hmtl/fakeav.y

View previous topic View next topic Go down

hmtl/fakeav.y

Post by lolaplow on Tue Jun 07, 2011 11:28 am

Hi,
My name is James and my avira antivirus has found (i dont no what it is) hmtl/fakeav.y . I have quarantined it for the moment. I would like some help removing this from my laptop.
I have done the OTL and aswMBR scans which I will post, (sorry might take a sec im new to this:P)

thank you.
James

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Tue Jun 07, 2011 11:32 am

OTL logfile created on: 6/7/2011 11:04:47 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\James\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.06% Memory free
7.60 Gb Paging File | 5.66 Gb Available in Paging File | 74.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.40 Gb Total Space | 102.13 Gb Free Space | 22.93% Space Free | Partition Type: NTFS
Drive D: | 20.06 Gb Total Space | 2.92 Gb Free Space | 14.54% Space Free | Partition Type: NTFS

Computer Name: JAMES-HP | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/07 22:58:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
PRC - [2011/05/01 21:28:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/17 11:43:32 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/04 13:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 13:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/19 12:04:12 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2011/02/16 19:23:40 | 001,759,232 | ---- | M] (TODO: ) -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011/01/05 21:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/14 16:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/06/30 14:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/30 13:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/06/25 17:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/05/01 13:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/01 13:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2010/04/14 15:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
PRC - [2010/04/10 11:54:38 | 001,441,544 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/02 21:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 21:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (SafeList) ==========

MOD - [2011/06/07 22:58:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
MOD - [2010/08/21 17:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/16 21:01:06 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/06/30 06:52:12 | 004,181,256 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/06/22 17:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/19 11:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/18 17:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/05/21 08:28:14 | 000,677,128 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/05/21 08:28:12 | 001,096,968 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2009/07/14 13:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/09 07:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/05/01 21:28:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/17 11:43:32 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/03/04 13:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/14 16:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/16 21:01:05 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/30 14:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/05/01 13:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/01 13:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/04/04 11:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/02 21:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 21:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/11 09:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/04 13:37:13 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/03/04 13:37:12 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/01/16 20:44:18 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/07/27 10:09:29 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/07/27 10:09:29 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/30 05:12:26 | 003,232,768 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/06/25 17:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/24 16:37:24 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/06/22 19:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/22 17:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/06/22 17:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/22 17:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/18 17:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/28 11:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/07 01:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/05/01 13:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/04/14 04:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/10 11:53:04 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2010/03/05 17:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/12 10:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/02 21:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 21:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 21:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 21:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/10/27 08:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/08/10 15:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/09 07:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/09 07:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/11 09:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 09:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 09:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 08:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 08:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 08:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 08:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.nz/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/09/16 21:26:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/16 21:26:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/12/28 17:07:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/14 21:26:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/14 21:26:11 | 000,000,000 | ---D | M]

[2011/01/11 16:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2011/05/14 21:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n1tjtog7.default\extensions
[2011/01/16 20:44:14 | 000,002,059 | ---- | M] () -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n1tjtog7.default\searchplugins\daemon-search.xml
[2011/03/26 20:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/26 20:53:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/14 21:26:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/14 21:26:10 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/14 21:26:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2011/05/14 21:26:10 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/14 21:26:10 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/14 21:26:10 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/11 09:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Tue Jun 07, 2011 11:34 am


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 22:58:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2011/06/05 17:13:27 | 000,353,840 | ---- | C] (RealNetworks, Inc.) -- C:\Users\James\Desktop\RealPlayer11GOLD.exe
[2011/06/04 16:00:26 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\EPSON
[2011/05/26 23:37:13 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/05/26 23:37:13 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/05/26 23:37:13 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/05/26 23:37:12 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/05/26 23:37:11 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/05/26 23:37:11 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/05/26 23:37:11 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/05/26 23:36:41 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/05/26 23:36:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/05/26 23:36:40 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/05/26 23:36:40 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/05/26 23:36:40 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/05/26 23:36:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/05/26 23:36:40 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/05/26 23:36:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/05/26 23:36:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/05/26 23:36:40 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/05/26 23:36:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/05/26 23:36:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/05/26 23:36:39 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/05/26 23:36:39 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/05/26 23:36:26 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/05/26 23:36:26 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/05/26 23:36:26 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/05/26 23:36:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/05/26 23:36:24 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/26 23:36:23 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/26 23:36:23 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/26 23:36:22 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/05/26 23:36:22 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/05/26 23:36:20 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/05/26 23:36:20 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/05/26 23:36:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/05/26 23:36:16 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/05/26 23:36:15 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/05/26 23:36:11 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/05/26 23:36:11 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/05/26 23:36:11 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/05/26 23:36:10 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/05/26 23:36:10 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/05/26 23:36:10 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/05/26 23:36:10 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/05/26 23:33:49 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/05/26 23:33:49 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/05/26 23:32:21 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/05/26 19:26:43 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/05/21 11:15:46 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Razer
[2011/05/21 11:13:53 | 000,085,504 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysWow64\DeathAdder64.cpl
[2011/05/21 11:13:49 | 000,047,104 | ---- | C] (Cypress Semiconductor) -- C:\Windows\SysNative\drivers\CYUSB.sys
[2011/05/21 11:13:49 | 000,013,312 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\VKbms.sys
[2011/05/21 11:13:49 | 000,006,656 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys
[2011/05/21 11:13:48 | 000,012,032 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\danew.sys
[2011/05/21 11:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2011/05/21 11:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2011/05/16 22:43:21 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Media Converter for Philips
[2011/05/15 00:54:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Beam

========== Files - Modified Within 30 Days ==========

[2011/06/07 22:58:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2011/06/07 21:09:53 | 000,000,206 | ---- | M] () -- C:\Users\James\Desktop\hwmonitorw.ini
[2011/06/07 21:03:56 | 000,001,854 | ---- | M] () -- C:\Users\James\AppData\Roaming\GhostObjGAFix.xml
[2011/06/07 21:01:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 21:01:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/07 20:53:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/07 20:53:10 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 00:19:11 | 1047,527,427 | ---- | M] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part7.rar
[2011/06/07 00:03:24 | 000,740,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/07 00:03:24 | 000,637,672 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/07 00:03:24 | 000,114,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/06 23:02:36 | 105,909,511 | ---- | M] () -- C:\Users\James\Desktop\Foo_Fighters_-_Wasting_Light_2011_320kbps.rar
[2011/06/06 22:38:50 | 835,706,956 | ---- | M] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part8.rar
[2011/06/06 21:29:19 | 1047,527,427 | ---- | M] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part6.rar
[2011/06/06 20:11:57 | 1047,527,427 | ---- | M] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part5.rar
[2011/06/06 18:02:26 | 1047,527,430 | ---- | M] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part4.rar
[2011/06/06 16:21:17 | 1047,527,436 | ---- | M] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part3.rar
[2011/06/06 14:50:07 | 1047,527,442 | ---- | M] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part2.rar
[2011/06/06 13:32:29 | 1047,527,442 | ---- | M] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part1.rar
[2011/06/06 11:01:49 | 1073,741,824 | ---- | M] () -- C:\Users\Public\Documents\sr-fable3.iso.part7.rar
[2011/06/06 09:51:46 | 627,213,134 | ---- | M] () -- C:\Users\Public\Documents\sr-fable3.iso.part8.rar
[2011/06/06 03:59:38 | 1073,741,824 | ---- | M] () -- C:\Users\Public\Documents\sr-fable3.iso.part6.rar
[2011/06/05 23:40:27 | 1073,741,824 | ---- | M] () -- C:\Users\Public\Documents\sr-fable3.iso.part4.rar
[2011/06/05 21:06:56 | 1073,741,824 | ---- | M] () -- C:\Users\Public\Documents\sr-fable3.iso.part3.rar
[2011/06/05 19:44:30 | 1073,741,824 | ---- | M] () -- C:\Users\Public\Documents\sr-fable3.iso.part2.rar
[2011/06/05 18:28:27 | 1073,741,824 | ---- | M] () -- C:\Users\Public\Documents\sr-fable3.iso.part1.rar
[2011/06/01 16:36:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJames.job
[2011/05/26 23:48:35 | 000,425,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/14 21:26:46 | 000,002,056 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/06/07 21:03:56 | 000,001,854 | ---- | C] () -- C:\Users\James\AppData\Roaming\GhostObjGAFix.xml
[2011/06/06 23:59:56 | 105,909,511 | ---- | C] () -- C:\Users\James\Desktop\Foo_Fighters_-_Wasting_Light_2011_320kbps.rar
[2011/06/06 23:03:41 | 1047,527,427 | ---- | C] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part7.rar
[2011/06/06 21:47:42 | 835,706,956 | ---- | C] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part8.rar
[2011/06/06 20:29:47 | 1047,527,427 | ---- | C] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part6.rar
[2011/06/06 19:11:41 | 1047,527,427 | ---- | C] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part5.rar
[2011/06/06 16:52:31 | 1047,527,430 | ---- | C] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part4.rar
[2011/06/06 15:07:36 | 1047,527,436 | ---- | C] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part3.rar
[2011/06/06 13:50:30 | 1047,527,442 | ---- | C] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part2.rar
[2011/06/06 12:36:35 | 1047,527,442 | ---- | C] () -- C:\Users\Public\Documents\The_Witcher_2_Assassins_of_Kings-k1koo.part1.rar
[2011/06/06 10:13:48 | 1073,741,824 | ---- | C] () -- C:\Users\Public\Documents\sr-fable3.iso.part7.rar
[2011/06/06 09:26:12 | 627,213,134 | ---- | C] () -- C:\Users\Public\Documents\sr-fable3.iso.part8.rar
[2011/06/06 02:10:46 | 1073,741,824 | ---- | C] () -- C:\Users\Public\Documents\sr-fable3.iso.part6.rar
[2011/06/05 21:18:14 | 1073,741,824 | ---- | C] () -- C:\Users\Public\Documents\sr-fable3.iso.part4.rar
[2011/06/05 19:55:35 | 1073,741,824 | ---- | C] () -- C:\Users\Public\Documents\sr-fable3.iso.part3.rar
[2011/06/05 18:42:20 | 1073,741,824 | ---- | C] () -- C:\Users\Public\Documents\sr-fable3.iso.part2.rar
[2011/06/05 17:08:28 | 1073,741,824 | ---- | C] () -- C:\Users\Public\Documents\sr-fable3.iso.part1.rar
[2011/05/14 21:26:14 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/31 20:02:48 | 000,000,093 | ---- | C] () -- C:\Users\James\AppData\Local\fusioncache.dat
[2011/03/30 21:51:55 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/30 21:51:54 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/30 21:51:54 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/02/20 16:53:53 | 000,748,584 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/07 18:42:47 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/02/07 18:42:47 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/02/07 18:42:47 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/02/07 18:42:47 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/02/07 18:42:47 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/02/07 18:42:47 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/02/07 18:42:47 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/02/07 18:42:47 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/02/07 18:42:47 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/02/07 18:42:47 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/02/07 18:42:47 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/02/07 18:42:47 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/02/07 18:42:47 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/02/07 18:42:47 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/02/07 18:42:47 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/02/07 18:42:47 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/02/07 18:42:47 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/02/07 18:42:47 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/02/07 18:42:47 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/02/07 18:38:53 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX3900EC.ini
[2011/01/16 22:37:12 | 000,000,341 | ---- | C] () -- C:\Windows\game.ini
[2011/01/14 20:05:32 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/01/14 20:05:32 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/01/14 20:05:32 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/01/14 19:49:41 | 000,049,187 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/01/01 21:17:13 | 000,038,407 | ---- | C] () -- C:\Windows\scunin.dat
[2010/09/16 21:03:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/16 21:00:51 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/09/16 20:57:17 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010/09/16 20:55:36 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/09/16 20:55:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/09/16 20:55:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/09/16 20:55:35 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/09/16 20:55:35 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/09/16 20:55:34 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/16 20:55:18 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/09/16 20:55:18 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/07/27 12:22:49 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/27 11:22:20 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/02/10 13:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 17:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 14:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 12:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 11:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 09:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/14 09:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 09:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/12/31 19:44:25 | 001,750,504 | ---- | M] (CPUID) -- C:\Users\James\Desktop\HWMonitor.exe
[2008/11/09 12:18:16 | 000,353,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\James\Desktop\RealPlayer11GOLD.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/05/14 21:26:08 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2011/05/14 21:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2011/05/14 21:26:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2011/05/14 21:26:10 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/06/07 20:56:39 | 000,000,018 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\log.txt
[2009/07/14 11:43:53 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\stdole2.tlb

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/07/27 10:44:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/05/21 12:18:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\All games
[2010/12/28 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ArcSoft
[2010/09/16 20:57:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/03/26 21:00:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2010/09/16 21:26:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2011/03/26 20:53:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/09/16 21:18:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/01/16 20:44:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/02/07 19:56:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EPSON
[2011/01/04 21:07:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2010/09/16 21:01:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2010/09/16 21:24:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/07/27 11:32:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
[2011/05/21 11:13:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/16 20:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/05/26 23:47:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/03/26 20:53:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/07/27 09:27:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/02/20 16:53:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/03/28 21:49:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/07/27 11:32:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/07/27 09:28:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/03/28 21:49:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/03/28 21:47:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/03/28 21:50:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/03/28 21:49:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/14 21:26:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2011/03/28 21:49:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/09/16 21:26:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2010/12/29 21:51:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/12/26 01:33:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2010/09/16 21:00:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ralink
[2011/05/21 11:13:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Razer
[2010/09/16 20:59:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 17:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/09/16 21:04:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoftStylus
[2011/03/30 20:49:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
[2009/07/14 16:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/14 17:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/07/27 09:28:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/07/27 09:27:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/12/29 21:59:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/12/29 21:59:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 17:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 17:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 17:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/12/26 01:32:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/01/14 18:56:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR


< MD5 for: AGP440.SYS >
[2009/07/14 13:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 13:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 13:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 13:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 13:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 13:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTOR.SYS >
[2010/04/14 04:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/04/14 04:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 13:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 13:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 13:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 13:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2010/07/27 10:09:29 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010/07/27 10:09:29 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_c09ee40f078b4594\nvstor.sys
[2010/07/27 10:09:29 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 13:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 13:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010/07/27 10:09:29 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/14 21:26:10 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/14 21:26:10 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/14 21:26:10 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/05/14 21:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/05/14 21:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/14 21:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 13:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 13:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 13:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/24 17:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/24 17:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/05/14 21:26:10 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/05/14 21:26:10 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/05/14 21:26:10 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/05/14 21:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/05/14 21:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/05/14 21:26:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 13:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 13:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 13:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/24 17:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/02/24 17:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Tue Jun 07, 2011 11:35 am

OTL Extras logfile created on: 6/7/2011 11:04:47 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\James\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.06% Memory free
7.60 Gb Paging File | 5.66 Gb Available in Paging File | 74.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.40 Gb Total Space | 102.13 Gb Free Space | 22.93% Space Free | Partition Type: NTFS
Drive D: | 20.06 Gb Total Space | 2.92 Gb Free Space | 14.54% Space Free | Partition Type: NTFS

Computer Name: JAMES-HP | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23401053-03B3-845A-A946-32BEB58AB5AC}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{34DA4817-68E1-CC8B-A9A5-392095FA28C9}" = ATI Catalyst Install Manager
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Ralink Motorola BC4 Bluetooth 3.0+HS Adapter_is1" = Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0A653E82-9056-A08A-8262-62F59FF285C7}" = CCC Help Korean
"{0D542538-335E-08BA-21C5-62E9A7B2BE60}" = Catalyst Control Center InstallProxy
"{11A63D4E-6512-6D57-8690-3D656A483AB0}" = CCC Help French
"{132234A4-9362-4829-957F-FF11715F7815}" = HP Documentation
"{147D8BB7-FEE8-5D53-390D-7FB94FC26BC8}" = CCC Help Italian
"{16734097-34B9-C5E3-7863-7A9CAAEB391F}" = ccc-core-static
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{222A544B-E6B7-496F-B4D7-6FE74FF0E616}" = Bing Bar Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{35772A32-7A3D-A8FC-840C-B84B536E62FD}" = CCC Help Swedish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42C095E5-4CE2-A376-9893-93431C6A236E}" = CCC Help Dutch
"{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}" = GoGear ARIA Device Manager
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding
"{5BA6D86E-AA0D-05FF-09B5-ED3CD5277A42}" = CCC Help German
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6B65BA9C-2E00-3BCB-8EA5-94A7841B39C1}" = CCC Help Thai
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{70743ADB-DD63-DA15-1E6C-32D88C54E04D}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{778E3C06-48EB-79CA-775E-BEA3086896AD}" = CCC Help Japanese
"{7A083F0E-189D-9100-8883-3B7E75B53E3F}" = CCC Help Chinese Traditional
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE4C1DF-D685-56CB-4B4E-181A12FFAF55}" = CCC Help Turkish
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT3090 802.11b/g/n WiFi Adapter
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{925BC35B-CA11-577E-95C7-67C5BD4776BA}" = Catalyst Control Center Graphics Previews Common
"{93138715-2252-4107-C3C6-D7F8ACAD4956}" = CCC Help Finnish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95A73EEC-18CA-0C70-2E88-C6F901C69583}" = CCC Help Russian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C7243A7-5C0E-3190-A042-01D88F7BB791}" = CCC Help Portuguese
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AA6F75E4-1807-4AAF-8CCC-4B9A48476BA5}" = Catalyst Control Center Localization All
"{AC20F304-F02A-473E-BDE7-2400FC7429ED}" = SoftStylus
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
"{ACF5C43A-3E69-ED63-FCF9-831B3B9D1516}" = CCC Help Polish
"{AF144D2F-E890-B537-DC7C-DE01A8AC5405}" = CCC Help Norwegian
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4201487-FA15-8BCC-6833-E355A43CCCDB}" = Catalyst Control Center Graphics Previews Vista
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5DE2511-C5D3-0AAC-0470-606067398EBB}" = CCC Help Chinese Standard
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C77A8D2F-DE6E-E548-FA06-C56251441D95}" = CCC Help Spanish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E93EAD24-E483-52AA-2E6F-C792E51E3F92}" = CCC Help Czech
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{ECB2E743-BFBD-7C77-6C62-F54ACD0ECE6D}" = CCC Help Hungarian
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0A06BEC-E4BA-DB4F-C3DF-37A3C77780EF}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F90DE865-1A3D-D6D6-0638-F1D2EFCB5C29}" = PX Profile Update
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD7DDB2A-445B-78D3-EAFB-6F7BE425285E}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ESCX3900 User's Guide" = ESCX3900 User's Guide
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PunkBusterSvc" = PunkBuster Services
"Starcraft" = Starcraft
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT087328" = Blackhawk Striker 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087374" = Jewel Quest - Heritage
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2011 2:34:17 AM | Computer Name = James-HP | Source = Application Hang | ID = 1002
Description = The program CoDWaW.exe version 1.0.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: d44 Start Time:
01cc017aa3c64703 Termination Time: 1132 Application Path: C:\Program Files (x86)\All
games\cod world at war\CoDWaW.exe Report Id:

Error - 4/26/2011 3:41:06 AM | Computer Name = James-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/26/2011 3:42:27 AM | Computer Name = James-HP | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 4/26/2011 11:14:56 PM | Computer Name = James-HP | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.4518.1014 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1090 Start
Time: 01cc0488eaf85335 Termination Time: 16 Application Path: C:\Program Files (x86)\Microsoft
Office\Office12\WINWORD.EXE Report Id: 78e23976-707c-11e0-8cd3-c26b39a87bd1

Error - 4/27/2011 6:42:20 AM | Computer Name = James-HP | Source = Application Hang | ID = 1002
Description = The program AssassinsCreedIIGame.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 310 Start
Time: 01cc04c7a4532f7e Termination Time: 5 Application Path: C:\Program Files (x86)\All
games\Asn creed 2\AssassinsCreedIIGame.exe Report Id: 0517c5a8-70bb-11e0-be8b-80cfb25a69d2


Error - 4/28/2011 12:06:09 AM | Computer Name = James-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/28/2011 12:07:56 AM | Computer Name = James-HP | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 5/4/2011 2:09:43 AM | Computer Name = James-HP | Source = Application Error | ID = 1000
Description = Faulting application name: GameConsole-wt.exe, version: 3.0.4870.0,
time stamp: 0x4bb7c9b5 Faulting module name: GameConsole-wt.exe, version: 3.0.4870.0,
time stamp: 0x4bb7c9b5 Exception code: 0xc0000005 Fault offset: 0x00077dd0 Faulting
process id: 0x60c Faulting application start time: 0x01cc0a21d1a098a2 Faulting application
path: C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe Faulting
module path: C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe
Report
Id: 19cc9518-7615-11e0-b966-a42f210630d1

Error - 5/9/2011 10:14:39 PM | Computer Name = James-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/9/2011 10:16:34 PM | Computer Name = James-HP | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

[ Hewlett-Packard Events ]
Error - 5/3/2011 3:42:18 AM | Computer Name = James-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051103074215.xml
File not created by asset agent

[ HP Wireless Assistant Events ]
Error - 12/25/2010 10:33:44 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:33:49 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:34:55 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:35:00 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:36:05 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:36:10 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:37:15 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:37:21 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:38:26 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 12/25/2010 10:38:31 PM | Computer Name = James-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

[ Media Center Events ]
Error - 1/22/2011 4:54:16 AM | Computer Name = James-HP | Source = MCUpdate | ID = 0
Description = 9:54:16 p.m. - Failed to retrieve Directory (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 2/15/2011 3:34:03 PM | Computer Name = James-HP | Source = MCUpdate | ID = 0
Description = 8:34:03 a.m. - Failed to retrieve Directory (Error: The operation
has timed out)

Error - 2/23/2011 9:27:36 PM | Computer Name = James-HP | Source = MCUpdate | ID = 0
Description = 2:27:36 p.m. - Failed to retrieve Directory (Error: The operation
has timed out)

[ System Events ]
Error - 5/11/2011 7:13:46 AM | Computer Name = James-HP | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Client service failed to start due
to the following error: %%1053

Error - 5/11/2011 7:13:47 AM | Computer Name = James-HP | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1053

Error - 5/11/2011 7:14:49 AM | Computer Name = James-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 5/19/2011 2:47:44 AM | Computer Name = James-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.1.72. The computer with the IP address 192.168.1.71 did
not allow the name to be claimed by this computer.

Error - 5/19/2011 1:54:54 PM | Computer Name = James-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/19/2011 1:54:54 PM | Computer Name = James-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/19/2011 1:54:55 PM | Computer Name = James-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/22/2011 11:50:19 PM | Computer Name = James-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Application
Virtualization Client service to connect.

Error - 5/22/2011 11:50:19 PM | Computer Name = James-HP | Source = Service Control Manager | ID = 7000
Description = The Application Virtualization Client service failed to start due
to the following error: %%1053

Error - 5/22/2011 11:50:19 PM | Computer Name = James-HP | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1053


< End of report >

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Tue Jun 07, 2011 11:36 am

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-07 23:19:37
-----------------------------
23:19:37.678 OS Version: Windows x64 6.1.7600
23:19:37.678 Number of processors: 4 586 0x2505
23:19:37.678 ComputerName: JAMES-HP UserName: James
23:19:39.846 Initialize success
23:20:21.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:20:21.373 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
23:20:21.389 Disk 0 MBR read successfully
23:20:21.405 Disk 0 MBR scan
23:20:21.405 Disk 0 unknown MBR code
23:20:21.405 Service scanning
23:20:22.341 Disk 0 trace - called modules:
23:20:22.356 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
23:20:22.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006ff6060]
23:20:22.372 3 CLASSPNP.SYS[fffff88001b0f43f] -> nt!IofCallDriver -> [0xfffffa800511e9a0]
23:20:22.372 5 hpdskflt.sys[fffff8800160b289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ffe050]
23:20:22.387 Scan finished successfully
23:21:20.591 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
23:21:20.591 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"







k it should be all here thanks

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Tue Jun 07, 2011 11:40 am

oh i have forgotten, i have also saved my avira log from when i quarantined html/fakeav.y which ill post if it will help




Avira AntiVir Personal
Report file date: Tuesday, 7 June 2011 21:04

Scanning for 2731750 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JAMES-HP

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 1/04/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 1/05/2011 09:28:41
AVSCAN.DLL : 10.0.3.0 46440 Bytes 31/03/2010 23:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 4/03/2011 01:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 10:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 20:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 01:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/02/2011 01:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 7/04/2011 03:26:52
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 08:58:42
VBASE005.VDF : 7.11.8.179 2048 Bytes 31/05/2011 08:58:42
VBASE006.VDF : 7.11.8.180 2048 Bytes 31/05/2011 08:58:43
VBASE007.VDF : 7.11.8.181 2048 Bytes 31/05/2011 08:58:43
VBASE008.VDF : 7.11.8.182 2048 Bytes 31/05/2011 08:58:44
VBASE009.VDF : 7.11.8.183 2048 Bytes 31/05/2011 08:58:45
VBASE010.VDF : 7.11.8.184 2048 Bytes 31/05/2011 08:58:46
VBASE011.VDF : 7.11.8.185 2048 Bytes 31/05/2011 08:58:46
VBASE012.VDF : 7.11.8.186 2048 Bytes 31/05/2011 08:58:47
VBASE013.VDF : 7.11.8.222 121856 Bytes 2/06/2011 08:58:55
VBASE014.VDF : 7.11.9.7 134656 Bytes 4/06/2011 08:59:05
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/06/2011 08:59:13
VBASE016.VDF : 7.11.9.43 2048 Bytes 6/06/2011 08:59:14
VBASE017.VDF : 7.11.9.44 2048 Bytes 6/06/2011 08:59:14
VBASE018.VDF : 7.11.9.45 2048 Bytes 6/06/2011 08:59:15
VBASE019.VDF : 7.11.9.46 2048 Bytes 6/06/2011 08:59:15
VBASE020.VDF : 7.11.9.47 2048 Bytes 6/06/2011 08:59:16
VBASE021.VDF : 7.11.9.48 2048 Bytes 6/06/2011 08:59:16
VBASE022.VDF : 7.11.9.49 2048 Bytes 6/06/2011 08:59:17
VBASE023.VDF : 7.11.9.50 2048 Bytes 6/06/2011 08:59:18
VBASE024.VDF : 7.11.9.51 2048 Bytes 6/06/2011 08:59:19
VBASE025.VDF : 7.11.9.52 2048 Bytes 6/06/2011 08:59:19
VBASE026.VDF : 7.11.9.53 2048 Bytes 6/06/2011 08:59:20
VBASE027.VDF : 7.11.9.54 2048 Bytes 6/06/2011 08:59:22
VBASE028.VDF : 7.11.9.55 2048 Bytes 6/06/2011 08:59:22
VBASE029.VDF : 7.11.9.56 2048 Bytes 6/06/2011 08:59:23
VBASE030.VDF : 7.11.9.57 2048 Bytes 6/06/2011 08:59:24
VBASE031.VDF : 7.11.9.67 89088 Bytes 7/06/2011 08:59:33
Engineversion : 8.2.5.12
AEVDF.DLL : 8.1.2.1 106868 Bytes 4/03/2011 01:36:49
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 31/05/2011 10:54:34
AESCN.DLL : 8.1.7.2 127349 Bytes 4/03/2011 01:36:48
AESBX.DLL : 8.2.1.34 323957 Bytes 7/06/2011 09:01:37
AERDL.DLL : 8.1.9.9 639347 Bytes 26/03/2011 09:02:57
AEPACK.DLL : 8.2.6.8 557430 Bytes 19/05/2011 06:49:28
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 7/06/2011 09:01:28
AEHEUR.DLL : 8.1.2.123 3502456 Bytes 7/06/2011 09:01:18
AEHELP.DLL : 8.1.17.2 246135 Bytes 25/05/2011 05:55:10
AEGEN.DLL : 8.1.5.6 401780 Bytes 25/05/2011 05:54:44
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/03/2011 01:36:40
AECORE.DLL : 8.1.21.1 196983 Bytes 25/05/2011 05:54:00
AEBB.DLL : 8.1.1.0 53618 Bytes 4/03/2011 01:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/03/2011 01:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 4/03/2011 01:36:52
AVREP.DLL : 10.0.0.10 174120 Bytes 19/05/2011 06:49:32
AVREG.DLL : 10.0.3.2 53096 Bytes 4/03/2011 01:36:52
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 1/05/2011 09:28:41
AVARKT.DLL : 10.0.22.6 231784 Bytes 4/03/2011 01:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/03/2011 01:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 01:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/03/2011 01:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 01:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/03/2011 01:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 4/03/2011 01:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, Q:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, 7 June 2011 21:04

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'firefox.exe' - '109' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '99' Module(s) have been scanned
Scan process 'HPSF.exe' - '128' Module(s) have been scanned
Scan process 'IELowutil.exe' - '31' Module(s) have been scanned
Scan process 'wlcomm.exe' - '84' Module(s) have been scanned
Scan process 'UNS.exe' - '59' Module(s) have been scanned
Scan process 'LMS.exe' - '29' Module(s) have been scanned
Scan process 'HPAdvisor.exe' - '91' Module(s) have been scanned
Scan process 'btplayerctrl.exe' - '29' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '38' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '78' Module(s) have been scanned
Scan process 'vdDaemon.exe' - '36' Module(s) have been scanned
Scan process 'razerofa.exe' - '18' Module(s) have been scanned
Scan process 'razertra.exe' - '30' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '36' Module(s) have been scanned
Scan process 'razerhid.exe' - '42' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'jusched.exe' - '26' Module(s) have been scanned
Scan process 'ArcCon.ac' - '52' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '43' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '47' Module(s) have been scanned
Scan process 'mswinext.exe' - '101' Module(s) have been scanned
Scan process 'sftlist.exe' - '71' Module(s) have been scanned
Scan process 'sftvsa.exe' - '28' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '27' Module(s) have been scanned
Scan process 'DTLite.exe' - '45' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '186' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '32' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '34' Module(s) have been scanned
Scan process 'avguard.exe' - '72' Module(s) have been scanned
Scan process 'ACService.exe' - '24' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'Q:\'
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights

Starting to scan executable files (registry).
The registry was scanned ( '133' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
[DETECTION] Is the TR/Black.Gen2 Trojan
C:\Users\James\AppData\Local\Mozilla\Firefox\Profiles\n1tjtog7.default\Cache\F\EC\2186Ad01
[DETECTION] Contains recognition pattern of the HTML/FakeAV.Y HTML script virus
Begin scan in 'D:\'
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Access is denied.

Beginning disinfection:
C:\Users\James\AppData\Local\Mozilla\Firefox\Profiles\n1tjtog7.default\Cache\F\EC\2186Ad01
[DETECTION] Contains recognition pattern of the HTML/FakeAV.Y HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '4be35abd.qua'.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
[DETECTION] Is the TR/Black.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5307754b.qua'.


End of the scan: Tuesday, 7 June 2011 22:31
Used time: 1:25:23 Hour(s)

The scan has been done completely.

35562 Scanned directories
1439377 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1439375 Files not concerned
7191 Archives were scanned
0 Warnings
4 Notes
563003 Objects were scanned with rootkit scan
2 Hidden objects were found



thanks again

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by Belahzur on Tue Jun 07, 2011 6:21 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Wed Jun 08, 2011 3:38 am

Hi, i have installed Malwarebytes' Anti-Malware and scaned my system. it said i do not have any malicious items so i couldnt do the last 3 bullet points

Heres the log


Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 6805

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/06/2011 3:31:13 p.m.
mbam-log-2011-06-08 (15-31-13).txt

Scan type: Quick scan
Objects scanned: 166892
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by Belahzur on Wed Jun 08, 2011 9:04 pm

Hello.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Thu Jun 09, 2011 7:55 am

Hi,
I downloaded the combofix and changed the name. i clicked into the file(after disabling my anti virus' but i the last 3 bullet points i couldnt do as i dont think there was a 'start'. but it did produce a log
here it is

ComboFix 11-06-08.04 - James 09/06/2011 19:44:14.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.3894.2432 [GMT 12:00]
Running from: c:\users\James\Desktop\commy.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-09 07:48 . 2011-06-09 07:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-09 07:28 . 2011-06-09 07:29 -------- d-----w- C:\commy
2011-06-08 03:17 . 2011-06-08 03:17 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes
2011-06-08 03:17 . 2011-05-28 21:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-08 03:17 . 2011-06-08 03:17 -------- d-----w- c:\programdata\Malwarebytes
2011-06-08 03:17 . 2011-06-08 03:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-08 03:17 . 2011-05-28 21:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 04:00 . 2011-06-04 04:00 -------- d-----w- c:\users\James\AppData\Roaming\EPSON
2011-05-26 11:37 . 2011-05-18 00:37 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9D1C3BD-2E7E-46D0-9CF9-54577A3E0B01}\mpengine.dll
2011-05-26 11:37 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-05-26 11:37 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-26 11:37 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-26 11:37 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-05-26 11:37 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-05-26 11:37 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-05-26 11:33 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-26 11:33 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-05-26 11:33 . 2011-02-23 05:15 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-26 11:33 . 2011-02-23 05:15 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-26 11:33 . 2011-02-23 05:15 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-26 11:33 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-05-26 11:32 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-05-26 07:26 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-20 23:15 . 2011-05-20 23:15 -------- d-----w- c:\users\James\AppData\Roaming\Razer
2011-05-20 23:13 . 2007-05-07 06:19 85504 ----a-w- c:\windows\SysWow64\DeathAdder64.cpl
2011-05-20 23:13 . 2010-09-30 12:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-05-20 23:13 . 2010-09-29 08:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-05-20 23:13 . 2009-08-10 03:25 47104 ----a-w- c:\windows\system32\drivers\CYUSB.sys
2011-05-20 23:13 . 2010-03-23 04:37 12032 ----a-w- c:\windows\system32\drivers\danew.sys
2011-05-20 23:13 . 2011-05-20 23:13 -------- d-----w- c:\program files (x86)\Razer
2011-05-14 09:26 . 2011-05-14 09:26 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-14 09:26 . 2011-05-14 09:26 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-14 09:26 . 2011-05-14 09:26 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-14 09:26 . 2011-05-14 09:26 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-14 09:26 . 2011-05-14 09:26 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-14 09:26 . 2011-05-14 09:26 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-14 09:26 . 2011-05-14 09:26 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-14 09:26 . 2011-05-14 09:26 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 23:43 . 2011-03-30 09:51 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-16 23:43 . 2011-03-30 09:51 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-16 23:43 . 2011-03-30 09:51 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-04-16 00:02 . 2011-03-30 09:21 792 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-03-30 09:26 . 2011-03-30 09:26 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2011-06-08 12:23 . 2011-06-08 12:23 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-06-09 07:30 . 2011-06-09 07:30 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-06-09 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-09 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-06-09 07:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-09 07:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-09 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-09 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-26 21:25 . 2011-06-09 07:33 55590 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-06-09 07:11 43876 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-09 07:33 43876 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-25 13:33 . 2011-06-09 07:11 10776 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4024759652-3840768782-4020672648-1001_UserData.bin
+ 2010-12-25 13:33 . 2011-06-09 07:33 10776 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4024759652-3840768782-4020672648-1001_UserData.bin
- 2010-12-26 01:34 . 2011-06-09 07:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-26 01:34 . 2011-06-09 07:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-26 01:34 . 2011-06-09 07:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-26 01:34 . 2011-06-09 07:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-26 01:34 . 2011-06-09 07:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-26 01:34 . 2011-06-09 07:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-25 13:36 . 2011-06-09 07:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 13:36 . 2011-06-09 07:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 13:36 . 2011-06-09 07:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 13:36 . 2011-06-09 07:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-09 07:08 . 2011-06-09 07:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-09 07:31 . 2011-06-09 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-09 07:08 . 2011-06-09 07:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-09 07:31 . 2011-06-09 07:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-06-08 12:23 405928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-09 07:30 405928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-06-09 07:47 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-06-09 07:22 9961472 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2010-09-16 09:37 . 2011-06-08 12:23 1425840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-09-16 09:37 . 2011-06-09 07:30 1425840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-12-26 02:39 . 2011-06-08 12:23 17747296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4024759652-3840768782-4020672648-1001-8192.dat
+ 2010-12-26 02:39 . 2011-06-09 07:30 17747296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4024759652-3840768782-4020672648-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 98304]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [2010-04-14 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-02-19 248320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips GoGear ARIA Device Manager.lnk - c:\philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2010-12-28 1611152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-16 1028096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-01 c:\windows\Tasks\HPCeeScheduleForJames.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\n1tjtog7.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-09 19:50:09
ComboFix-quarantined-files.txt 2011-06-09 07:50
ComboFix2.txt 2011-06-09 07:27
.
Pre-Run: 109,320,511,488 bytes free
Post-Run: 109,034,831,872 bytes free
.
- - End Of File - - 3FE941CC224898CF7C478765CFD1242C

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by Belahzur on Thu Jun 09, 2011 2:47 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Fri Jun 10, 2011 5:25 am

Hi i have scanned my system with ESET Online Scanner in internet explore, but i cant find the log. I copied C:\Program Files\esetonlinescanner\log.txt.
and pasted it into the 'Address area' when i cliick into my computer. it says windows cant find it. ive been looking for it but i cant find it either. the only thing with 'log' in it i found was one in C:\Program Files (x86)\ESET\ESET Online Scanner

this is all it said
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251

i dont think this is the log you are after. i am scanning it again right now to try see if i can get a log straight after

but the scan i did said it did not detect anything. could this be because i quarantined the html/fakeav.y with avira?

thanks, james

edit.
hey the second scan i did has finished the only difference from the 1st was that i only has the two check you have asked me to, i unchecked the other 1(Enable Anti-Stealth technology).

when the scan was finished, it said
Scan results
No threats found.
Scanned Files: 182638
Infected File: 0
Cleaned files: 0
Total scan time: 00:50:54
Scan status: Finished

asks if i want to uninstall and then when i click finish it goes to additional information(recommending me to purchase EST)

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by Belahzur on Fri Jun 10, 2011 1:30 pm

Hello.

Your Java needs updating!

  • Please go to Start > Control Panel, click on Java.
  • When the Java control panel opens, go into the Update tab.
  • At the bottom of that window, press the "Update Now" button and it will attempt to download the latest Java update.
  • Next, the Updater window opens, hit the Install button. It will now attempt to download the update.
  • Untick the box for installing the Yahoo Toolbar when asked.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Fri Jun 10, 2011 10:35 pm

Hi,
I got into the 'Java conel panel' but i cant find the update tab. sorry im pretty useless with computers and also does it that mean html/fakeav.y is not harmful to my computer?

edited.
my java control panel has 4 tabs general java security advanced
cheers
james

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by Belahzur on Sat Jun 11, 2011 3:15 pm

Okay do it via these instructions then.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe that you downloaded to install the newest version.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Sat Jun 11, 2011 3:57 pm

Hi,
i have succesfully installed java and also the adobe reader x

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by Belahzur on Sat Jun 11, 2011 6:36 pm

Okay. If all is fine, then your good to go.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Sun Jun 12, 2011 7:27 am

Hey, just a few questions,

So any idea what html/fakeav.y was, or if it was harmful to my laptop?
Ive scanned my system with avira again and it hasnt found it again(good sign i hope Goofy).
Also because i have quarantined i then delete it (just now)will it pose a threat to me?
& So pretty much is everything fine now?

Cheers,
james

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by Belahzur on Mon Jun 13, 2011 4:51 pm

So any idea what html/fakeav.y was, or if it was harmful to my laptop?
Nope, sounds like it could of just been an infected website since it's detected as html.
Also because i have quarantined i then delete it (just now)will it pose a threat to me?
& So pretty much is everything fine now?

Once it's quarantined, it's no threat anymore, so your good to go now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: hmtl/fakeav.y

Post by lolaplow on Tue Jun 14, 2011 2:51 am

Hey thanks for your help in solving this problem.

cheers
james

lolaplow
Novice
Novice

Posts Posts : 38
Joined Joined : 2011-06-07
Gender Gender : Male
OS OS : windows 7
Points Points : 20624
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum