | C] () -- C:\Windows\System32\9929zspy7b5.dll
[2009/09/03 00:40:20 | 000,016,535 | ---- | C] () -- C:\Windows\System32\95acvir1295z.dll
[2009/08/09 09:35:30 | 000,005,300 | ---- | C] () -- C:\Windows\System32\77a4dozn5oade91034.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/21 03:14:33 | 000,016,302 | ---- | C] () -- C:\Windows\System32\95ezackd5or9099.dll
[2009/07/09 15:42:09 | 000,011,673 | ---- | C] () -- C:\Windows\System32\z008vi57009.dll
[2009/07/07 08:16:41 | 000,017,725 | ---- | C] () -- C:\Windows\System32\59c7threzt28955.dll
[2009/06/19 05:07:02 | 000,009,513 | ---- | C] () -- C:\Windows\System32\3z93hacktoo55a29.dll
[2009/06/18 10:52:44 | 000,003,192 | ---- | C] () -- C:\Windows\System32\9957stealz512.dll
[2009/06/06 22:42:27 | 000,011,735 | ---- | C] () -- C:\Windows\System32\57z0s9y275.dll
[2009/06/03 05:34:32 | 000,013,430 | ---- | C] () -- C:\Windows\System32\21295zd9are920.dll
[2009/05/04 16:28:13 | 000,016,898 | ---- | C] () -- C:\Windows\System32\90921tro5f9z.dll
[2009/04/22 17:02:56 | 000,009,847 | ---- | C] () -- C:\Windows\System32\2994sparse18z5.dll
[2009/03/20 12:51:31 | 000,003,973 | ---- | C] () -- C:\Windows\System32\z20eb9ckdoor29475.dll
[2009/03/13 06:21:16 | 000,006,233 | ---- | C] () -- C:\Windows\System32\6z50sp9ware5259.dll
[2009/02/28 14:48:05 | 000,003,757 | ---- | C] () -- C:\Windows\System32\585z5worm998.dll
[2009/02/23 18:47:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/22 22:15:48 | 000,002,560 | ---- | C] () -- C:\Windows\System32\drivers\mchInjDrv.sys
[2009/02/22 13:28:06 | 000,017,311 | ---- | C] () -- C:\Windows\77f7th95az23598.dll
[2009/02/21 23:59:43 | 000,016,747 | ---- | C] () -- C:\Windows\za8f59r199.dll
[2009/02/21 23:59:43 | 000,015,573 | ---- | C] () -- C:\Windows\9051spz71d.dll
[2009/02/21 23:59:43 | 000,014,137 | ---- | C] () -- C:\Windows\9aczthr5at2583.dll
[2009/02/21 23:59:43 | 000,012,552 | ---- | C] () -- C:\Windows\8167wzrm79d5.dll
[2009/02/21 23:59:43 | 000,007,825 | ---- | C] () -- C:\Windows\7759adzware5148.dll
[2009/02/21 23:59:43 | 000,007,133 | ---- | C] () -- C:\Windows\9777s5yzare2110.dll
[2009/02/21 23:59:43 | 000,007,024 | ---- | C] () -- C:\Windows\z20695roj27.dll
[2009/02/21 23:59:43 | 000,006,201 | ---- | C] () -- C:\Windows\ddzstea92785.dll
[2009/02/21 23:59:43 | 000,004,950 | ---- | C] () -- C:\Windows\6e8daddw9rz1175.dll
[2009/02/21 23:59:43 | 000,003,870 | ---- | C] () -- C:\Windows\z6655tea93032.dll
[2009/02/21 23:59:43 | 000,002,658 | ---- | C] () -- C:\Windows\7z78th9e5t8883.dll
[2009/02/21 23:59:42 | 000,017,152 | ---- | C] () -- C:\Windows\55z6s9yware3222.dll
[2009/02/21 23:59:42 | 000,014,260 | ---- | C] () -- C:\Windows\4a54sz5ware2593.dll
[2009/02/21 23:59:42 | 000,013,610 | ---- | C] () -- C:\Windows\60095d9waze3209.dll
[2009/02/21 23:59:42 | 000,012,582 | ---- | C] () -- C:\Windows\5b3z9par5e1557.dll
[2009/02/21 23:59:42 | 000,012,067 | ---- | C] () -- C:\Windows\513cdzwnloade95609.dll
[2009/02/21 23:59:42 | 000,010,660 | ---- | C] () -- C:\Windows\5c13t5ief1196z.dll
[2009/02/21 23:59:42 | 000,005,571 | ---- | C] () -- C:\Windows\55a6vir929z.dll
[2009/02/21 23:59:42 | 000,002,971 | ---- | C] () -- C:\Windows\4eb9adzwa5e1248.dll
[2009/02/21 23:59:41 | 000,013,230 | ---- | C] () -- C:\Windows\494zparse9685.dll
[2009/02/21 23:59:41 | 000,009,966 | ---- | C] () -- C:\Windows\2z0905py7c6.dll
[2009/02/21 23:59:40 | 000,014,692 | ---- | C] () -- C:\Windows\2157v59187z.dll
[2009/02/21 23:59:40 | 000,010,851 | ---- | C] () -- C:\Windows\29650zr9j5125.dll
[2009/02/21 23:59:40 | 000,009,448 | ---- | C] () -- C:\Windows\21z925py45.dll
[2009/02/21 23:59:40 | 000,007,834 | ---- | C] () -- C:\Windows\25e4thr9at163z7.dll
[2009/02/21 23:59:40 | 000,004,398 | ---- | C] () -- C:\Windows\1z675v5ru9202.dll
[2009/02/21 23:59:40 | 000,003,162 | ---- | C] () -- C:\Windows\20215not-a-viru97z0.dll
[2009/02/21 23:59:40 | 000,003,037 | ---- | C] () -- C:\Windows\24523z5oj98.dll
[2009/02/21 23:59:40 | 000,002,976 | ---- | C] () -- C:\Windows\19c9dowzloader1548.dll
[2009/02/21 23:59:39 | 000,007,366 | ---- | C] () -- C:\Windows\108335ot-9-vizus6d5.dll
[2009/02/21 13:24:36 | 000,014,344 | ---- | C] () -- C:\Windows\26739szy255.dll
[2009/02/21 13:24:35 | 000,016,472 | ---- | C] () -- C:\Windows\15994hzcktool36c5.dll
[2009/02/21 13:24:34 | 000,017,238 | ---- | C] () -- C:\Windows\System32\25179hacktool79ez.dll
[2009/02/21 13:24:34 | 000,014,995 | ---- | C] () -- C:\Windows\129825ot-a-vizus289.dll
[2009/02/21 13:24:34 | 000,003,310 | ---- | C] () -- C:\Windows\System32\7c57sz9al35.dll
[2009/02/21 13:24:32 | 000,014,182 | ---- | C] () -- C:\Windows\5938ztroj399.dll
[2009/02/21 13:24:31 | 000,008,362 | ---- | C] () -- C:\Windows\System32\1185s9z3b2.dll
[2009/02/21 13:24:30 | 000,005,159 | ---- | C] () -- C:\Windows\System32\12z50sp9mbot32b5.dll
[2009/02/21 13:24:30 | 000,004,196 | ---- | C] () -- C:\Windows\58055a9kdoorz992.dll
[2009/02/21 13:24:29 | 000,010,466 | ---- | C] () -- C:\Windows\System32\9dc2b5ckdzor641.dll
[2009/02/21 13:24:28 | 000,015,123 | ---- | C] () -- C:\Windows\System32\31697zpambot725.dll
[2009/02/21 13:24:28 | 000,007,002 | ---- | C] () -- C:\Windows\8658tr9j1za.dll
[2009/02/21 13:24:26 | 000,005,630 | ---- | C] () -- C:\Windows\9393s95zbot385.dll
[2009/02/21 13:24:25 | 000,010,876 | ---- | C] () -- C:\Windows\System32\2839zno5-a-virusac.dll
[2009/02/21 13:24:25 | 000,010,040 | ---- | C] () -- C:\Windows\System32\9d4b95kdoorz249.dll
[2009/02/21 13:24:25 | 000,006,105 | ---- | C] () -- C:\Windows\383baddw9re582z.dll
[2009/02/21 13:24:24 | 000,012,719 | ---- | C] () -- C:\Windows\71669pzr5e2901.dll
[2009/02/21 13:24:23 | 000,013,335 | ---- | C] () -- C:\Windows\System32\6f649p5rse81z.dll
[2009/02/21 13:24:23 | 000,003,073 | ---- | C] () -- C:\Windows\System32\4959eal2716z.dll
[2009/02/21 13:24:21 | 000,010,733 | ---- | C] () -- C:\Windows\97z09vi5usdd.dll
[2009/02/21 13:24:19 | 000,017,095 | ---- | C] () -- C:\Windows\System32\91f0spzrse2513.dll
[2009/02/21 13:24:18 | 000,014,314 | ---- | C] () -- C:\Windows\17945zpy5bd.dll
[2009/02/21 13:24:17 | 000,013,036 | ---- | C] () -- C:\Windows\54599orz115.dll
[2009/02/21 13:24:16 | 000,002,704 | ---- | C] () -- C:\Windows\1cc5addzare2509.dll
[2009/02/21 13:24:14 | 000,009,428 | ---- | C] () -- C:\Windows\12598spambzt63a9.dll
[2009/02/21 13:24:14 | 000,007,337 | ---- | C] () -- C:\Windows\System32\z2791h9c5tool12.dll
[2009/02/21 13:24:13 | 000,016,752 | ---- | C] () -- C:\Windows\System32\10964sp9zbot4665.dll
[2009/02/21 13:24:11 | 000,009,956 | ---- | C] () -- C:\Windows\System32\19305w9rz7a85.dll
[2009/02/10 18:04:20 | 000,005,997 | ---- | C] () -- C:\Windows\7591spyw9ze1039.dll
[2009/02/02 10:25:50 | 000,005,662 | ---- | C] () -- C:\Windows\2ezdth5ef958.dll
[2009/01/23 20:41:25 | 000,015,714 | ---- | C] () -- C:\Windows\System32\29fzi9502.dll
[2009/01/20 06:02:07 | 000,015,525 | ---- | C] () -- C:\Windows\System32\5058vz9261.dll
[2009/01/15 02:25:32 | 000,006,685 | ---- | C] () -- C:\Windows\16508spambot4a9z.dll
[2009/01/15 00:20:39 | 000,007,852 | ---- | C] () -- C:\Windows\System32\z562troj259.dll
[2008/12/21 16:28:30 | 000,013,838 | ---- | C] () -- C:\Windows\System32\7979virus70z5.dll
[2008/12/18 18:58:08 | 000,014,100 | ---- | C] () -- C:\Windows\599dbackdooz2779.dll
[2008/12/04 08:26:55 | 000,003,916 | ---- | C] () -- C:\Windows\6fc39hr5zt10061.dll
[2008/11/18 14:35:27 | 000,007,451 | ---- | C] () -- C:\Windows\50579pywarz1791.dll
[2008/11/13 07:25:42 | 000,016,814 | ---- | C] () -- C:\Windows\System32\25951viruz786.dll
[2008/11/12 00:40:21 | 000,009,507 | ---- | C] () -- C:\Windows\System32\42059o5m4az.dll
[2008/10/28 00:30:30 | 000,015,991 | ---- | C] () -- C:\Windows\System32\2c95steaz290.dll
[2008/10/23 16:10:06 | 000,011,136 | ---- | C] () -- C:\Windows\System32\124bs9arse5z19.dll
[2008/10/19 03:55:33 | 000,011,412 | ---- | C] () -- C:\Windows\56z1ha9ktool637.dll
[2008/10/12 03:53:47 | 000,007,542 | ---- | C] () -- C:\Windows\System32\4939thiez5273.dll
[2008/10/03 03:55:12 | 000,005,733 | ---- | C] () -- C:\Windows\System32\3965tzie93507.dll
[2008/09/27 22:50:09 | 000,005,484 | ---- | C] () -- C:\Windows\System32\30715vzrus6359.dll
[2008/09/24 16:34:44 | 000,015,421 | ---- | C] () -- C:\Windows\System32\375za9dware918.dll
[2008/09/24 11:51:16 | 000,014,115 | ---- | C] () -- C:\Windows\System32\596threat1192z.dll
[2008/09/23 10:57:20 | 000,002,549 | ---- | C] () -- C:\Windows\4809s5arse30z1.dll
[2008/09/16 20:53:58 | 000,009,085 | ---- | C] () -- C:\Windows\System32\50604troj6e9z.dll
[2008/09/15 19:11:06 | 000,011,391 | ---- | C] () -- C:\Windows\System32\5813spywarez5909.dll
[2008/09/02 13:06:02 | 000,013,170 | ---- | C] () -- C:\Windows\4a29downl5zder2627.dll
[2008/09/01 19:32:35 | 000,017,761 | ---- | C] () -- C:\Windows\2z175pyware9001.dll
[2008/08/18 19:47:08 | 000,017,762 | ---- | C] () -- C:\Windows\41f9addwa5e4z9.dll
[2008/08/12 16:45:55 | 000,016,614 | ---- | C] () -- C:\Windows\System32\10186v9zus7a35.dll
[2008/08/12 04:49:17 | 000,010,443 | ---- | C] () -- C:\Windows\6073s59ware305z.dll
[2008/08/12 02:45:20 | 000,015,665 | ---- | C] () -- C:\Windows\694dzownloader2553.dll
[2008/08/02 21:36:20 | 000,011,328 | ---- | C] () -- C:\Windows\2697h5cktoolz90.dll
[2008/08/02 03:18:16 | 000,004,834 | ---- | C] () -- C:\Windows\8a1sza9se1725.dll
[2008/07/27 01:53:25 | 000,009,892 | ---- | C] () -- C:\Windows\System32\519z5ir1794.dll
[2008/07/17 19:15:36 | 000,015,375 | ---- | C] () -- C:\Windows\System32\9z033tro546.dll
[2008/07/05 02:32:04 | 000,008,955 | ---- | C] () -- C:\Windows\System32\2eazbac5door1598.dll
[2008/07/04 14:31:08 | 000,007,351 | ---- | C] () -- C:\Windows\System32\5419virzs129.dll
[2008/06/11 02:44:53 | 000,015,264 | ---- | C] () -- C:\Windows\System32\6995a9d5zre1505.dll
[2008/06/09 21:08:50 | 000,015,215 | ---- | C] () -- C:\Windows\158cdow9loader3z77.dll
[2008/06/08 08:09:41 | 000,017,875 | ---- | C] () -- C:\Windows\System32\75z9hief438.dll
[2008/06/06 04:47:28 | 000,004,528 | ---- | C] () -- C:\Windows\System32\209z9viru93e5.dll
[2008/06/05 08:45:35 | 000,011,435 | ---- | C] () -- C:\Windows\4dd859yzare468.dll
[2008/06/05 03:20:30 | 000,016,247 | ---- | C] () -- C:\Windows\4b45tzrea912239.dll
[2008/06/05 00:17:43 | 000,003,948 | ---- | C] () -- C:\Windows\bzb9ack5oor2696.dll
[2008/05/25 09:01:36 | 000,006,820 | ---- | C] () -- C:\Windows\System32\3c7zdow9lo5der2786.dll
[2008/05/24 13:43:52 | 000,009,043 | ---- | C] () -- C:\Windows\z549steal9583.dll
[2008/05/20 07:32:43 | 000,007,124 | ---- | C] () -- C:\Windows\System32\z5909spy729.dll
[2008/05/14 20:04:20 | 000,003,374 | ---- | C] () -- C:\Windows\9973vir1z51.dll
[2008/05/10 18:36:49 | 000,013,590 | ---- | C] () -- C:\Windows\3995z9r1555.dll
[2008/05/06 23:26:24 | 000,016,203 | ---- | C] () -- C:\Windows\System32\95795trzj4d4.dll
[2008/04/24 19:14:22 | 000,001,928 | ---- | C] () -- C:\Users\demi\AppData\Roaming\wklnhst.dat
[2008/04/06 16:53:38 | 000,000,552 | ---- | C] () -- C:\Users\demi\AppData\Local\d3d8caps.dat
[2008/03/27 13:03:49 | 000,009,042 | ---- | C] () -- C:\Windows\System32\29275not-a-zi5us991.dll
[2008/03/26 14:33:25 | 000,013,038 | ---- | C] () -- C:\Windows\System32\1ee3s5arse3z98.dll
[2008/03/25 00:56:42 | 000,013,989 | ---- | C] () -- C:\Windows\System32\9desp9zse2553.dll
[2008/03/10 20:11:39 | 000,027,043 | ---- | C] () -- C:\Users\demi\AppData\Roaming\UserTile.png
[2008/03/04 03:47:14 | 000,016,984 | ---- | C] () -- C:\Windows\773d5dd9zre1586.dll
[2008/02/28 16:56:36 | 000,010,131 | ---- | C] () -- C:\Windows\System32\z2559not-a-vir9sa6.dll
[2008/02/25 07:54:12 | 000,015,952 | ---- | C] () -- C:\Windows\System32\6b57spzrse9387.dll
[2008/02/22 02:58:28 | 000,012,234 | ---- | C] () -- C:\Windows\System32\7c5fthr9zt31973.dll
[2008/02/08 22:05:42 | 000,010,136 | ---- | C] () -- C:\Windows\System32\4950vir57z.dll
[2008/01/25 21:48:19 | 000,012,800 | ---- | C] () -- C:\Users\demi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/25 21:47:55 | 000,027,810 | ---- | C] () -- C:\Users\demi\AppData\Roaming\nvModes.001
[2008/01/25 21:44:28 | 000,027,810 | ---- | C] () -- C:\Users\demi\AppData\Roaming\nvModes.dat
[2008/01/25 21:37:50 | 000,000,000 | ---- | C] () -- C:\Users\demi\AppData\Local\QSwitch.txt
[2008/01/25 21:37:50 | 000,000,000 | ---- | C] () -- C:\Users\demi\AppData\Local\DSwitch.txt
[2008/01/25 21:37:50 | 000,000,000 | ---- | C] () -- C:\Users\demi\AppData\Local\AtStart.txt
[2008/01/25 20:35:02 | 000,004,925 | ---- | C] () -- C:\Windows\System32\9bzdownloade59597.dll
[2008/01/21 09:25:40 | 000,012,062 | ---- | C] () -- C:\Windows\4a61dzwnlo5der971.dll
[2008/01/16 03:26:09 | 000,010,593 | ---- | C] () -- C:\Windows\7970th5eat3158z.dll
[2008/01/11 12:37:32 | 000,006,513 | ---- | C] () -- C:\Windows\58ebt9z5f246.dll
[2007/12/10 01:13:09 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/25 01:55:48 | 000,002,385 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002/09/10 08:10:05 | 000,495,616 | ---- | C] () -- C:\Windows\System32\xvid.dll

========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008/03/15 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\7Wonders
[2008/03/20 20:56:21 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Adobe
[2009/11/22 18:32:09 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\AVS4YOU
[2008/04/01 19:31:02 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Creative
[2009/02/21 23:58:10 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Download Manager
[2009/11/07 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\DriverCure
[2008/03/09 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\GTek
[2008/01/25 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Hewlett-Packard
[2008/01/25 21:36:55 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Identities
[2009/11/07 19:54:51 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\InstallShield
[2008/01/25 21:36:07 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Macromedia
[2009/02/21 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Malwarebytes
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Media Center Programs
[2010/01/08 20:41:27 | 000,000,000 | --SD | M] -- C:\Users\demi\AppData\Roaming\Microsoft
[2008/03/09 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\MSNInstaller
[2008/03/15 20:22:05 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\MusicNet
[2008/08/17 21:40:16 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\MySpace
[2009/11/08 00:28:39 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\NCH Software
[2009/10/01 14:47:05 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Research In Motion
[2009/11/07 20:08:12 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Roxio
[2009/12/24 08:42:42 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\SUPERAntiSpyware.com
[2008/05/05 12:35:51 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Symantec
[2008/04/24 19:14:28 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Template
[2008/03/09 17:18:44 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\WildTangent
[2008/03/09 16:10:09 | 000,000,000 | ---D | M] -- C:\Users\demi\AppData\Roaming\Yahoo!

2 Re: serious infection plese help on Thu Mar 18, 2010 3:20 pm

demi


New Member
< %APPDATA%\*.exe /s >
[2008/08/17 21:40:03 | 006,850,312 | ---- | M] (MySpace Inc.) -- C:\Users\demi\AppData\Roaming\MySpace\IM\Install\MSIMClientSetup.1.0.756.0-static.exe
[2008/02/13 09:07:36 | 000,233,472 | ---- | M] () -- C:\Users\demi\AppData\Roaming\NCH Software\Components\amrdec2\amrdec2.exe
[2009/07/21 22:17:10 | 000,382,296 | ---- | M] (Research In Motion Limited) -- C:\Users\demi\AppData\Roaming\Research In Motion\BlackBerry\MediaManagerInstall\BlackBerrySetup.exe
[2009/07/16 14:47:04 | 002,246,808 | ---- | M] (Macrovision Corporation) -- C:\Users\demi\AppData\Roaming\Research In Motion\BlackBerry\MediaManagerInstall\FLEXnet_patch_Q113020.exe
[2009/07/16 14:46:50 | 002,003,176 | ---- | M] (Microsoft Corporation) -- C:\Users\demi\AppData\Roaming\Research In Motion\BlackBerry\MediaManagerInstall\SR_MM\INSNTMSI.EXE
[2009/07/16 14:46:50 | 004,890,096 | ---- | M] (Sonic Solutions) -- C:\Users\demi\AppData\Roaming\Research In Motion\BlackBerry\MediaManagerInstall\SR_MM\setup.exe
[2008/04/02 18:07:14 | 002,613,088 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Setup.exe
[2008/02/19 16:03:53 | 000,778,080 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Stub.exe
[2008/01/25 16:57:36 | 000,031,576 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\FWCfg.exe
[2008/01/18 18:43:28 | 001,250,656 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH32\COH32.exe
[2008/01/18 18:58:48 | 001,996,336 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\COH64\COH64.exe
[2008/02/26 07:50:42 | 000,448,352 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\MainStub.exe
[2008/02/26 07:50:42 | 000,370,528 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\NSWRedir.exe
[2008/02/26 07:50:44 | 000,988,512 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\osCheck.exe
[2008/02/26 07:50:44 | 000,404,320 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\ScanStub.exe
[2008/02/26 07:50:46 | 000,972,640 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\tpNetMap.exe
[2008/02/24 22:21:32 | 000,096,424 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\Norton\app\WSCStub.exe
[2008/02/21 15:49:04 | 000,051,576 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\HSLoader.exe
[2008/02/21 15:49:08 | 000,036,728 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\isUAC.exe
[2008/02/21 15:49:14 | 000,042,360 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLULdr.exe
[2008/02/21 15:49:16 | 000,082,808 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\NPC\npcLUStb.exe
[2008/02/23 17:41:38 | 000,423,304 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\cltUAC.exe
[2008/02/23 17:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SSAutoRN.exe
[2008/02/23 17:41:28 | 000,611,712 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\OPC\SYMCUW.exe
[2008/01/22 15:09:02 | 002,368,888 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\IDS\IdsInst.exe
[2008/02/06 23:49:36 | 000,443,760 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\SecHist\MCUI32.exe
[2007/08/22 01:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN\comHost.exe
[2007/08/22 01:22:08 | 000,267,096 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\Setup\SYMSHARE\VASCAN64\comHost.exe
[2008/02/23 17:40:46 | 000,533,896 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\OPC\SSAutoRN.exe
[2008/01/30 13:55:54 | 001,279,368 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\pifCrawl.exe
[2008/01/30 13:55:34 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\N360\SymLT\PIF_96E2\PIFSvc.exe
[2008/01/25 10:16:59 | 001,022,848 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Supp64\SEVINST\Sevntx64.exe
[2008/02/26 01:34:20 | 000,137,568 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Backup\Backup\buDump.exe
[2008/02/18 12:37:38 | 000,051,048 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccApp.exe
[2008/02/18 12:37:40 | 000,056,168 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccEvtMgr.exe
[2008/02/18 12:37:10 | 000,268,648 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccLgView.exe
[2008/02/18 12:37:18 | 000,046,440 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSetMgr.exe
[2008/02/18 12:37:54 | 000,876,392 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSEUPDT.exe
[2008/02/18 12:37:20 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\ccCommon\ccCommon\ccSvcHst.exe
[2008/02/21 15:02:33 | 000,152,952 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUNOTIF.EXE
[2008/02/21 15:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\ALUSDSVC.EXE
[2008/02/21 15:02:34 | 000,308,600 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\AUPDATE.EXE
[2008/02/21 15:03:06 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LSETUP.EXE
[2008/02/21 15:02:38 | 000,873,848 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUALL.EXE
[2008/02/21 15:02:46 | 000,062,840 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCBPRXY.EXE
[2008/02/21 15:03:06 | 000,181,624 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCheck.exe
[2008/02/21 15:02:44 | 003,220,856 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LUCOMSVR.EXE
[2008/02/21 15:02:40 | 000,804,216 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\LuConfig.EXE
[2008/02/21 15:02:42 | 000,016,760 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\LUpdate\WLUEX\NotifyHA.exe
[2005/05/19 14:50:36 | 002,584,848 | ---- | M] (Microsoft Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\MSI\wiupdate.exe
[2008/02/23 19:08:52 | 000,382,320 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\COExport.exe
[2008/02/23 19:08:18 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\APP\coVisPrx.exe
[2007/11/29 17:15:06 | 000,288,088 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe
[2008/02/19 16:03:58 | 000,160,112 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Remover\Remover.exe
[2008/02/19 16:03:51 | 000,990,056 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\Reporter\Reporter.exe
[2008/01/25 10:16:58 | 000,832,896 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SEVINST\SEVINST.EXE
[2008/01/26 01:27:32 | 000,661,896 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SPBBC\SPBBC32\SYMSHARE\SPBBC\UpdMgr.exe
[2008/02/19 16:03:49 | 000,687,976 | ---- | M] (Symantec Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\SymLnch\SymLnch.exe
[2007/02/12 20:10:44 | 002,682,880 | ---- | M] (Microsoft Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist32.exe
[2007/02/12 20:10:44 | 003,161,088 | ---- | M] (Microsoft Corporation) -- C:\Users\demi\AppData\Roaming\Symantec\Layouts\Norton 360\2.0\English\0E743DD31FF89B86DBEBF1C48C5BAFF874A5B132\20080103\Support\VCRedist\redist64.exe

< %SYSTEMDRIVE%\*.exe >
[2009/03/21 11:30:08 | 032,793,088 | ---- | M] () -- C:\setupeng.exe


< MD5 for: AGP440.SYS >
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/10/25 02:13:04 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/10/25 02:13:04 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/10/25 02:13:04 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/09 21:18:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/09 21:18:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/09 21:18:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 00:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 02:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 00:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 02:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:D3A8AA31
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


extra from otl

OTL Extras logfile created on: 3/17/2010 6:08:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\demi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 132.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.10 Gb Total Space | 45.59 Gb Free Space | 45.55% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.86 Gb Free Space | 15.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEMI
Current User Name: demi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\demi\AppData\Local\ave.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080AFBE4-D1AA-41B1-BC98-9A9E76583A9D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2AEF4055-135E-4A16-94CE-D897E29C1F15}" = rport=137 | protocol=17 | dir=out | app=system |
"{2E166BBD-DE5D-4BB9-B3C3-BE6CA6DDD327}" = lport=138 | protocol=17 | dir=in | app=system |
"{345670B0-E26E-4C74-8F5B-C1F319318556}" = lport=137 | protocol=17 | dir=in | app=system |
"{7C8D3263-A365-48DC-BA2E-6689EFF01890}" = rport=139 | protocol=6 | dir=out | app=system |
"{800AA5B8-4919-4586-801A-C0B3A1DAB0A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{80F59D76-A419-4FA2-BF9F-52D9346D8327}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4BFBD6E-D8DE-4F11-A822-E9EF3416ED9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B5E0B3BC-4789-4F01-8A65-8AE4774ED1E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{D5AEB96D-0EF3-44F3-BA1C-E7C1A27901F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D99F7DD4-E5F8-44DA-B4DD-E69F07F23267}" = rport=138 | protocol=17 | dir=out | app=system |
"{FBA28F6B-B324-485D-B74E-011ABD6B788C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056DEB3E-AFA8-47E6-8533-A39031DC8078}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1AE562DA-7309-453A-9981-14754F331E8B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{215A0E8B-F3B1-4142-9EDC-67844C866781}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3200BB54-E91A-43D1-BA29-2725B10C0A3F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3AB9E897-EFD5-46F8-A8FD-92524044A185}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4630CE96-7C84-4111-9852-86D38C21972F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5750DFB1-064A-4CA5-912A-980F3D864982}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{6CACC093-EB28-4727-AFCC-1C597DC20D1D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{6DA52B40-B3EB-44DC-A7FD-F76685D124B8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6FC89861-6DF9-4960-9A6E-CD4E84E285CF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{7A865698-813C-4450-A05A-C8B1E1F47F7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8DA6D6E0-A317-4424-A113-2F3090686578}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AB196BDF-4D50-4B68-BD55-10E9173EF3AB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B11A72EC-ECA5-4036-AB34-17FA0874072E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B22AFAF9-A98B-4A76-B178-476983AC585B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B6BBE88E-A5FF-45A6-A59D-75C10CB21F5E}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{BAF2F0A3-BD92-4F8F-BE0A-268C5AF5A2E8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BE380057-5827-4CE6-B0B1-AF33F4A948EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CA6C467C-F80C-4393-A684-1A757088196E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CCB39148-7984-4B64-B9C3-C4136001128B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D012D9F6-2140-435A-84C2-5468FCAFA85A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D266AA24-23CD-475D-A1BF-023AED1D9DBD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E5FD83A9-5DC9-4846-AA6B-69892F000BDD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F10D3C5E-11A4-424E-BDD9-F0D8F5B33023}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB8AC562-E60F-4011-B998-AC91AD9AB9A9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{83EF787D-7E2D-46ED-BC86-7E6E83F3C123}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7E8D0818-0E59-4731-8437-1331426BDB68}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 D2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast!" = avast! Antivirus
"BearShare MediaBar" = MediaBar 2.0 (BearShare)
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marine Aquarium 2, Sharks & Carousel Bundle" = Marine Aquarium 2, Sharks & Carousel Bundle
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Villagers" = Virtual Villagers 1.0
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD" = XviD MPEG-4 Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZENcast Organizer" = ZENcast Organizer

3 Re: serious infection plese help on Thu Mar 18, 2010 3:23 pm

DragonMaster Jay


Site Owner
Site Owner
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

Ad Bot

View previous topic View next topic Back to top  Message [Page 1 of 1]

SecuraGeek Forums » Malware/Threat Removal » serious infection plese help

Permissions in this forum:
You cannot reply to topics in this forum