Another Windows Diagnostic Victim

View previous topic View next topic Go down

Another Windows Diagnostic Victim

Post by madcat42 on Fri 25 Mar 2011, 7:22 pm

Heya

My PC got hit with the Windows Diagnostic Malware recently and I am having hells work trying to get rid of it.

Ran RKill to stop it then MalwareBytes to get rid of the thing. Whilst the Windows Diagnostic messages have stopped turning up every time I start the PC up I still have the plain black desktop screen and no access to any of my files or folders, though any shortcuts I save to the desktop seem to be staying now rather than being hidden like before.

Any help you could provide would be brilliant!

Anyways...OTL log below


madcat42

Unborn
Unborn

Posts : 3
Joined : 2011-03-23
Operating System : Vista

View user profile

Back to top Go down

Re: Another Windows Diagnostic Victim

Post by madcat42 on Fri 25 Mar 2011, 7:25 pm

OTL logfile created on: 25/03/2011 07:59:26 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Bob\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 75.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.43 Gb Total Space | 289.16 Gb Free Space | 49.39% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.05% Space Free | Partition Type: NTFS

Computer Name: BOBTHEFISH | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/25 07:57:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.com
PRC - [2011/01/21 17:43:13 | 001,242,448 | -H-- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/08/02 10:40:56 | 000,199,600 | -H-- | M] (Telefónica I+D) -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe
PRC - [2010/07/09 15:09:52 | 000,248,936 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/12/08 13:51:52 | 000,774,144 | -H-- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009/11/06 22:01:18 | 000,323,392 | -H-- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\DNA\btdna.exe
PRC - [2009/10/09 20:39:28 | 002,919,608 | -H-- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2009/04/30 10:23:26 | 000,090,112 | -H-- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 06:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/18 12:11:20 | 000,382,384 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2008/08/13 03:49:30 | 000,405,504 | -H-- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/06/23 13:12:52 | 000,174,616 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/06/11 13:17:58 | 000,129,464 | -H-- | M] (Intel(R) Corporation) -- C:\Program Files (x86)\Intel\inteldh\common\SWUpdateClient.exe
PRC - [2008/05/31 10:36:00 | 001,628,600 | -H-- | M] (Intel(R) Corporation) -- C:\Program Files (x86)\Intel\inteldh\msm\MSM.exe
PRC - [2008/05/20 22:25:34 | 000,051,128 | -H-- | M] (Intel(R) Corporation) -- C:\Program Files (x86)\Intel\inteldh\common\IntelDHSvcMgr.exe
PRC - [2007/06/27 18:04:00 | 001,213,736 | -H-- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 18:03:40 | 000,152,872 | -H-- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/06/05 08:25:50 | 000,202,280 | RH-- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\O2\bin\sprtsvc.exe
PRC - [2007/04/02 06:15:40 | 000,061,440 | -H-- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/03/08 19:21:38 | 000,198,184 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\O2\bin\sprtcmd.exe


========== Modules (SafeList) ==========

MOD - [2011/03/25 07:57:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.com
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2007/03/08 19:21:52 | 000,116,264 | -H-- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\O2\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/06/23 13:12:52 | 000,174,616 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV:64bit: - [2008/05/22 16:32:10 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_f62d1208\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/01/21 02:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/21 02:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/24 16:07:18 | 000,329,080 | -H-- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/08/02 10:40:56 | 000,199,600 | -H-- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\O2\Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010/07/09 15:09:52 | 000,248,936 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/31 15:43:29 | 000,320,760 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/30 10:23:26 | 000,090,112 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/30 04:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/31 10:36:00 | 001,628,600 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\inteldh\msm\MSM.exe -- (ME Services Manager)
SRV - [2008/05/21 11:42:56 | 000,064,000 | -H-- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2008/05/20 22:25:34 | 000,051,128 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\inteldh\common\IntelDHSvcMgr.exe -- (Software Services Manager)
SRV - [2007/06/05 08:25:50 | 000,202,280 | RH-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2007/04/02 06:15:40 | 000,061,440 | -H-- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/02/05 10:11:18 | 000,075,320 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | -H-- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/09 07:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/03/25 02:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/20 03:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/03/20 02:28:26 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/02/27 17:46:31 | 000,310,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/02/27 17:46:31 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/10/01 00:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/14 13:20:04 | 000,147,976 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiKA50A.sys -- (SaiKA50A)
DRV:64bit: - [2009/09/14 13:20:04 | 000,041,224 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiUA50A.sys -- (SaiUA50A)
DRV:64bit: - [2009/09/14 07:24:56 | 000,049,928 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2009/09/14 07:24:56 | 000,022,664 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2009/07/17 16:14:50 | 000,095,744 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2009/04/15 20:25:42 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/04/11 05:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009/01/19 18:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008/09/02 05:21:04 | 008,034,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/09/02 05:21:04 | 008,034,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (ialm)
DRV:64bit: - [2008/07/15 00:20:42 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/05/22 16:32:52 | 000,457,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/04/15 16:17:16 | 000,315,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008/03/28 11:42:58 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2008/02/20 20:19:56 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/01/21 02:49:04 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008/01/21 02:47:01 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\irsir.sys -- (irsir)
DRV:64bit: - [2006/09/18 21:36:24 | 000,000,308 | -H-- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2005/01/03 06:43:08 | 000,004,682 | -H-- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 38 60 50 01 DD CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/16 17:06:01 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{71FA3F46-25E9-41A6-9A23-BA28F1E0428A}: C:\Users\Bob\AppData\Local\{71FA3F46-25E9-41A6-9A23-BA28F1E0428A} [2010/08/20 19:24:25 | 000,000,000 | -H-D | M]

[2010/07/28 05:47:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Profiles\gnrm0iri.Default User\extensions
[2010/07/28 05:47:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bob\AppData\Roaming\Mozilla\Profiles\gnrm0iri.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2011/03/25 07:06:16 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [IntelSWUpdateClient] C:\Program Files (x86)\Intel\inteldh\common\SWUpdateClient.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [O2] C:\Program Files (x86)\O2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SmartAccess AutoStart] File not found
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Corel Photo Downloader] File not found
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} [You must be registered and logged in to see this link.] (Oberon Flash Game Host)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{145fd6fb-0c40-11e0-ac7c-001cc07dc5a3}\Shell - "" = AutoRun
O33 - MountPoints2\{145fd6fb-0c40-11e0-ac7c-001cc07dc5a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{145fd728-0c40-11e0-ac7c-001cc07dc5a3}\Shell - "" = AutoRun
O33 - MountPoints2\{145fd728-0c40-11e0-ac7c-001cc07dc5a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{451235e9-b5e4-11df-8f8d-001cc07dc5a3}\Shell\AutoRun\command - "" = E:\pccompanion\Startme.exe
O33 - MountPoints2\{451235e9-b5e4-11df-8f8d-001cc07dc5a3}\Shell\menu1\command - "" = E:\pccompanion\Startme.exe
O33 - MountPoints2\{b3cd1d0c-164c-11e0-a9f2-001cc07dc5a3}\Shell - "" = AutoRun
O33 - MountPoints2\{b3cd1d0c-164c-11e0-a9f2-001cc07dc5a3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SprtListen - Service
SafeBootNet:64bit: SprtListenPush - Service
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SprtListen - Service
SafeBootNet: SprtListenPush - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SupportSoft RemoteAssist - C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\Program Files (x86)\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 07:57:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.com
[2011/03/22 19:32:46 | 000,000,000 | ---D | C] -- C:\Users\Bob\DoctorWeb
[2011/03/12 21:10:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/12 21:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/12 21:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/12 20:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/12 20:36:28 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Downloads
[2011/03/12 20:36:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\GetRightToGo
[2011/03/12 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/03/12 16:51:27 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData\Roaming\Malwarebytes
[2011/03/12 16:51:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011/03/12 16:51:11 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/12 16:50:39 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/12 15:47:04 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
[2011/03/10 18:34:47 | 000,000,000 | -H-D | C] -- C:\16875be049431be081e2d9a8465a70
[2011/03/10 18:25:48 | 000,920,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/10 18:25:48 | 000,840,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/10 18:25:48 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/10 18:25:48 | 000,605,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/10 18:25:48 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/10 18:25:42 | 002,425,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/10 18:25:41 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/10 18:25:41 | 000,731,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/10 18:25:40 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/10 18:25:34 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/10 18:25:33 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/10 18:25:33 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/06 17:00:43 | 000,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput9_1_0.dll
[2011/03/06 17:00:43 | 000,061,136 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput9_1_0.dll
[2011/02/28 19:13:40 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bullfrog
[2011/02/28 19:13:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullfrog
[2011/02/28 19:11:37 | 000,000,000 | -H-D | C] -- C:\Dungeon Keeper II
[2011/02/28 19:07:13 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData\Roaming\ImgBurn
[2011/02/28 19:04:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/02/28 19:04:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\ImgBurn
[2011/02/26 23:01:00 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData\Roaming\Kalypso Media
[2011/02/26 23:00:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[2011/02/26 22:57:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Kalypso Media
[2011/02/26 18:04:20 | 000,000,000 | -H-D | C] -- C:\Users\Bob\mp3 player folders & files
[2011/02/25 08:57:30 | 000,000,000 | -H-D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - 13th Skull
[2011/02/25 08:57:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - 13th Skull
[2011/02/25 08:57:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Mystery Case Files - 13th Skull
[2010/05/08 10:47:56 | 000,148,736 | -H-- | C] (Avanquest Software) -- C:\ProgramData\hpe7AAD.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

madcat42

Unborn
Unborn

Posts : 3
Joined : 2011-03-23
Operating System : Vista

View user profile

Back to top Go down

Re: Another Windows Diagnostic Victim

Post by madcat42 on Fri 25 Mar 2011, 7:25 pm

========== Files - Modified Within 30 Days ==========

[2011/03/25 07:59:00 | 000,000,896 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/25 07:57:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.com
[2011/03/25 07:06:16 | 000,000,002 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/03/25 07:06:14 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 07:06:14 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/25 07:06:14 | 000,000,892 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/25 07:06:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/24 18:01:17 | 000,000,680 | ---- | M] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2011/03/22 19:31:42 | 058,483,504 | ---- | M] () -- C:\Users\Bob\Desktop\drweb-cureit.exe
[2011/03/12 21:10:08 | 000,000,977 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/12 21:10:08 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/12 16:50:40 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/12 16:38:10 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42983176r
[2011/03/12 16:38:10 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~42983176
[2011/03/12 16:35:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42983176
[2011/03/12 16:35:27 | 000,524,288 | -H-- | M] () -- C:\ProgramData\42983176.exe
[2011/03/12 16:13:36 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43114248r
[2011/03/12 16:13:36 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~43114248
[2011/03/12 16:11:18 | 000,000,344 | -H-- | M] () -- C:\ProgramData\43114248
[2011/03/12 16:11:15 | 000,524,288 | -H-- | M] () -- C:\ProgramData\43114248.exe
[2011/03/12 16:09:08 | 000,000,400 | -H-- | M] () -- C:\ProgramData\43048712
[2011/03/12 16:04:37 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43048712r
[2011/03/12 16:04:37 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~43048712
[2011/03/12 16:01:31 | 000,524,288 | -H-- | M] () -- C:\ProgramData\43048712.exe
[2011/03/12 15:47:05 | 000,000,592 | -H-- | M] () -- C:\Users\Bob\Desktop\Windows Diagnostic.lnk
[2011/03/12 15:47:05 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46915336r
[2011/03/12 15:47:05 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~46915336
[2011/03/12 15:47:02 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46915336
[2011/03/12 15:46:59 | 000,524,288 | -H-- | M] () -- C:\ProgramData\46915336.exe
[2011/03/12 14:50:39 | 000,036,725 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/12 14:50:38 | 000,036,725 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011/02/28 19:13:41 | 000,000,602 | -H-- | M] () -- C:\Users\Bob\Desktop\Dungeon Keeper II.lnk
[2011/02/28 19:13:40 | 000,000,842 | -H-- | M] () -- C:\Users\Bob\Desktop\DKII Editor.lnk
[2011/02/28 19:04:05 | 000,001,733 | -H-- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/02/28 19:04:05 | 000,001,709 | -H-- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/02/27 13:42:35 | 000,002,507 | -H-- | M] () -- C:\Users\Bob\Desktop\Dungeons.lnk
[2011/02/27 10:53:23 | 000,755,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/27 10:53:23 | 000,644,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/27 10:53:23 | 000,122,460 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/25 08:59:03 | 000,001,954 | -H-- | M] () -- C:\Users\Public\Desktop\Play Mystery Case Files - 13th Skull.lnk
[2011/02/25 08:59:03 | 000,001,252 | -H-- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/02/25 08:49:54 | 000,000,803 | -H-- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2011/02/25 08:49:54 | 000,000,231 | -H-- | M] () -- C:\Users\Public\Desktop\More Great Games.url
[2011/02/25 08:49:09 | 000,001,559 | -H-- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/22 19:10:20 | 058,483,504 | ---- | C] () -- C:\Users\Bob\Desktop\drweb-cureit.exe
[2011/03/12 21:10:08 | 000,000,977 | ---- | C] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/03/12 21:10:08 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/12 16:38:10 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42983176r
[2011/03/12 16:38:10 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~42983176
[2011/03/12 16:35:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42983176
[2011/03/12 16:35:27 | 000,524,288 | -H-- | C] () -- C:\ProgramData\42983176.exe
[2011/03/12 16:13:36 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43114248r
[2011/03/12 16:13:36 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~43114248
[2011/03/12 16:11:18 | 000,000,344 | -H-- | C] () -- C:\ProgramData\43114248
[2011/03/12 16:11:15 | 000,524,288 | -H-- | C] () -- C:\ProgramData\43114248.exe
[2011/03/12 16:04:37 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43048712r
[2011/03/12 16:04:37 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~43048712
[2011/03/12 16:01:33 | 000,000,400 | -H-- | C] () -- C:\ProgramData\43048712
[2011/03/12 16:01:30 | 000,524,288 | -H-- | C] () -- C:\ProgramData\43048712.exe
[2011/03/12 15:47:05 | 000,000,592 | -H-- | C] () -- C:\Users\Bob\Desktop\Windows Diagnostic.lnk
[2011/03/12 15:47:05 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~46915336r
[2011/03/12 15:47:05 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~46915336
[2011/03/12 15:47:02 | 000,000,336 | -H-- | C] () -- C:\ProgramData\46915336
[2011/03/12 15:46:59 | 000,524,288 | -H-- | C] () -- C:\ProgramData\46915336.exe
[2011/02/28 19:13:41 | 000,000,602 | -H-- | C] () -- C:\Users\Bob\Desktop\Dungeon Keeper II.lnk
[2011/02/28 19:13:40 | 000,000,842 | -H-- | C] () -- C:\Users\Bob\Desktop\DKII Editor.lnk
[2011/02/28 19:04:05 | 000,001,733 | -H-- | C] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/02/28 19:04:05 | 000,001,721 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/02/28 19:04:05 | 000,001,709 | -H-- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/02/27 12:52:02 | 000,002,507 | -H-- | C] () -- C:\Users\Bob\Desktop\Dungeons.lnk
[2011/02/25 08:59:03 | 000,001,954 | -H-- | C] () -- C:\Users\Public\Desktop\Play Mystery Case Files - 13th Skull.lnk
[2011/02/25 08:59:03 | 000,001,252 | -H-- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/02/25 08:49:54 | 000,000,231 | -H-- | C] () -- C:\Users\Public\Desktop\More Great Games.url
[2010/10/14 01:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/09 17:20:38 | 000,741,634 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/24 18:33:39 | 000,000,109 | -H-- | C] () -- C:\Windows\wininit.ini
[2010/08/20 19:24:27 | 000,000,120 | -H-- | C] () -- C:\Users\Bob\AppData\Local\Lxiyabe.dat
[2010/08/20 19:24:27 | 000,000,000 | -H-- | C] () -- C:\Users\Bob\AppData\Local\Mcezazeqeqalu.bin
[2010/08/19 20:32:21 | 000,000,020 | -H-- | C] () -- C:\Users\Bob\AppData\Roaming\pnmfzy.dat
[2010/08/08 17:01:23 | 000,036,725 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2010/08/08 17:01:21 | 000,036,725 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/20 07:25:55 | 000,001,571 | -H-- | C] () -- C:\Windows\Faxcpp1.ini
[2010/07/20 07:25:55 | 000,000,422 | -H-- | C] () -- C:\Windows\Faxcpp.ini
[2010/07/20 07:24:53 | 000,241,664 | -H-- | C] () -- C:\Windows\SysWow64\Image32.dll
[2010/07/20 07:24:53 | 000,122,880 | -H-- | C] () -- C:\Windows\SysWow64\Png32.dll
[2010/07/20 07:24:53 | 000,110,592 | -H-- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2010/07/20 07:24:53 | 000,090,112 | -H-- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2010/07/20 07:24:53 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2010/07/20 07:24:53 | 000,040,960 | -H-- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2010/07/16 17:05:46 | 000,023,112 | -H-- | C] () -- C:\Windows\hpqins15.dat
[2010/03/12 16:51:05 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:12:54 | 000,000,088 | RHS- | C] () -- C:\ProgramData\0D40526A03.sys
[2010/03/09 18:12:53 | 000,005,018 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/02/14 19:28:49 | 000,004,096 | -H-- | C] () -- C:\Windows\d3dx.dat
[2010/01/17 21:42:20 | 000,000,680 | ---- | C] () -- C:\Users\Bob\AppData\Local\d3d9caps.dat
[2009/11/14 11:00:52 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/11/14 11:00:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/11/14 10:59:41 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/27 13:24:37 | 000,168,448 | -H-- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/08/23 17:08:13 | 000,000,298 | -H-- | C] () -- C:\Windows\vtmb.ini
[2009/07/11 19:57:12 | 000,000,036 | -H-- | C] () -- C:\Windows\Tiny_Run.ini
[2009/07/09 16:05:48 | 000,000,204 | -H-- | C] () -- C:\Users\Bob\AppData\Roaming\wklnhst.dat
[2009/06/15 17:17:54 | 000,005,632 | -H-- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 20:29:37 | 000,532,480 | -H-- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2009/01/30 19:24:34 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/01/30 19:03:45 | 000,125,668 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/01/27 20:31:19 | 000,139,753 | -H-- | C] () -- C:\Windows\hpoins15.dat
[2009/01/27 20:31:19 | 000,001,039 | -H-- | C] () -- C:\Windows\hpomdl15.dat
[2009/01/23 14:17:06 | 000,000,732 | -H-- | C] () -- C:\Users\Bob\AppData\Local\d3d9caps64.dat
[2009/01/04 13:01:04 | 000,000,752 | -H-- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008/10/15 10:29:45 | 002,026,604 | -H-- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/10/15 10:29:43 | 000,445,796 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/09/01 16:24:02 | 000,147,172 | -H-- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/08/18 13:28:20 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/21 02:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 15:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 12:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 12:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 09:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/11/02 15:06:41 | 000,026,040 | -H-- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 15:06:41 | 000,026,489 | -H-- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 15:06:41 | 000,029,779 | -H-- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/27 18:28:52 | 000,037,665 | -H-- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/18 09:02:22 | 000,000,221 | -HS- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/22 19:31:42 | 058,483,504 | ---- | M] () -- C:\Users\Bob\Desktop\drweb-cureit.exe
[2011/03/12 16:50:40 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup-1.50.1.1100.exe
[2009/03/22 20:10:27 | 000,803,448 | -H-- | M] (Creative Technology Ltd) -- C:\Users\Bob\Desktop\ZCST_PCAPP_LB_2_01_01.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/08/08 16:57:57 | 000,008,192 | -H-- | M] () -- C:\Windows\security\database\edb.chk
[2010/08/08 16:57:28 | 001,048,576 | -H-- | M] () -- C:\Windows\security\database\edb.log
[2009/01/04 12:42:32 | 001,048,576 | -H-- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/01/04 12:42:32 | 001,048,576 | -H-- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/08/08 16:57:28 | 001,056,768 | -H-- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/04 12:43:30 | 000,000,402 | -HS- | M] () -- C:\Users\Bob\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/28 14:32:39 | 000,000,088 | RHS- | M] () -- C:\ProgramData\0D40526A03.sys
[2011/03/12 16:35:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42983176
[2011/03/12 16:35:27 | 000,524,288 | -H-- | M] () -- C:\ProgramData\42983176.exe
[2011/03/12 16:09:08 | 000,000,400 | -H-- | M] () -- C:\ProgramData\43048712
[2011/03/12 16:01:31 | 000,524,288 | -H-- | M] () -- C:\ProgramData\43048712.exe
[2011/03/12 16:11:18 | 000,000,344 | -H-- | M] () -- C:\ProgramData\43114248
[2011/03/12 16:11:15 | 000,524,288 | -H-- | M] () -- C:\ProgramData\43114248.exe
[2011/03/12 15:47:02 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46915336
[2011/03/12 15:46:59 | 000,524,288 | -H-- | M] () -- C:\ProgramData\46915336.exe
[2010/05/08 10:47:56 | 000,148,736 | -H-- | M] (Avanquest Software) -- C:\ProgramData\hpe7AAD.dll
[2010/07/16 17:06:36 | 000,014,019 | -H-- | M] () -- C:\ProgramData\hpzinstall.log
[2010/03/28 14:32:40 | 000,005,018 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/12 14:50:38 | 000,036,725 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011/03/12 16:38:10 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~42983176
[2011/03/12 16:38:10 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42983176r
[2011/03/12 16:04:37 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~43048712
[2011/03/12 16:04:37 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43048712r
[2011/03/12 16:13:36 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~43114248
[2011/03/12 16:13:36 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43114248r
[2011/03/12 15:47:05 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~46915336
[2011/03/12 15:47:05 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46915336r

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2005/01/03 06:43:08 | 000,004,682 | -H-- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWOW64\npptNT2.sys
[2005/08/03 15:05:02 | 000,035,892 | -H-- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\SER9PL.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2008/01/21 02:50:15 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/04/04 17:32:07 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/11/17 17:25:49 | 000,057,344 | -H-- | M] () -- C:\clipstreamsa.dll
[2010/09/14 18:29:05 | 000,000,791 | -H-- | M] () -- C:\Debug.log
[2003/02/21 04:42:22 | 000,348,160 | -H-- | M] (Microsoft Corporation) -- C:\msvcr71.dll
[2011/03/25 07:05:35 | 2390,036,479 | -HS- | M] () -- C:\pagefile.sys
[2009/10/09 20:39:24 | 000,000,204 | -H-- | M] () -- C:\Plugins
[2011/03/12 21:11:23 | 000,001,002 | -H-- | M] () -- C:\rkill.log
[2011/03/12 16:29:35 | 000,060,480 | -H-- | M] () -- C:\TDSSKiller.2.4.21.0_12.03.2011_16.23.55_log.txt
[2009/08/22 13:28:14 | 000,000,346 | -H-- | M] () -- C:\TIM.SAV
[2009/08/22 13:06:24 | 000,000,169 | -H-- | M] () -- C:\timwin.ini

< %PROGRAMFILES%\*. >
[2009/03/25 17:18:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\A Vampyre Story
[2009/08/23 16:56:14 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Activision
[2010/10/09 13:46:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Adobe
[2010/03/21 22:26:52 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Alawar
[2010/08/03 08:24:18 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Amazon
[2010/08/24 17:42:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2009/11/03 07:46:02 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\AVS4YOU
[2011/02/25 08:49:12 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\bfgclient
[2011/02/22 19:01:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Bonjour
[2009/08/06 09:21:10 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Buka
[2011/03/12 20:56:33 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Common Files
[2011/01/11 14:30:17 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative
[2009/03/22 20:11:47 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative Installation Information
[2008/09/04 11:31:14 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\CyberLink
[2009/07/11 19:59:50 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\directx
[2009/12/05 18:45:25 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\DivX
[2011/03/25 07:06:16 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\DNA
[2010/01/01 21:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Drawn - The Painted Tower
[2009/08/24 16:07:39 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Electronic Arts
[2011/03/12 20:22:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2010/07/17 17:30:54 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\FFTS
[2009/09/07 07:15:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Firaxis Games
[2009/11/02 21:46:56 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Free WMA to MP3 Converter
[2009/10/09 21:25:59 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Games
[2010/02/05 12:39:33 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Google
[2009/01/27 20:37:53 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2010/07/16 17:05:57 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\HP
[2010/12/20 13:55:49 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\HUAWEI Modem Driver
[2008/09/01 16:49:10 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\IDT
[2011/02/28 19:04:01 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\ImgBurn
[2011/02/22 19:57:48 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/01/04 12:42:38 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Intel
[2011/02/11 09:35:44 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/05/27 18:49:36 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\iWin.com Games
[2009/01/18 12:11:17 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Java
[2009/08/27 13:25:10 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\K-Lite Codec Pack
[2009/05/27 18:49:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Kalypso
[2011/02/26 22:57:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Kalypso Media
[2010/07/20 07:25:55 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\LifeScan
[2009/10/24 15:39:14 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Lighthouse Interactive
[2011/03/12 21:10:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/02/21 15:14:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2008/09/02 13:40:17 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Microsoft Office
[2008/09/02 13:41:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
[2011/01/02 08:46:11 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/01/02 09:33:11 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/10/09 17:15:31 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/02/27 15:39:40 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Monte Cristo
[2011/03/25 07:54:56 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2006/11/02 15:07:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\MSBuild
[2009/01/11 22:48:19 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/02/25 08:59:03 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Mystery Case Files - 13th Skull
[2010/06/06 16:08:03 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Neffy
[2009/03/25 16:19:08 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Nero
[2009/07/18 18:18:42 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\NOS
[2010/08/08 16:57:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/12/20 13:53:39 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\O2
[2010/07/20 08:34:50 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\OneTouch USB Driver
[2011/01/30 13:28:30 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Opera
[2009/10/09 20:39:19 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Pando Networks
[2009/12/27 19:15:00 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Paradox Interactive
[2009/11/21 20:20:35 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Plants vs. Zombies
[2011/01/22 17:42:38 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2011/02/22 18:59:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\QuickTime
[2006/11/02 15:07:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/02/27 18:50:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\SEGA
[2010/09/14 18:27:48 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Sony
[2010/05/08 10:47:43 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Sony Ericsson
[2010/09/14 18:27:35 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Sony Media Go Install
[2010/08/24 17:49:51 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/03/21 11:47:17 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Stardock
[2009/03/21 12:08:36 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Stardock Games
[2011/03/25 07:06:30 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Steam
[2010/08/08 16:49:23 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2008/09/02 13:36:12 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\The TechGuys
[2006/11/02 15:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/06/27 18:37:45 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Calendar
[2008/01/21 03:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008/01/21 03:09:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Defender
[2011/01/02 09:39:19 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Live
[2011/02/11 09:35:49 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Mail
[2010/03/09 18:04:00 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Media Components
[2010/10/14 09:52:55 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 15:07:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows NT
[2010/06/27 18:37:45 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2010/06/29 16:35:39 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/06/27 18:37:45 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009/09/01 07:37:29 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\WinRAR
[2009/11/03 07:40:44 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\WinXMedia

< %appdata%\*.* >
[2009/03/28 20:47:30 | 000,000,002 | -H-- | M] () -- C:\Users\Bob\AppData\Roaming\ceville_console_history.txt
[2010/08/24 17:31:48 | 000,000,020 | -H-- | M] () -- C:\Users\Bob\AppData\Roaming\pnmfzy.dat
[2009/07/09 16:05:52 | 000,000,204 | -H-- | M] () -- C:\Users\Bob\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2008/01/21 02:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/21 02:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/21 02:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 02:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 07:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 07:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 11:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2008/01/21 02:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys
[2009/04/11 07:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\SysNative\drivers\disk.sys
[2009/04/11 07:15:25 | 000,067,032 | ---- | M] (Microsoft Corporation) MD5=B0107E40ECDB5FA692EBF832F295D905 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_57d0967429abbfdc\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 02:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/21 02:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 02:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 07:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 07:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/21 02:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/21 02:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/21 02:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 02:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/21 02:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 07:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009/04/11 07:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/21 02:47:25 | 000,066,048 | ---- | M] (Microsoft Corporation) MD5=586D9876A4945779C8EEA926C0D16889 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_a4a4ea3a50308c79\USBSTOR.SYS
[2009/04/11 05:39:38 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=B854C1558FCA0C269A38663E8B59B581 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2009/04/11 05:39:38 | 000,077,824 | ---- | M] (Microsoft Corporation) MD5=B854C1558FCA0C269A38663E8B59B581 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_a69063464d5257c5\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 238 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:50636E35
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:98982C88
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2E176731
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FED25C29
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A6CDBCAC
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:052E15C3
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:57176330
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4F8B72C9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:F437A62A
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:61AF2B29

< End of report >

madcat42

Unborn
Unborn

Posts : 3
Joined : 2011-03-23
Operating System : Vista

View user profile

Back to top Go down

Re: Another Windows Diagnostic Victim

Post by Belahzur on Sat 26 Mar 2011, 7:23 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Another Windows Diagnostic Victim

Post by Sponsored content Today at 5:58 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum