Inactive After malware removal, no browsers will open

OTL logfile created on: 1/25/2012 2:16:13 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 199.00 Mb Total Space | 170.86 Mb Free Space | 85.86% Space Free | Partition Type: NTFS
Drive D: | 286.03 Gb Total Space | 137.83 Gb Free Space | 48.19% Space Free | Partition Type: NTFS
Drive E: | 11.87 Gb Total Space | 2.01 Gb Free Space | 16.90% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/21 17:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- D:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 19:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto] -- D:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto] -- D:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/31 10:45:30 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/24 12:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto] -- D:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 21:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/03 14:58:14 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/07/03 14:55:26 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/02/26 12:05:32 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/24 18:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/07/20 18:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009/06/24 12:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 12:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 12:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 12:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand] -- D:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/06/16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Launi_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\Launi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\Launi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\Launi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: D:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: D:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/wpi,version=1.4: D:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\Launi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\Launi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/19 15:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/19 02:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/19 21:52:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/19 15:58:45 | 000,000,000 | ---D | M]

[2009/12/19 15:58:24 | 000,000,000 | -H-D | M] (No name found) -- D:\Users\Launi\AppData\Roaming\Mozilla\Extensions
[2012/01/19 02:13:12 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\extensions
[2012/01/19 02:34:10 | 000,000,000 | ---D | M] (BlockSite) -- D:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012/01/19 02:34:09 | 000,000,000 | ---D | M] (Move Media Player) -- D:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\extensions\moveplayer@movenetworks.com
[2010/11/15 18:52:22 | 000,001,919 | -H-- | M] () -- D:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\searchplugins\bing-zugo.xml
[2012/01/19 23:53:47 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 07:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/06 11:09:02 | 000,000,860 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] D:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] D:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IJNetworkScanUtility] D:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] D:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] D:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\Launi_ON_D..\Run: [Akamai NetSession Interface] File not found
O4 - HKU\Launi_ON_D..\Run: [SmartAudio] D:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\Launi_ON_D..\Run: [Weather] File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\Launi_ON_D\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Launi_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Launi_ON_D\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Launi_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\restrictions present
O13:64bit: - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast") - D:\Windows\SysWow64\aswBoot.exe (AVAST Software)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 01:57:28 | 000,083,968 | ---- | C] (Esage Lab) -- D:\Users\Launi\Desktop\boot_cleaner.exe
[2012/01/21 00:11:56 | 004,713,472 | ---- | C] (AVAST Software) -- D:\Users\Launi\Desktop\aswMBR.exe
[2012/01/20 22:35:40 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2012/01/20 22:35:34 | 000,000,000 | --SD | C] -- D:\ComboFix
[2012/01/20 22:33:21 | 000,000,000 | ---D | C] -- D:\Qoobox
[2012/01/20 22:32:17 | 000,000,000 | --SD | C] -- D:\32788R22FWJFW
[2012/01/20 16:11:14 | 000,607,260 | R--- | C] (Swearware) -- D:\Users\Launi\Desktop\dds.scr
[2012/01/20 16:11:13 | 004,388,721 | R--- | C] (Swearware) -- D:\Users\Launi\Desktop\ComboFix.exe
[2012/01/19 21:53:22 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/19 21:53:17 | 000,591,192 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswSnx.sys
[2012/01/19 21:52:21 | 000,041,184 | ---- | C] (AVAST Software) -- D:\Windows\avastSS.scr
[2012/01/19 13:00:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaws.exe
[2012/01/19 13:00:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaw.exe
[2012/01/19 13:00:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\java.exe
[2012/01/19 01:46:57 | 001,572,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\quartz.dll
[2012/01/19 01:46:57 | 001,328,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\quartz.dll
[2012/01/19 01:46:57 | 000,514,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\qdvd.dll
[2012/01/19 01:46:56 | 000,366,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\qdvd.dll
[2012/01/19 01:46:52 | 001,731,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntdll.dll
[2012/01/19 01:46:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\packager.dll
[2012/01/19 01:46:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\packager.dll
[2011/12/28 00:21:17 | 000,000,000 | --SD | C] -- D:\Users\Launi\Documents\My Data Sources
[1 D:\Users\Launi\Documents\*.tmp files -> D:\Users\Launi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 00:21:40 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/01/22 21:41:00 | 000,000,908 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293915211-1608858362-1652074367-1000UA.job
[2012/01/22 21:40:35 | 2361,802,752 | -HS- | M] () -- D:\hiberfil.sys
[2012/01/22 19:50:21 | 000,000,856 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293915211-1608858362-1652074367-1000Core.job
[2012/01/21 14:02:14 | 000,800,053 | ---- | M] () -- D:\Users\Launi\Desktop\ListParts64.exe
[2012/01/21 01:54:30 | 000,000,512 | ---- | M] () -- D:\Users\Launi\Desktop\MBR.dat
[2012/01/21 00:10:04 | 004,713,472 | ---- | M] (AVAST Software) -- D:\Users\Launi\Desktop\aswMBR.exe
[2012/01/20 22:31:40 | 000,660,530 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/01/20 22:31:40 | 000,121,426 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/01/20 16:10:00 | 000,023,248 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 16:10:00 | 000,023,248 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 16:09:22 | 000,607,260 | R--- | M] (Swearware) -- D:\Users\Launi\Desktop\dds.scr
[2012/01/20 16:07:18 | 000,302,592 | ---- | M] () -- D:\Users\Launi\Desktop\ub9si5dk.exe
[2012/01/20 16:04:06 | 000,000,290 | ---- | M] () -- D:\ProgramData\hpqp.ini
[2012/01/20 15:53:16 | 004,388,721 | R--- | M] (Swearware) -- D:\Users\Launi\Desktop\ComboFix.exe
[2012/01/20 15:51:46 | 000,080,384 | ---- | M] () -- D:\Users\Launi\Desktop\MBRCheck.exe
[2012/01/20 11:50:00 | 000,001,974 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/20 11:49:59 | 000,002,441 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/19 23:54:11 | 000,001,110 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/19 23:54:11 | 000,001,098 | ---- | M] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 21:53:23 | 000,001,841 | ---- | M] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/19 21:53:22 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/19 21:53:16 | 000,000,000 | ---- | M] () -- D:\Windows\SysWow64\config.nt
[2012/01/19 13:00:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\deployJava1.dll
[2012/01/19 13:00:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaws.exe
[2012/01/19 13:00:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaw.exe
[2012/01/19 13:00:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\java.exe
[2012/01/19 12:52:43 | 000,000,332 | ---- | M] () -- D:\Windows\tasks\HPCeeScheduleForLauni.job
[2012/01/19 02:50:31 | 000,007,597 | ---- | M] () -- D:\Users\Launi\AppData\Local\Resmon.ResmonCfg
[2012/01/19 02:34:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/01/19 02:34:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/01/19 02:34:22 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/19 02:34:22 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/19 02:34:22 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/19 02:34:22 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/19 02:32:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/01/19 02:32:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/19 02:32:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/19 02:32:12 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2012/01/19 02:32:12 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/01/19 02:32:12 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/01/19 02:32:12 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/01/19 02:32:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series User Registration
[2012/01/19 02:32:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series Manual
[2012/01/19 02:32:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
[2012/01/19 02:32:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/01/19 02:09:46 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2012/01/19 02:04:07 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/01/19 02:04:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2012/01/19 01:55:31 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/01/19 00:38:23 | 000,007,624 | -H-- | M] () -- D:\ProgramData\d68fe46a
[2012/01/19 00:38:23 | 000,007,611 | -H-- | M] () -- D:\Users\Launi\AppData\Local\dced9b5a
[2012/01/19 00:38:23 | 000,007,554 | -H-- | M] () -- D:\Users\Launi\AppData\Roaming\c99f70c8
[2012/01/17 13:30:28 | 000,000,440 | -H-- | M] () -- D:\ProgramData\EBdSOq2bGoeFFR
[2012/01/17 13:26:12 | 000,000,296 | -H-- | M] () -- D:\ProgramData\~EBdSOq2bGoeFFR
[2012/01/17 13:26:12 | 000,000,176 | -H-- | M] () -- D:\ProgramData\~EBdSOq2bGoeFFRr
[2012/01/09 22:43:55 | 000,773,482 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 17:00:52 | 000,001,109 | ---- | M] () -- D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 03:26:46 | 000,002,397 | ---- | M] () -- D:\Users\Launi\Desktop\Google Chrome.lnk
[1 D:\Users\Launi\Documents\*.tmp files -> D:\Users\Launi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 14:03:12 | 000,800,053 | ---- | C] () -- D:\Users\Launi\Desktop\ListParts64.exe
[2012/01/21 01:54:30 | 000,000,512 | ---- | C] () -- D:\Users\Launi\Desktop\MBR.dat
[2012/01/20 16:11:14 | 000,302,592 | ---- | C] () -- D:\Users\Launi\Desktop\ub9si5dk.exe
[2012/01/20 16:11:14 | 000,080,384 | ---- | C] () -- D:\Users\Launi\Desktop\MBRCheck.exe
[2012/01/19 23:54:11 | 000,001,098 | ---- | C] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 23:54:10 | 000,001,110 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/19 21:53:23 | 000,001,841 | ---- | C] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/19 02:50:31 | 000,007,597 | ---- | C] () -- D:\Users\Launi\AppData\Local\Resmon.ResmonCfg
[2012/01/17 02:08:51 | 000,000,176 | -H-- | C] () -- D:\ProgramData\~EBdSOq2bGoeFFRr
[2012/01/17 02:08:50 | 000,000,296 | -H-- | C] () -- D:\ProgramData\~EBdSOq2bGoeFFR
[2012/01/17 02:08:39 | 000,000,440 | -H-- | C] () -- D:\ProgramData\EBdSOq2bGoeFFR
[2012/01/17 00:46:56 | 000,007,624 | -H-- | C] () -- D:\ProgramData\d68fe46a
[2012/01/17 00:46:56 | 000,007,611 | -H-- | C] () -- D:\Users\Launi\AppData\Local\dced9b5a
[2012/01/17 00:46:56 | 000,007,554 | -H-- | C] () -- D:\Users\Launi\AppData\Roaming\c99f70c8
[2012/01/07 17:00:52 | 000,001,109 | ---- | C] () -- D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/11/25 17:28:43 | 000,000,112 | ---- | C] () -- D:\ProgramData\5D1u43wY2.dat
[2011/11/22 00:54:02 | 000,000,296 | -H-- | C] () -- D:\ProgramData\~GPjkVrrF79bOoB
[2011/11/22 00:54:02 | 000,000,216 | -H-- | C] () -- D:\ProgramData\~GPjkVrrF79bOoBr
[2011/11/22 00:53:56 | 000,000,336 | -H-- | C] () -- D:\ProgramData\GPjkVrrF79bOoB
[2011/08/30 14:44:27 | 000,773,482 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/01 11:40:11 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2010/08/30 21:42:35 | 000,000,268 | ---- | C] () -- D:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/25 21:34:30 | 000,982,240 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2010/08/25 21:34:30 | 000,439,308 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 21:34:30 | 000,092,356 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 20:52:00 | 000,208,896 | ---- | C] () -- D:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 20:52:00 | 000,143,360 | ---- | C] () -- D:\Windows\SysWow64\iglhcp32.dll
[2010/07/16 20:11:28 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/03/31 10:30:56 | 000,001,290 | -H-- | C] () -- D:\Users\Launi\AppData\Roaming\wklnhst.dat
[2009/12/19 15:58:22 | 000,023,114 | ---- | C] () -- D:\Windows\hpqins15.dat
[2009/10/26 20:04:13 | 000,000,290 | ---- | C] () -- D:\ProgramData\hpqp.ini
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- D:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- D:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/06/03 14:14:52 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin

========== LOP Check ==========

[2001/01/02 22:37:15 | 000,000,000 | -H-D | M] -- D:\ProgramData\Alwil Software
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/11/24 16:26:39 | 000,000,000 | -H-D | M] -- D:\ProgramData\AVAST Software
[2001/01/01 03:15:49 | 000,000,000 | -H-D | M] -- D:\ProgramData\AVG Security Toolbar
[2001/01/01 03:15:49 | 000,000,000 | -H-D | M] -- D:\ProgramData\AVG10
[2012/01/19 02:03:56 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2012/01/19 02:32:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEGV
[2012/01/19 02:32:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJScan
[2010/09/09 13:59:32 | 000,000,000 | -H-D | M] -- D:\ProgramData\Cisco
[2001/01/02 22:50:13 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2001/01/01 03:15:49 | 000,000,000 | -H-D | M] -- D:\ProgramData\MFAData
[2012/01/25 00:22:00 | 000,000,000 | -H-D | M] -- D:\ProgramData\Recovery
[2011/12/07 02:01:36 | 000,000,000 | -H-D | M] -- D:\ProgramData\RegCure
[2010/12/27 16:49:45 | 000,000,000 | -H-D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/01/19 02:04:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/01/19 01:55:32 | 000,000,000 | ---D | M] -- D:\ProgramData\WildTangent
[2009/12/26 00:48:18 | 000,000,000 | -H-D | M] -- D:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/12/19 16:37:40 | 000,000,000 | ---D | M] -- D:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2010/03/30 09:57:43 | 000,000,000 | ---D | M] -- D:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2010/01/17 22:39:27 | 000,000,000 | ---D | M] -- D:\ProgramData\{B0689242-B0A0-4F2C-83E0-F3E560357B90}
[2011/10/23 21:09:59 | 000,000,000 | ---D | M] -- D:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2010/04/22 13:31:44 | 000,000,000 | ---D | M] -- D:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2011/06/19 20:19:32 | 000,000,000 | ---D | M] -- D:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2011/11/25 17:28:05 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At5.job
[2011/11/25 17:28:07 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At7.job
[2011/01/06 16:26:30 | 000,032,654 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\Launi_ON_D..\Run: [Akamai NetSession Interface] File not found
O4 - HKU\Launi_ON_D..\Run: [Weather] File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
[2012/01/19 00:38:23 | 000,007,624 | -H-- | M] () -- D:\ProgramData\d68fe46a
[2012/01/19 00:38:23 | 000,007,611 | -H-- | M] () -- D:\Users\Launi\AppData\Local\dced9b5a
[2012/01/19 00:38:23 | 000,007,554 | -H-- | M] () -- D:\Users\Launi\AppData\Roaming\c99f70c8
[2012/01/17 13:30:28 | 000,000,440 | -H-- | M] () -- D:\ProgramData\EBdSOq2bGoeFFR
[2012/01/17 13:26:12 | 000,000,296 | -H-- | M] () -- D:\ProgramData\~EBdSOq2bGoeFFR
[2012/01/17 13:26:12 | 000,000,176 | -H-- | M] () -- D:\ProgramData\~EBdSOq2bGoeFFRr
[2011/11/25 17:28:43 | 000,000,112 | ---- | C] () -- D:\ProgramData\5D1u43wY2.dat
[2011/11/22 00:54:02 | 000,000,296 | -H-- | C] () -- D:\ProgramData\~GPjkVrrF79bOoB
[2011/11/22 00:54:02 | 000,000,216 | -H-- | C] () -- D:\ProgramData\~GPjkVrrF79bOoBr
[2011/11/22 00:53:56 | 000,000,336 | -H-- | C] () -- D:\ProgramData\GPjkVrrF79bOoB
[2001/01/01 03:15:49 | 000,000,000 | -H-D | M] -- D:\ProgramData\AVG Security Toolbar
[2001/01/01 03:15:49 | 000,000,000 | -H-D | M] -- D:\ProgramData\AVG10
[2011/11/25 17:28:05 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At5.job
[2011/11/25 17:28:07 | 000,000,350 | ---- | M] () -- D:\Windows\Tasks\At7.job

:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
Okay, still working on this one. I was able to boot from the disk and run the fix, but when I try to copy the log or save it, it just closes the log window without saving. Also, although it says the fix ran successfully, I am still unable to boot Windows normally, it still launches the repair module. I have not tried safe mode. I am going to try this step again to see if I missed something. I'll keep you posted.
 
Okay, got it to copy. I had to browse to the windows folder, and that was on a different directory than I'm used to, it was on the "D:" drive instead of "C:" like I'm used to.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\Launi_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Launi_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\Launi_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\Launi_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Launi_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\LocalService_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
File D:\ProgramData\d68fe46a not found.
File D:\Users\Launi\AppData\Local\dced9b5a not found.
File D:\Users\Launi\AppData\Roaming\c99f70c8 not found.
File D:\ProgramData\EBdSOq2bGoeFFR not found.
File D:\ProgramData\~EBdSOq2bGoeFFR not found.
File D:\ProgramData\~EBdSOq2bGoeFFRr not found.
File D:\ProgramData\5D1u43wY2.dat not found.
File D:\ProgramData\~GPjkVrrF79bOoB not found.
File D:\ProgramData\~GPjkVrrF79bOoBr not found.
File D:\ProgramData\GPjkVrrF79bOoB not found.
Folder D:\ProgramData\AVG Security Toolbar\ not found.
Folder D:\ProgramData\AVG10\ not found.
File D:\Windows\Tasks\At5.job not found.
File D:\Windows\Tasks\At7.job not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 01272012_105832
 
It wouldn't boot either way, but I did notice that when I tried to boot in safe mode, it would try, and start listing the files it was loading. When it got to disk.sys it flashed a quick (fraction of a second) blue screen of death and then went to the Windows Error Recovery. If I try booting normally it shows a loading screen for a few seconds and then goes right to the Windows Error Recovery.
 
Boot back to OTLPE CD.
When you get to the desktop, start OTL again.

Under the Custom Scan box paste this in:

/md5start
disk.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
volsnap.sys
winlogon.exe
nvraid.sys
consrv.dll
winsrv.dll
svchost.exe
tcpip.sys
netbt.sys
dxgthk.sys
/md5stop


Press "Run scan".

Post new OTL log.
 
OTL logfile created on: 1/27/2012 10:22:25 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 199.00 Mb Total Space | 170.86 Mb Free Space | 85.86% Space Free | Partition Type: NTFS
Drive D: | 286.03 Gb Total Space | 137.83 Gb Free Space | 48.19% Space Free | Partition Type: NTFS
Drive E: | 11.87 Gb Total Space | 2.01 Gb Free Space | 16.90% Space Free | Partition Type: NTFS
Drive F: | 963.70 Mb Total Space | 724.69 Mb Free Space | 75.20% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/21 17:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- D:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 19:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto] -- D:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto] -- D:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/31 10:45:30 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/06 07:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/24 12:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto] -- D:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 21:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/03 14:58:14 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/07/03 14:55:26 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/02/26 12:05:32 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/24 18:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/07/20 18:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009/06/24 12:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 12:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 12:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 12:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand] -- D:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/06/16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Launi_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\Launi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\Launi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\Launi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: D:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: D:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/wpi,version=1.4: D:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\Launi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\Launi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/19 15:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/19 02:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/19 21:52:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/19 23:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/20 11:49:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/19 15:58:45 | 000,000,000 | ---D | M]

[2009/12/19 15:58:24 | 000,000,000 | -H-D | M] (No name found) -- D:\Users\Launi\AppData\Roaming\Mozilla\Extensions
[2012/01/19 02:13:12 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\extensions
[2012/01/19 02:34:10 | 000,000,000 | ---D | M] (BlockSite) -- D:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012/01/19 02:34:09 | 000,000,000 | ---D | M] (Move Media Player) -- D:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\extensions\moveplayer@movenetworks.com
[2010/11/15 18:52:22 | 000,001,919 | -H-- | M] () -- D:\Users\Launi\AppData\Roaming\Mozilla\Firefox\Profiles\b2zb9hca.default\searchplugins\bing-zugo.xml
[2012/01/19 23:53:47 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 07:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/06 11:09:02 | 000,000,860 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - D:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] D:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] D:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IJNetworkScanUtility] D:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] D:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] D:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\Launi_ON_D..\Run: [Akamai NetSession Interface] File not found
O4 - HKU\Launi_ON_D..\Run: [SmartAudio] D:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\Launi_ON_D..\Run: [Weather] File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\Launi_ON_D\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Launi_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Launi_ON_D\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Launi_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\restrictions present
O13:64bit: - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/22 19:18:56 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast") - D:\Windows\SysWow64\aswBoot.exe (AVAST Software)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 11:10:05 | 000,000,000 | ---D | C] -- D:\_OTL
[2012/01/21 01:57:28 | 000,083,968 | ---- | C] (Esage Lab) -- D:\Users\Launi\Desktop\boot_cleaner.exe
[2012/01/21 00:11:56 | 004,713,472 | ---- | C] (AVAST Software) -- D:\Users\Launi\Desktop\aswMBR.exe
[2012/01/20 22:35:40 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2012/01/20 22:35:34 | 000,000,000 | --SD | C] -- D:\ComboFix
[2012/01/20 22:33:21 | 000,000,000 | ---D | C] -- D:\Qoobox
[2012/01/20 22:32:17 | 000,000,000 | --SD | C] -- D:\32788R22FWJFW
[2012/01/20 16:11:14 | 000,607,260 | R--- | C] (Swearware) -- D:\Users\Launi\Desktop\dds.scr
[2012/01/20 16:11:13 | 004,388,721 | R--- | C] (Swearware) -- D:\Users\Launi\Desktop\ComboFix.exe
[2012/01/19 21:53:22 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/19 21:53:17 | 000,591,192 | ---- | C] (AVAST Software) -- D:\Windows\System32\drivers\aswSnx.sys
[2012/01/19 21:52:21 | 000,041,184 | ---- | C] (AVAST Software) -- D:\Windows\avastSS.scr
[2012/01/19 13:00:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaws.exe
[2012/01/19 13:00:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaw.exe
[2012/01/19 13:00:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\java.exe
[2012/01/19 01:46:57 | 001,572,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\quartz.dll
[2012/01/19 01:46:57 | 001,328,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\quartz.dll
[2012/01/19 01:46:57 | 000,514,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\qdvd.dll
[2012/01/19 01:46:56 | 000,366,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\qdvd.dll
[2012/01/19 01:46:52 | 001,731,920 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntdll.dll
[2012/01/19 01:46:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\packager.dll
[2012/01/19 01:46:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\packager.dll
[1 D:\Users\Launi\Documents\*.tmp files -> D:\Users\Launi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/25 00:21:40 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/01/22 21:41:00 | 000,000,908 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293915211-1608858362-1652074367-1000UA.job
[2012/01/22 21:40:35 | 2361,802,752 | -HS- | M] () -- D:\hiberfil.sys
[2012/01/22 19:50:21 | 000,000,856 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293915211-1608858362-1652074367-1000Core.job
[2012/01/21 14:02:14 | 000,800,053 | ---- | M] () -- D:\Users\Launi\Desktop\ListParts64.exe
[2012/01/21 01:54:30 | 000,000,512 | ---- | M] () -- D:\Users\Launi\Desktop\MBR.dat
[2012/01/21 00:10:04 | 004,713,472 | ---- | M] (AVAST Software) -- D:\Users\Launi\Desktop\aswMBR.exe
[2012/01/20 22:31:40 | 000,660,530 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/01/20 22:31:40 | 000,121,426 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/01/20 16:10:00 | 000,023,248 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 16:10:00 | 000,023,248 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/20 16:09:22 | 000,607,260 | R--- | M] (Swearware) -- D:\Users\Launi\Desktop\dds.scr
[2012/01/20 16:07:18 | 000,302,592 | ---- | M] () -- D:\Users\Launi\Desktop\ub9si5dk.exe
[2012/01/20 16:04:06 | 000,000,290 | ---- | M] () -- D:\ProgramData\hpqp.ini
[2012/01/20 15:53:16 | 004,388,721 | R--- | M] (Swearware) -- D:\Users\Launi\Desktop\ComboFix.exe
[2012/01/20 15:51:46 | 000,080,384 | ---- | M] () -- D:\Users\Launi\Desktop\MBRCheck.exe
[2012/01/20 11:50:00 | 000,001,974 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/20 11:49:59 | 000,002,441 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/19 23:54:11 | 000,001,110 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/19 23:54:11 | 000,001,098 | ---- | M] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 21:53:23 | 000,001,841 | ---- | M] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/19 21:53:22 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/19 21:53:16 | 000,000,000 | ---- | M] () -- D:\Windows\SysWow64\config.nt
[2012/01/19 13:00:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\deployJava1.dll
[2012/01/19 13:00:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaws.exe
[2012/01/19 13:00:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\javaw.exe
[2012/01/19 13:00:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\SysWow64\java.exe
[2012/01/19 12:52:43 | 000,000,332 | ---- | M] () -- D:\Windows\tasks\HPCeeScheduleForLauni.job
[2012/01/19 02:50:31 | 000,007,597 | ---- | M] () -- D:\Users\Launi\AppData\Local\Resmon.ResmonCfg
[2012/01/19 02:34:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/01/19 02:34:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/01/19 02:34:22 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/19 02:34:22 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/19 02:34:22 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/19 02:34:22 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/19 02:32:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/01/19 02:32:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/19 02:32:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/19 02:32:12 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2012/01/19 02:32:12 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/01/19 02:32:12 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/01/19 02:32:12 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 02:32:12 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/01/19 02:32:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series User Registration
[2012/01/19 02:32:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series Manual
[2012/01/19 02:32:09 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
[2012/01/19 02:32:08 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/01/19 02:09:46 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2012/01/19 02:04:07 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/01/19 02:04:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2012/01/19 01:55:31 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/01/09 22:43:55 | 000,773,482 | ---- | M] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 17:00:52 | 000,001,109 | ---- | M] () -- D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 03:26:46 | 000,002,397 | ---- | M] () -- D:\Users\Launi\Desktop\Google Chrome.lnk
[1 D:\Users\Launi\Documents\*.tmp files -> D:\Users\Launi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/21 14:03:12 | 000,800,053 | ---- | C] () -- D:\Users\Launi\Desktop\ListParts64.exe
[2012/01/21 01:54:30 | 000,000,512 | ---- | C] () -- D:\Users\Launi\Desktop\MBR.dat
[2012/01/20 16:11:14 | 000,302,592 | ---- | C] () -- D:\Users\Launi\Desktop\ub9si5dk.exe
[2012/01/20 16:11:14 | 000,080,384 | ---- | C] () -- D:\Users\Launi\Desktop\MBRCheck.exe
[2012/01/19 23:54:11 | 000,001,098 | ---- | C] () -- D:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/19 23:54:10 | 000,001,110 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/19 21:53:23 | 000,001,841 | ---- | C] () -- D:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/19 02:50:31 | 000,007,597 | ---- | C] () -- D:\Users\Launi\AppData\Local\Resmon.ResmonCfg
[2012/01/07 17:00:52 | 000,001,109 | ---- | C] () -- D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/08/30 14:44:27 | 000,773,482 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/01 11:40:11 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2010/08/30 21:42:35 | 000,000,268 | ---- | C] () -- D:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/25 21:34:30 | 000,982,240 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2010/08/25 21:34:30 | 000,439,308 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 21:34:30 | 000,092,356 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 20:52:00 | 000,208,896 | ---- | C] () -- D:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 20:52:00 | 000,143,360 | ---- | C] () -- D:\Windows\SysWow64\iglhcp32.dll
[2010/07/16 20:11:28 | 000,000,000 | ---- | C] () -- D:\Windows\nsreg.dat
[2010/03/31 10:30:56 | 000,001,290 | -H-- | C] () -- D:\Users\Launi\AppData\Roaming\wklnhst.dat
[2009/12/19 15:58:22 | 000,023,114 | ---- | C] () -- D:\Windows\hpqins15.dat
[2009/10/26 20:04:13 | 000,000,290 | ---- | C] () -- D:\ProgramData\hpqp.ini
[2009/07/15 19:50:42 | 000,013,312 | ---- | C] () -- D:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- D:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/06/03 14:14:52 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin

========== LOP Check ==========

[2001/01/02 22:37:15 | 000,000,000 | -H-D | M] -- D:\ProgramData\Alwil Software
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/11/24 16:26:39 | 000,000,000 | -H-D | M] -- D:\ProgramData\AVAST Software
[2012/01/19 02:03:56 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2012/01/19 02:32:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEGV
[2012/01/19 02:32:07 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJScan
[2010/09/09 13:59:32 | 000,000,000 | -H-D | M] -- D:\ProgramData\Cisco
[2001/01/02 22:50:13 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2001/01/01 03:15:49 | 000,000,000 | -H-D | M] -- D:\ProgramData\MFAData
[2012/01/25 00:22:00 | 000,000,000 | -H-D | M] -- D:\ProgramData\Recovery
[2011/12/07 02:01:36 | 000,000,000 | -H-D | M] -- D:\ProgramData\RegCure
[2010/12/27 16:49:45 | 000,000,000 | -H-D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/01/19 02:04:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/01/19 01:55:32 | 000,000,000 | ---D | M] -- D:\ProgramData\WildTangent
[2009/12/26 00:48:18 | 000,000,000 | -H-D | M] -- D:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/12/19 16:37:40 | 000,000,000 | ---D | M] -- D:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2010/03/30 09:57:43 | 000,000,000 | ---D | M] -- D:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2010/01/17 22:39:27 | 000,000,000 | ---D | M] -- D:\ProgramData\{B0689242-B0A0-4F2C-83E0-F3E560357B90}
[2011/10/23 21:09:59 | 000,000,000 | ---D | M] -- D:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2010/04/22 13:31:44 | 000,000,000 | ---D | M] -- D:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2011/06/19 20:19:32 | 000,000,000 | ---D | M] -- D:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
[2011/01/06 16:26:30 | 000,032,654 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/08/03 22:07:42 | 000,042,368 | R--- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- D:\Windows\system64\DRIVERS\AGP440.SYS
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2004/08/03 20:07:00 | 000,095,360 | R--- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\Windows\system64\DRIVERS\ATAPI.SYS

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2004/08/03 20:07:00 | 000,036,352 | R--- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- D:\Windows\system64\DRIVERS\DISK.SYS
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\System32\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- D:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: DXGTHK.SYS >
[2004/08/03 20:07:00 | 000,003,328 | R--- | M] (Microsoft Corporation) MD5=A73F5D6705B1D820C19B18782E176EFD -- D:\Windows\system64\DRIVERS\DXGTHK.SYS

< MD5 for: EVENTLOG.DLL >
[2004/08/03 20:07:00 | 000,055,808 | R--- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\Windows\system64\EVENTLOG.DLL

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETBT.SYS >
[2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- D:\Windows\System32\drivers\netbt.sys
[2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- D:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2004/08/03 20:07:00 | 000,162,816 | R--- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- D:\Windows\system64\DRIVERS\NETBT.SYS

< MD5 for: NETLOGON.DLL >
[2004/08/03 20:07:00 | 000,407,040 | R--- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\Windows\system64\NETLOGON.DLL
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011/03/11 01:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- D:\Windows\System32\drivers\nvraid.sys
[2011/03/11 01:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011/03/11 01:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010/11/20 08:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010/11/20 08:33:48 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011/03/11 01:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2004/08/03 20:07:00 | 000,180,224 | R--- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\Windows\system64\SCECLI.DLL
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 08:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- D:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2004/08/03 20:07:00 | 000,014,336 | R--- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- D:\Windows\system64\SVCHOST.EXE
[2011/12/24 19:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\System32\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- D:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/09/29 12:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 08:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/04/25 00:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2004/08/03 20:07:00 | 000,359,040 | R--- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- D:\Windows\system64\DRIVERS\TCPIP.SYS
[2011/06/21 01:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/04/25 01:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 01:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 11:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- D:\Windows\System32\drivers\tcpip.sys
[2011/09/29 11:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- D:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004/08/03 20:07:00 | 000,024,576 | R--- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\Windows\system64\USERINIT.EXE
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- D:\Windows\System32\drivers\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- D:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- D:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2004/08/03 20:07:00 | 000,052,352 | R--- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- D:\Windows\system64\DRIVERS\VOLSNAP.SYS

< MD5 for: WINLOGON.EXE >
[2004/08/03 20:07:00 | 000,502,272 | R--- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\Windows\system64\WINLOGON.EXE
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011/12/24 19:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSRV.DLL >
[2010/12/17 06:42:18 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=15822E7206C7A0A893395CB07A63C7E1 -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17527_none_149ccd03b2fa27e2\winsrv.dll
[2011/05/14 02:11:21 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=1A589228B6DC007120F877DBBD6CB79D -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21728_none_15276bfecc16de2a\winsrv.dll
[2011/05/14 02:24:33 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=3A8135A7DED2FA0DAD3BDE1B14865A8A -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17617_none_14a79ed5b2f20918\winsrv.dll
[2004/08/03 20:07:00 | 000,290,816 | R--- | M] (Microsoft Corporation) MD5=442D0EAD5534E4ADCF6D4469043C82C0 -- D:\Windows\system64\WINSRV.DLL
[2011/06/03 02:01:31 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=5AA1C7B5F471C4657BE38447BC397665 -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21738_none_151c9c12cc1efa1b\winsrv.dll
[2011/06/03 01:57:44 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=9F761CE1C6C013120B2F0DB27D48C06F -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17625_none_149ace55b2fbf25b\winsrv.dll
[2010/12/18 03:52:02 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=A199CC08A13EEB667412423F712FE817 -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21624_none_152368f0cc1a7ba7\winsrv.dll
[2011/06/24 00:27:05 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=C13D05A015346DED3D722BE285814495 -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll
[2010/11/20 08:27:28 | 000,214,016 | ---- | M] (Microsoft Corporation) MD5=E0406AEF04B088D1C49FC78D0546F689 -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2011/06/24 00:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- D:\Windows\System32\winsrv.dll
[2011/06/24 00:34:53 | 000,214,528 | ---- | M] (Microsoft Corporation) MD5=EB6A48CC998E1090E44E8E7F1009A640 -- D:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll
< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\Launi_ON_D\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\Launi_ON_D..\Run: [Akamai NetSession Interface] File not found
O4 - HKU\Launi_ON_D..\Run: [Weather] File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found


:Services

:Reg

:Files
D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe


:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
Still couldn't reboot to windows, either in safe mode or normal.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_USERS\Launi_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\Launi_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\Launi_ON_D\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\Launi_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Launi_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\LocalService_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe moved successfully.
D:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe moved successfully.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 01282012_090516
 
I repeated the steps in #23. Both completed successfully, and computer still won't boot. Same result. Still crashes on the disk.sys file when trying to boot in safe mode.
 
At this point I see no other option but to back up your data and reinstall Windows.
I'm sorry. We tried.
 
I totally understand. Is there a good way to back up the data without saving the virus/malware? Thank you so much for all your help, I really, really appreciate your kindness.
 
Back up whatever you want but make sure that after reinstallation, updating Windows, installing AV program etc. you scan all backed up files with your AV program before putting them back.
 
Back