TechSpot

DDS not running- 5-step viruses/spyware/malware preliminary removal instructions

By Jack Johnson
Feb 27, 2012
  1. Hi there,

    Total noob here...been researching these forum for ages now to find a solution.
    AVG anti-virus is endlessly battling "Trojan Horse Crypt.AQLW". The symptoms of my problem: AVG Free anti-virus continues to identify and remove files which are classified as "Trojan Horse Crypt.AQLW" from time to time. The names of the files vary, but most are detected in the "Windows\system32\" directory.

    From my research on your forums, I followed the 5 step Viruses/Spyware/Malware Preliminary Removal Instructions --> Very awesome, thanks for it.

    Only problem is I get to running the DDS, it briefly flash's a page that disappears. No log/s is created. I disabled my AVG when doing this but it still does this.

    I successfully created logs for MBAM and GMER, I shall post those results in my next message. But want to know what I must do now with DDS not working? Is there a way to get DDS running? Or should I use another program?

    Would GREATLY appreciate any direction on this...very worried about this trojan.

    :grinthumb Thanks in advance for any help.
     
  2. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    GMER and MBAM log

    GMER LOG

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-27 08:06:45
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-60ZCT1 rev.13.01A13
    Running: 58bfqs9w.exe; Driver: C:\Users\THEPER~1\AppData\Local\Temp\uwddipow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process (*** hidden *** ) 1440

    ---- EOF - GMER 1.0.15 ----


    MBAM LOG

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.27.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    The Perrrys :: LYLEPERRY [administrator]

    2012/02/27 07:39:08 AM
    mbam-log-2012-02-27 (07-39-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195470
    Time elapsed: 11 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 4
    HKCU\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\svchost (Trojan.Backdoor) -> Quarantined and deleted successfully.

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, let's try this for DDS:

    Please download this file: xp_scr_fix

    Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

    You should then be able to run DDS.scr.It's the .scr file extension causing the problem. Please let me know if that doesn't work- otherwise leave the 2 logs from DDS with others in your next reply.
    --------------------------
    A concern is the presence of the Backdoor.Bot:

    What is a Backdoor.bot?

    And yes- it makes Registry changes to the firewall, the Security Center. It can do or cause:
    1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
    2. Data theft (e.g. retrieving passwords or credit card information)
    3. Installation of software, including third-party malware
    4. Downloading or uploading of files on the user's computer
    5. Modification or deletion of files
    6. Keystroke logging
    7. Watching the user's screen
    8. Wasting the computer's storage space
    9. Crashing the computer

    Being advised of this, would you rather consider a reformat/reinstall instead of an attempt to clean which may not find or remove all if it's code?

    ===============================================
    If you decide to continue, go ahead and also run the following :
    I'd like you to run Combofix- but it won't run with AVG. You will need to temporarily uninstall AVG as follows:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Microsoft Security Essentials
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ======================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.

    Leave the 2 logs from DDS, the Combofix log and the Eset online virus scan in your next reply.
     
  4. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    I am running Vista, not XP.

    Will that "xp_scr_fix" file still work? Didn't want to use it and it creates an issue.
    --> Will wait for your confirmation before I run that file.

    Thanks for the prompt response!

    ---------> Found a Vista scr file association fix, and installed it, but still same problem with the DDS unfortunately (even tried it without AVG protection on). Must I continue with your instruction regarding Combofix and Eset? Or is there another way to get the DDS to run?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry- use this instead: Vista

    Same directions: Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
    ---------------------------
    If it still won't run, please go ahead with Combofix and Eset.
     
  6. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    ComboFix Log Part 1

    ComboFix 12-02-29.01 - The Perrrys 2012/02/29 13:35:24.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.27.1033.18.2974.2076 [GMT -8:00]
    Running from: c:\users\The Perrrys\Downloads\ComboFix.exe
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\The Perrrys\AppData\Roaming\AdVantage
    c:\users\The Perrrys\AppData\Roaming\Google Talk
    c:\users\The Perrrys\g2mdlhlpx.exe
    c:\windows\$NtUninstallKB62280$\2795644948
    c:\windows\$NtUninstallKB62280$\485945278\@
    c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
    c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
    c:\windows\$NtUninstallKB62280$\485945278\L\qnbwvoto
    c:\windows\$NtUninstallKB62280$\485945278\oemid
    c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
    c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
    c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
    c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
    c:\windows\$NtUninstallKB62280$\485945278\version
    c:\windows\system32\irda.dll
    c:\windows\$NtUninstallKB62280$ . . . . Failed to delete
    .
    Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-29 21:49 . 2012-02-29 21:55 -------- d-----w- c:\users\The Perrrys\AppData\Local\temp
    2012-02-29 21:49 . 2012-02-29 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-29 20:42 . 2012-02-09 21:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{601F22AA-E1C5-4F64-9132-44C9A5ADDC37}\gapaengine.dll
    2012-02-29 20:40 . 2012-02-20 09:05 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E70FFBA5-C55C-4367-A381-C39984140E10}\mpengine.dll
    2012-02-29 20:31 . 2012-02-29 20:31 -------- d-----w- c:\program files\Microsoft Security Client
    2012-02-29 20:30 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-02-29 20:15 . 2012-02-29 20:15 -------- d-----w- c:\programdata\MFAData
    2012-02-27 15:38 . 2012-02-27 15:38 -------- d-----w- c:\users\The Perrrys\AppData\Roaming\Malwarebytes
    2012-02-27 15:37 . 2012-02-27 15:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-27 15:37 . 2012-02-27 15:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-27 15:37 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-27 04:20 . 2012-02-29 21:13 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-19 18:34 . 2012-02-19 18:34 -------- d-----w- c:\users\The Perrrys\AppData\Roaming\Sigwich
    2012-02-19 18:33 . 2012-02-19 18:33 -------- d-----w- c:\program files\Sigwich
    2012-02-18 18:25 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2012-02-18 18:22 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2012-02-18 18:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2012-02-18 18:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2012-02-18 18:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2012-02-18 18:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2012-02-17 14:45 . 2012-02-18 17:51 -------- d-----r- c:\users\The Perrrys\Dropbox
    2012-02-17 14:42 . 2012-02-18 17:51 -------- d-----w- c:\users\The Perrrys\AppData\Roaming\Dropbox
    2012-02-13 01:24 . 2012-02-22 23:11 -------- d-----w- c:\program files\PeerBlock
    2012-02-10 23:32 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2012-02-10 23:32 . 2012-02-10 23:32 -------- d-----w- c:\program files\K-Lite Codec Pack
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-27 04:20 . 2011-06-14 19:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-31 12:44 . 2010-08-26 07:24 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-14 16:26 . 2011-05-09 17:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2009-04-10 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\drivers\atapi.sys
    [7] 2009-04-10 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [7] 2009-04-10 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [7] 2009-03-11 . E26DDFE464B464DAF1C739122978D1D6 . 21560 . . [6.0.6000.20847] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
    [7] 2009-03-11 . E26DDFE464B464DAF1C739122978D1D6 . 21560 . . [6.0.6000.20847] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
    [7] 2009-03-11 . 9C0E70031905ADBF94EDB9EA14AF943B . 21560 . . [6.0.6001.22193] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
    [7] 2009-03-11 . 9C0E70031905ADBF94EDB9EA14AF943B . 21560 . . [6.0.6001.22193] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
    [7] 2008-01-21 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [7] 2008-01-21 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
    .
    [7] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys
    [7] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f\asyncmac.sys
    .
    [7] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys
    [7] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
    .
    [7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\drivers\kbdclass.sys
    [7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys
    [7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\kbdclass.sys
    [7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys
    [7] 2008-01-21 . 37605E0A8CF00CBBA538E753E4344C6E . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\kbdclass.sys
    [7] 2008-01-21 . B076B2AB806B3F696DAB21375389101C . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys
    [7] 2008-01-21 . C9B0CF786D5F151A43C7BE8E243F2819 . 35384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys
    [7] 2006-11-02 . 1A48765F92BA1A88445FC25C9C9D94FC . 32872 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys
    .
    [7] 2009-04-10 . 1357274D1883F68300AEADD15D7BBB42 . 527848 . . [6.0.6002.18005] . . c:\windows\System32\drivers\ndis.sys
    [7] 2009-04-10 . 1357274D1883F68300AEADD15D7BBB42 . 527848 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
    [7] 2008-01-21 . 9BDC71790FA08F0A0B5F10462B1BD0B1 . 529464 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
    .
    [7] 2009-04-10 . 6A4A98CEE84CF9E99564510DDA4BAA47 . 1083880 . . [6.0.6000.16386] . . c:\windows\System32\drivers\ntfs.sys
    [7] 2009-04-10 . 6A4A98CEE84CF9E99564510DDA4BAA47 . 1083880 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
    [7] 2008-01-21 . B4EFFE29EB4F15538FD8A9681108492D . 1081912 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
    .
    [7] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys
    [7] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\null.sys
    .
    [7] 2011-09-20 . 814A1C66FBD4E1B310A517221F1456BF . 905088 . . [6.0.6002.18519] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
    [7] 2011-09-20 . 16731B631F28F63CD9F4CB60940E7DDD . 913280 . . [6.0.6002.22719] . . c:\windows\System32\drivers\tcpip.sys
    [7] 2011-09-20 . 16731B631F28F63CD9F4CB60940E7DDD . 913280 . . [6.0.6002.22719] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
    [7] 2010-06-16 . 6A10AFCE0B38371064BE41C1FBFD3C6B . 912776 . . [6.0.6002.22425] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
    [7] 2010-06-16 . A474879AFA4A596B3A531F3E69730DBF . 905088 . . [6.0.6002.18272] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
    [7] 2010-06-16 . 782568AB6A43160A159B6215B70BCCE9 . 898952 . . [6.0.6001.18493] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
    [7] 2010-06-16 . 6216A954ED7045B62880A92D6C9B9FC7 . 902032 . . [6.0.6001.22713] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
    [7] 2010-04-05 . CC9993701AC57F995554C696DDA49C12 . 910208 . . [6.0.6002.22377] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
    [7] 2010-04-05 . A6A02EF5B5E40FBD31A1ADC577DA54BB . 902024 . . [6.0.6001.22665] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
    [7] 2009-08-15 . 2512B4D1353370D6688B1AF1F5AFA1CF . 816640 . . [6.0.6000.21108] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
    [7] 2009-08-14 . 8A7AD2A214233F684242F289ED83EBC3 . 897608 . . [6.0.6001.18311] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
    [7] 2009-08-14 . 2608E71AAD54564647D4BB984E1925AA . 900168 . . [6.0.6001.22497] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
    [7] 2009-08-14 . FF71856BD4CD6D4367F9FD84BE79A874 . 905784 . . [6.0.6002.22200] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
    [7] 2009-08-14 . 65877AA1B6A7CB797488E831698973E9 . 904776 . . [6.0.6002.18091] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
    [7] 2009-08-14 . 300208927321066EA53761FDC98747C6 . 813568 . . [6.0.6000.16908] . . c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
    [7] 2009-04-10 . 0E6B0885C3D5E4643ED2D043DE3433D8 . 897000 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
    [7] 2009-03-11 . 82E266BEE5F0167E41C6ECFDD2A79C02 . 891448 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
    [7] 2009-03-11 . 01EC1E92595F839BEE70D439C46796E3 . 891448 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
    [7] 2008-01-21 . FC6E2835D667774D409C7C7021EAF9C4 . 891448 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
    .
    [7] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll
    [7] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6001.18000_none_78e926b99dfe756d\browser.dll
    .
    [7] 2011-11-16 . A3E186B4B935905B829219502557314E . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe
    [7] 2011-11-16 . A3E186B4B935905B829219502557314E . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18541_none_a806cc745a10ffad\lsass.exe
    [7] 2011-11-16 . EBFAEB786C46B407930811F94F08877D . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22742_none_a8916b6f732db5f5\lsass.exe
    [7] 2009-09-10 . D09A5DA84B7C9CA9B02EBCD7FAE41C8D . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
    [7] 2009-09-10 . 2D3AC5E7AC01E905F3ABD2D745FE3A9B . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
    [7] 2009-09-09 . CB7E838C140B4087B2DA323F2D4523C5 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
    [7] 2009-06-15 . C731B1FE449D4E9CEA358C9D55B69BE9 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
    [7] 2009-06-15 . 6F1F23D3599EAE17734451936B7F17C6 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
    [7] 2009-06-15 . BA9A67672E025078C77967731BCFC560 . 7680 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
    [7] 2009-06-15 . A911ECAC81F94ADEAFBE8E3F7873EDB0 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
    [7] 2009-06-15 . 203D86EBD6D8E4C8501B222421E81506 . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
    [7] 2009-06-15 . 3978F3540329E16C0AC3BCF677E5669F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
    [7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
    [7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
    [7] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
    .
    [7] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll
    [7] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll
    .
    [7] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\System32\comres.dll
    [7] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll
    .
    [7] 2009-04-10 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll
    [7] 2009-04-10 . 93952506C6D67330367F7E7934B6A02F . 758784 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
    [7] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
    .
    [7] 2009-04-10 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll
    [7] 2009-04-10 . 3B5B4D53FEC14F7476CA29A20CC31AC9 . 550400 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
    [7] 2009-03-03 . 301AE00E12408650BADDC04DBC832830 . 551424 . . [6.0.6001.18226] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
    [7] 2009-03-03 . 4DFCBDEF3CCAA98F99038DED78945253 . 551424 . . [6.0.6001.22389] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
    [7] 2009-03-03 . 7B981222A257D076885BFFB66F19B7CE . 549888 . . [6.0.6000.16830] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
    [7] 2009-03-03 . B1BB45E24717A7F790B4411C4446EF5E . 550400 . . [6.0.6000.21023] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll
    [7] 2008-01-21 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
    .
    [7] 2009-04-10 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\System32\services.exe
    [7] 2009-04-10 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [7] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    .
    [7] 2010-08-17 . AAE98B295E88D439A6E0F6E8929424FB . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
    [7] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe
    [7] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
    [7] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
    [7] 2010-08-17 . E807FC542C295BA256CE3567829E02A6 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
    [7] 2009-04-10 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
    [7] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
    .
    [7] 2009-04-10 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe
    [7] 2009-04-10 . 898E7C06A350D4A1A64A9EA264D55452 . 314368 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [7] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
    .
    [7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\System32\wuauclt.exe
    [7] 2009-08-07 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
    [7] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe
    [7] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6002.18005_none_a23e523a31a1ed4c\wuauclt.exe
    [7] 2006-11-02 . FF81090B6EF1A42A19DF226632711D25 . 41472 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe
    .
    [7] 2009-04-10 . 76B06EB8A01FC8624D699E7045303E54 . 72192 . . [6.0.6002.18005] . . c:\windows\System32\drivers\tdx.sys
    [7] 2009-04-10 . 76B06EB8A01FC8624D699E7045303E54 . 72192 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
    [7] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
    .
    [7] 2010-09-02 . 542A806C74798410ADA0623B9E745C38 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.22480_none_3bb5b9b7ee7c46da\comctl32.dll
    [7] 2010-09-02 . 2429BBFFCE9EDB193232DE902F88C688 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.22480_none_45f1fca2222ab96c\comctl32.dll
    [7] 2010-09-02 . 63A65EA959BD32B01F02E847CB16C63D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.22480_none_8ada5c8366e90385\comctl32.dll
    [7] 2010-09-01 . FFBE05ED8338B17940DEA55FA6BC6F03 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.22755_none_39f4b905f1391c96\comctl32.dll
    [7] 2010-09-01 . 168B034C75B85AFD667AC8D0C9003312 . 1685504 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.22755_none_4612924c21dcda90\comctl32.dll
    [7] 2010-09-01 . 640C4514157B3C6FE1E05B135FCB95B4 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.22755_none_8a5499024dc7b801\comctl32.dll
    [7] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll
    [7] 2010-08-31 . DC8891A9203810FC994E7FCCF76E94C8 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6002.18305_none_3b879dbed519463b\comctl32.dll
    [7] 2010-08-31 . BE3C082837866C4C291ADAF163C10EA6 . 1686016 . . [6.10] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    [7] 2010-08-31 . 35ACD5EA63D75E97DD0E9A1629E582B2 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
    [7] 2010-08-31 . 457366B876CEAB9E92DDF976B8520CB6 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18523_none_39898984d804f924\comctl32.dll
    [7] 2010-08-31 . D702B4E30B31BFCAB7BD4E5965C1A5DC . 1684480 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
    [7] 2010-08-31 . E402A6E79D1E4DBFEBA8B364C67A3158 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\comctl32.dll
    [7] 2009-04-10 . 0C2236FB7195A1CF2A632D530349E673 . 1686016 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    [7] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\comctl32.dll
    [7] 2008-01-21 . 58D3C1519096F3D9E07EEC5F5FC64885 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll
    [7] 2008-01-21 . A5BB4537004C8DCC096A952EF1E20FE9 . 1684480 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
    [7] 2006-11-02 . B28A9B2300A250B703D44C1759AF2605 . 1648128 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
    [7] 2006-11-02 . 4A05089F43041903A3C523A3C16E3350 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
    .
    [7] 2009-04-10 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll
    [7] 2009-04-10 . FB27772BEAF8E1D28CCD825C09DA939B . 129024 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll
    [7] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
    .
    [7] 2009-04-10 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\System32\es.dll
    [7] 2009-04-10 . 67058C46504BC12D821F38CF99B7B28F . 268800 . . [2001.12.6932.18005] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
    [7] 2009-03-11 . 7B4971C3D43525175A4EA0D143E0412E . 268800 . . [2001.12.6930.16677] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
    [7] 2009-03-11 . 131B7E46A7ACD49CB56BB03917A76DE3 . 268800 . . [2001.12.6930.20818] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
    [7] 2009-03-11 . 3CB3343D720168B575133A0A20DC2465 . 269312 . . [2001.12.6931.18057] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
    [7] 2009-03-11 . 776D75AF432C598068CC933C7421171B . 269312 . . [2001.12.6931.22162] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
    [7] 2008-01-21 . F4BF4FA769DB51B106D2B4B35256988B . 262144 . . [2001.12.6931.18000] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll
    .
    [7] 2009-04-10 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\System32\imm32.dll
    [7] 2009-04-10 . C8BDCECEE082B54F0BAC838BF0A34597 . 114688 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6002.18005_none_5e419722778cc84e\imm32.dll
    [7] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
    .
    [7] 2011-04-12 . 574B473FACAA0E91702B86578440B525 . 892416 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll
    [7] 2011-04-12 . 574B473FACAA0E91702B86578440B525 . 892416 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
    [7] 2011-04-12 . 7062DEB220FA1CCB1B65FC40D6E7D807 . 893440 . . [6.0.6002.22625] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
    [7] 2011-04-12 . 306835D4E74E49A5D10F0FCA0B422EB1 . 890368 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
    [7] 2011-04-12 . 497A2DA8181560B3E2F8FFE0092FD1E6 . 892928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
    [7] 2009-04-10 . BB8509089E7DF514310814E1B2593FFC . 891392 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
    [7] 2008-01-21 . DC2338093F91BA4E0512208E60206DDD . 888320 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
    .
    [7] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll
    [7] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.0.6000.16386_none_362e7020a86900de\linkinfo.dll
    .
    [7] 2011-02-16 . 08F5BC2DC64C4D97931A28058F238D80 . 23552 . . [6.0.6002.22589] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22589_none_abf5b7af710301e2\lpk.dll
    [7] 2011-02-16 . 0F1AF051D2B58411341B70360852AA36 . 23552 . . [6.0.6001.22854] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22854_none_aa2ab41973c8da38\lpk.dll
    [7] 2011-01-08 . 9259B5AD10104BB0847013A70A0A6F32 . 23552 . . [6.0.6002.22566] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22566_none_ac0856a970f57dfb\lpk.dll
    [7] 2011-01-08 . 53B04A1B4BB0C84B063AA7219083FC16 . 23552 . . [6.0.6001.22830] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22830_none_aa3c52c973bc3cfa\lpk.dll
    [7] 2009-10-19 . 7BE32E67440BB5B2205C5402A2FBDE25 . 24064 . . [6.0.6000.16939] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\lpk.dll
    [7] 2009-10-19 . 1C8BB8BB211F8ADB8E51FC2FF5C411D6 . 24064 . . [6.0.6000.21142] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21142_none_a84d1555769c394e\lpk.dll
    [7] 2009-10-19 . 6223ACDEE46548B706EE8E8C51A985B0 . 23552 . . [6.0.6001.22544] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22544_none_aa357e5373c0c6d2\lpk.dll
    [7] 2009-10-19 . 7ABEC59B0338BAA1261190B89B2B90E6 . 23552 . . [6.0.6002.22247] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22247_none_ac1ef11970e467fb\lpk.dll
    [7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\System32\lpk.dll
    [7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18124_none_aba7f34857b9444a\lpk.dll
    [7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18371_none_ab6ee69a57e47e48\lpk.dll
    [7] 2009-06-15 . EB0E02749CE5C488741C9A0ABEAB5DEC . 23552 . . [6.0.6002.18051] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34\lpk.dll
    [7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk.dll
    [7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\lpk.dll
    [7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18579_none_a990751c5ab6f6b5\lpk.dll
    [7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18599_none_a97ad5445ac72e97\lpk.dll
    [7] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18005_none_abbe918457a82898\lpk.dl
     
  7. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    Combofix log part 2

    .
    [7] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] . . c:\windows\System32\mshtml.dll
    [7] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16441_none_d320adb4601df910\mshtml.dll
    [7] 2011-12-14 . A29CFD4B9F6F2BBE06C8D64B6D07F1D4 . 12282368 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20546_none_d3af4bf17937178d\mshtml.dll
    [7] 2011-04-30 . 4DEF8126CABAA6CDC12103CD74C6A919 . 12268544 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16421_none_d3364d8c600dc12e\mshtml.dll
    [7] 2011-02-22 . 6D30A34B029176D86EC04ECE6C0F62B1 . 5964800 . . [8.00.6001.23143] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23143_none_f68d6e49513241ee\mshtml.dll
    [7] 2011-02-22 . AA411AEF2476D251078F9C9F0478C142 . 5962240 . . [8.00.6001.19048] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19048_none_f608d2f0381020d7\mshtml.dll
    [7] 2010-12-20 . 95EBCD2CDF46F9A6BB78DAE06F8ADE4B . 3609088 . . [7.00.6002.22551] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.22551_none_157e1f4738950127\mshtml.dll
    [7] 2010-12-20 . FE3D85204E2F667D0DCB5C181F34F00B . 3608064 . . [7.00.6002.18357] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18357_none_14fa82521f71fc40\mshtml.dll
    [7] 2010-12-20 . CE50EF0D385A84B71844ACF14B1DF0E9 . 3592192 . . [7.00.6001.18565] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18565_none_13073e0422559338\mshtml.dll
    [7] 2010-12-20 . 26143069DAB2D1825D4EA7D2ABDFC2D2 . 3593216 . . [7.00.6001.22816] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22816_none_13c7ee813b49baf2\mshtml.dll
    [7] 2010-12-18 . 0DA63A2B1D6D55E6005F4552D22E7BBE . 5962240 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.23111_none_f6abdd79511bbb6d\mshtml.dll
    [7] 2010-12-18 . 42B87D22378C1EF98F3B6F410C2670AA . 5961216 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.19019_none_f62a42fe37f6e65b\mshtml.dll
    [7] 2009-04-10 . A4D04D404AFC1D30EDA01EE50D27AA51 . 3596288 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6002.18005_none_152e8ba81f4b4668\mshtml.dll
    [7] 2009-03-11 . 863FBEECA377800B2AFA4F8E972BEBC0 . 3593216 . . [7.00.6000.16788] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16788_none_110e58cc253c9192\mshtml.dll
    [7] 2009-03-11 . 616EA8D014AF07FB1DC97B7432794AA6 . 3594752 . . [7.00.6000.20973] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20973_none_119dc5f73e5693df\mshtml.dll
    [7] 2009-03-11 . 8ECFDD5549AD28191D8594C80D4001E8 . 3578880 . . [7.00.6001.18183] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18183_none_12ef96002267a3d0\mshtml.dll
    [7] 2009-03-11 . 20348C5C94D7D4A0D9AA12FBAA698514 . 3579392 . . [7.00.6001.22328] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22328_none_13bf15ab3b5017ce\mshtml.dll
    [7] 2009-03-11 . 8B03B6121C4A55BF48B56BFAF962F879 . 3593216 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16764_none_111ff77c252ff454\mshtml.dll
    [7] 2009-03-11 . CF807C36C2E1984104D173B9DE1BCBCD . 3595264 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20937_none_11cd06cf3e328977\mshtml.dll
    [7] 2009-03-11 . B1AE727959358E4FE72D7FE6DC6736E8 . 3578880 . . [7.00.6001.18157] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18157_none_131406ec224bb559\mshtml.dll
    [7] 2009-03-11 . 6D4AAAAAEB494F78610AE792EC6B3E77 . 3579392 . . [7.00.6001.22288] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22288_none_137e343d3b80c24d\mshtml.dll
    [7] 2009-03-11 . 3AE6072A86AD8049DD133DB40F73F0C8 . 3591680 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16643_none_113495242520a5f4\mshtml.dll
    [7] 2009-03-11 . ED2588D1864319C54E79443130A8004B . 3593728 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20777_none_11a1c3533e52feed\mshtml.dll
    [7] 2009-03-11 . 9C4091CD321D6D8BCF9842F109EE574B . 3578368 . . [7.00.6001.18023] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18023_none_133073a22236ff03\mshtml.dll
    [7] 2009-03-11 . 977C356E655F357665310C0C95D0DBD4 . 3578368 . . [7.00.6001.22120] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22120_none_13b70f8f3b5752c8\mshtml.dll
    [7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
    [7] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18000_none_1343129c22297b1c\mshtml.dll
    .
    [7] 2011-12-14 . 17AF64D727545F2804F6E6D998327E3F . 680448 . . [7.0.6002.18551] . . c:\windows\System32\msvcrt.dll
    [7] 2011-12-14 . 17AF64D727545F2804F6E6D998327E3F . 680448 . . [7.0.6002.18551] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18551_none_d306a7e69c340115\msvcrt.dll
    [7] 2011-12-14 . A807F65718C263442F0C3613F9BFD267 . 680448 . . [7.0.6002.22755] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.22755_none_d39447bfb54e0362\msvcrt.dll
    [7] 2009-04-10 . F5E991236960137B1F5449C5E5DF4656 . 679936 . . [7.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll
    [7] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll
    .
    [7] 2009-04-10 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll
    [7] 2009-04-10 . 8617350C9B590B63E620881092751BCB . 223232 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
    [7] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
    .
    [7] 2009-04-10 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll
    [7] 2009-04-10 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
    [7] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
    .
    [7] 2009-04-10 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll
    [7] 2009-04-10 . 9A7F4B2EDACD11444D048AA19CBB26AF . 98816 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6002.18005_none_a505176cf9fa2abd\powrprof.dll
    [7] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll
    .
    [7] 2009-04-10 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll
    [7] 2009-04-10 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
    [7] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
    .
    [7] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll
    [7] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll
    .
    [7] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe
    [7] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    .
    [7] 2009-04-10 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll
    [7] 2009-04-10 . D7673E4B38CE21EE54C59EEEB65E2483 . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6002.18005_none_e52851e7e21463cb\tapisrv.dll
    [7] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\tapisrv.dll
    .
    [7] 2009-04-10 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll
    [7] 2009-04-10 . 75510147B94598407666F4802797C75A . 627712 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
    [7] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
    .
    [7] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe
    [7] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    .
    [7] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] . . c:\windows\System32\wininet.dll
    [7] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16441_none_c1c68e95dfc78fda\wininet.dll
    [7] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20546_none_c2552cd2f8e0ae57\wininet.dll
    [7] 2011-04-30 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16421_none_c1dc2e6ddfb757f8\wininet.dll
    [7] 2011-02-22 . B3A938D522F085171387FEF112AEECF5 . 919552 . . [8.00.6001.23143] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23143_none_e5334f2ad0dbd8b8\wininet.dll
    [7] 2011-02-22 . 047CDEFF94B63F0A4791372B47427B60 . 916480 . . [8.00.6001.19048] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19048_none_e4aeb3d1b7b9b7a1\wininet.dll
    [7] 2010-12-20 . AC0D9A507894509CF6D23F1CE876BA4F . 842240 . . [7.00.6002.22551] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22551_none_04240028b83e97f1\wininet.dll
    [7] 2010-12-20 . 072213E1604D843D3230EE61663466A4 . 834048 . . [7.00.6002.18357] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18357_none_03a063339f1b930a\wininet.dll
    [7] 2010-12-20 . 97CFAF0C9083BF808F5B3B609C055205 . 833024 . . [7.00.6001.18565] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18565_none_01ad1ee5a1ff2a02\wininet.dll
    [7] 2010-12-20 . 0A2382C16E9F1D607CDF05C62810212F . 841728 . . [7.00.6001.22816] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22816_none_026dcf62baf351bc\wininet.dll
    [7] 2010-12-18 . 7D6AACE6BF60B5A1D572E082DEC9F0F0 . 919552 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.23111_none_e551be5ad0c55237\wininet.dll
    [7] 2010-12-18 . 74BCC23D622F32DA0450D164735ACAB1 . 916480 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.19019_none_e4d023dfb7a07d25\wininet.dll
    [7] 2009-04-10 . 8777B44511D8BCCF47B5A7CBDC02DE11 . 828416 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18005_none_03d46c899ef4dd32\wininet.dll
    [7] 2009-03-11 . F18C1B151A0B18C35BF0919A9BA0FA0F . 826368 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
    [7] 2009-03-11 . 622FE627D15DD920238A993021F0A4D1 . 827904 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
    [7] 2009-03-11 . 8F89FFECF6989DD7D9ECCEC6D95D7419 . 827392 . . [7.00.6001.18157] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
    [7] 2009-03-11 . 4944C9FFE8903A276590D4215F74B937 . 827904 . . [7.00.6001.22288] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
    [7] 2009-03-11 . DAEED2799D4D19F955C3E90B22A1E91E . 826368 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
    [7] 2009-03-11 . F7FF1E0D443788D6AE4CBCA593530099 . 827392 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
    [7] 2009-03-11 . 482BCCBF1FCBB3378100FF97081438C1 . 826880 . . [7.00.6001.18023] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
    [7] 2009-03-11 . 4E962B645608E6EDB7D31B75921D07FA . 826880 . . [7.00.6001.22120] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
    [7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
    [7] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
    .
    [7] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll
    [7] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
    .
    [7] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ws2help.dll
    [7] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\ws2help.dll
    .
    [7] 2009-04-10 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\explorer.exe
    [7] 2009-04-10 . D07D4C3038F3578FFCE1C0237F2A1253 . 2926592 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [7] 2009-03-11 . 37440D09DEAE0B672A04DCCF7ABF06BE . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [7] 2009-03-11 . E7156B0B74762D9DE0E66BDCDE06E5FB . 2923520 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [7] 2009-03-11 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [7] 2009-03-11 . 50BA5850147410CDE89C523AD3BC606E . 2927616 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [7] 2008-01-21 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
    .
    [7] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6000.16386] . . c:\windows\regedit.exe
    [7] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
    .
    [7] 2010-06-28 . 7C6F74A11FCF5745B36CB8085B7DE3FB . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.22433_none_ae70528d08aae434\ole32.dll
    [7] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] . . c:\windows\System32\ole32.dll
    [7] 2010-06-28 . 9586E7CB2255A8B097A7E4538202585E . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_adbf7553efaa1c63\ole32.dll
    [7] 2010-06-28 . 64A319477AF21806B8A17E8A3A3FF8BC . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.22720_none_ac91afb30b7f271a\ole32.dll
    [7] 2010-06-28 . AA406846DD60E3A4536DBAAB4037B685 . 1315840 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18498_none_abc461f7f2931b51\ole32.dll
    [7] 2009-04-10 . C50A0AB19094BC362FBA69E105EBCCFD . 1316864 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18005_none_ae092067ef732bd0\ole32.dll
    [7] 2008-01-21 . 3B634E4BE373D6D987EBF906B43FAAB3 . 1315328 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32.dll
    .
    [7] 2010-04-16 . E609A492AD596187CEA24E8418FF082F . 502784 . . [1.0626.6002.22384] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
    [7] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\System32\usp10.dll
    [7] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
    [7] 2010-04-16 . 8CB1162DD3586683D71BCB303C1FF54F . 502272 . . [1.0626.6001.22672] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
    [7] 2010-04-16 . A23E4692716C25E5AEA300ED74E73A1C . 501760 . . [1.0626.6001.18461] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
    [7] 2009-04-10 . 5A8E28037289FCCBF7AD3FC57DF7048F . 502272 . . [1.0626.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18005_none_aee5f21a559e2b7a\usp10.dll
    [7] 2008-01-21 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10.dll
    .
    [7] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ksuser.dll
    [7] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll
    .
    [7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe
    [7] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
    .
    [7] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_cce0e39c1d282219\shsvcs.dll
    [7] 2009-07-10 . 94285A002D2826D2FD1C0806455136E9 . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_caf6a3ce20052bcc\shsvcs.dll
    [7] 2009-07-10 . 6898575E052CE7CB1CB87622EF187CDA . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_cb7e18273924cc2a\shsvcs.dll
    [7] 2009-07-10 . 6669714ACE90E9BB4E8C1D550C67B160 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_cd80222536358728\shsvcs.dll
    [7] 2009-07-10 . F0942394F642F5CE3D9A86474FA293FA . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_cf6894a1335a0efa\shsvcs.dll
    [7] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
    [7] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726\shsvcs.dll
    [7] 2009-04-10 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
    [7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
    .
    [7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll
    [7] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
    .
    [7] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe
    [7] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
    .
    [7] 2009-04-10 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll
    [7] 2009-04-10 . 9E6894EA18DAFF37B63E1005F83AE4AB . 107008 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6002.18005_none_8b517ec580991c4d\regsvc.dll
    [7] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6001.18000_none_896605b983775101\regsvc.dll
    .
    [7] 2010-11-06 . 7B587B8A6D4A99F79D2902D0385F29BD . 603648 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87\schedsvc.dll
    [7] 2010-11-05 . 4B71C228530440F853F9C30E308F00E9 . 604672 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c\schedsvc.dll
    [7] 2010-11-05 . 38AE0400578FD396628F21A571473A3B . 602112 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll
    [7] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll
    [7] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38\schedsvc.dll
    [7] 2009-04-10 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404\schedsvc.dll
    [7] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll
    [7] 2008-01-21 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
    [7] 2008-01-21 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
    .
    [7] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll
    [7] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpsrv.dll
    .
    [7] 2009-04-10 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll
    [7] 2009-04-10 . BB95DA09BEF6E7A131BFF3BA5032090D . 449024 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
    [7] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
    .
    [7] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\System32\hnetcfg.dll
    [7] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6001.18000_none_b03645b494998691\hnetcfg.dll
    .
    [7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6000.16386] . . c:\windows\System32\drivers\AGP440.sys
    [7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
    [7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
    [7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
    [7] 2008-01-21 . 13F9E33747E6B41A3FF305C37DB0D360 . 56376 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
    [7] 2006-11-02 . EF23439CDD587F64C2C1B8825CEAD7D8 . 53864 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
    .
    [7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll
    [7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6001.18000_none_f900daa442864318\ias.dll
    [7] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6002.18005_none_faec53b03fa80e64\ias.dll
    .
    [7] 2010-08-31 16:49 . 5E9F187AC6BADB58C21C4E3A18DD1F62 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.22478_none_f53f7ef86c05abb0\mfc40u.dll
    [7] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll
    [7] 2010-08-31 15:46 . 2A64FE405579BB073FBABD68AF1468E7 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6002.18305_none_f4fe90c352b1fc4a\mfc40u.dll
    [7] 2010-08-31 15:41 . 13D0F7769927B74782CB59D8CCEF9E10 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.18523_none_f3007c89559daf33\mfc40u.dll
    [7] 2010-08-31 15:17 . 1C1486BB262DF6DFD298110BC495906E . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6001.22754_none_f36aabc06ed2b94e\mfc40u.dll
    [7] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6000.16386_none_f0dc500958a528b5\mfc40u.dll
    .
    [7] 2011-10-27 . 5B3C5FBBE4FB0DCFFCEC402B44BC6719 . 3603840 . . [6.0.6002.22732] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22732_none_6e821239ca7d7436\ntkrnlpa.exe
    [7] 2011-10-27 . CA537C1021ACDF5B3D14A01B0D4A09B7 . 3602816 . . [6.0.6002.18533] . . c:\windows\System32\ntkrnlpa.exe
    [7] 2011-10-27 . CA537C1021ACDF5B3D14A01B0D4A09B7 . 3602816 . . [6.0.6002.18533] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18533_none_6df973d2b15ef09c\ntkrnlpa.exe
    [7] 2010-10-15 . 950C425C9E1FA4DDEC8A6B7915E3D892 . 3600272 . . [6.0.6001.18538] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_6c17fdaab43422b6\ntkrnlpa.exe
    [7] 2010-10-15 . C391DF1007E54B1FE06A4EF02DB6FA61 . 3602320 . . [6.0.6002.18327] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_6e08411ab1533fb9\ntkrnlpa.exe
    [7] 2010-10-15 . 3BEF21D45A74AD2C6EAD894BA6C6A502 . 3602832 . . [6.0.6001.22777] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_6c755c61cd731614\ntkrnlpa.exe
    [7] 2010-10-15 . FEB9209E1D2B97DB4AE8FBF1DB0F54B6 . 3603856 . . [6.0.6002.22505] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_6ea57f0fca62721a\ntkrnlpa.exe
    [7] 2010-06-08 . 3FAFA4C0567D205F56C15D8B9D469F9D . 3601792 . . [6.0.6002.22420] . . c:\windows\SoftwareDistribution\Download\a09884c79a2ed1bcfa2532db0a630db4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntkrnlpa.exe
    [7] 2010-06-08 . E3A2697835A14C75B233606357AB46DD . 3600768 . . [6.0.6002.18267] . . c:\windows\SoftwareDistribution\Download\a09884c79a2ed1bcfa2532db0a630db4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntkrnlpa.exe
    [7] 2010-06-08 . 4F332C0A64F4209EB322DB35310BA879 . 3598216 . . [6.0.6001.18488] . . c:\windows\SoftwareDistribution\Download\a09884c79a2ed1bcfa2532db0a630db4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntkrnlpa.exe
    [7] 2010-06-08 . 560C7E5036D6D0F9CC4AED5DE885DB8A . 3600784 . . [6.0.6001.22707] . . c:\windows\SoftwareDistribution\Download\a09884c79a2ed1bcfa2532db0a630db4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntkrnlpa.exe
    [7] 2009-04-10 . 1260BEACF2F023807A1087BBB0E15BBD . 3601896 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntkrnlpa.exe
    [7] 2009-03-11 . B663CE327C77E798D30DEEE6662F4F7D . 3601976 . . [6.0.6001.22258] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22258_none_6c8bf305cd6205c6\ntkrnlpa.exe
    [7] 2009-03-11 . E67F6247029F6311E643532D2CFFE667 . 3505208 . . [6.0.6000.16754] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntkrnlpa.exe
    [7] 2009-03-11 . 084A3A26A3D1A75D0705D963C0289DD5 . 3506744 . . [6.0.6000.20921] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntkrnlpa.exe
    [7] 2009-03-11 . 3EB08788832D9048C617559CEFD208CF . 3601464 . . [6.0.6001.18145] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntkrnlpa.exe
    [7] 2009-03-11 . DC870DCAA25E5CC1C8A50FAC19CCED45 . 3601976 . . [6.0.6001.22269] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntkrnlpa.exe
    [7] 2009-03-11 . 6BB1994F5B62FEF6268F1EBB4014E293 . 3600952 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe
    [7] 2009-03-11 . 68EEF02A8846442FE98AD0E0517EE6BC . 3601464 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe
    [7] 2009-03-03 . FEB3FB3309EBA85917BDE7F4FD019C9D . 3599328 . . [6.0.6001.18226] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntkrnlpa.exe
    [7] 2009-03-03 . 641C0F376136E5B6F389016EC48374D2 . 3600880 . . [6.0.6001.22389] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntkrnlpa.exe
    [7] 2009-03-03 . 06BCF21AAA1890328D1F58F0ACBE668D . 3503584 . . [6.0.6000.16830] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntkrnlpa.exe
    [7] 2009-03-03 . 191C702B48681FB2BA5A96F416207ACF . 3505120 . . [6.0.6000.21023] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntkrnlpa.exe
    [7] 2008-01-21 . FE51E8DBBEF2D01EF886499FECBF2D78 . 3600440 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntkrnlpa.exe
    .
    [7] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
    [7] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\upnphost.dll
    .
    [7] 2009-04-10 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll
    [7] 2009-04-10 . 84B8827562B005C118CADBA0F25DB2C6 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6002.18005_none_5a8737643f04aa4c\dsound.dll
    [7] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6001.18000_none_589bbe5841e2df00\dsound.dll
    .
    [7] 2009-04-10 . 8AAEEE8E59A70F37579993D118A34EE0 . 1788416 . . [6.0.6002.18005] . . c:\windows\System32\d3d9.dll
    [7] 2009-04-10 . 8AAEEE8E59A70F37579993D118A34EE0 . 1788416 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6002.18005_none_c438e5b15de80145\d3d9.dll
    [7] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d9.dll
    .
    [7] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll
    [7] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddraw.dll
    .
    [7] 2009-04-10 21:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\System32\olepro32.dll
    [7] 2009-04-10 21:28 . A944A73CEC5921B871542FE5CC5E03E4 . 88576 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6002.18005_none_3bff339efed611ca\olepro32.dll
    [7] 2008-01-21 02:23 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll
    .
    [7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\System32\perfctrs.dll
    [7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll
    [7] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6002.18005_none_335eb6cf5a3b9de4\perfctrs.dll
    .
    [7] 2009-04-10 . 69827805A221C21450BA22F4326A2EE3 . 20480 . . [6.0.6002.18005] . . c:\windows\System32\version.dll
    [7] 2009-04-10 . 69827805A221C21450BA22F4326A2EE3 . 20480 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6002.18005_none_16e9c83b4e078740\version.dll
    [7] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\version.dll
    .
    [7] 2011-04-30 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
    [7] 2011-02-22 . 9CE5543464432CA73134F170FA2BF823 . 638232 . . [8.00.6001.23143] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
    [7] 2011-02-22 . C1D36A2CBE0CEC4DF593DB1288CF586E . 638232 . . [8.00.6001.19048] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
    [7] 2010-12-20 . 4319F2A5C725D9E0B9E01744E02D32BE . 634648 . . [7.00.6001.18565] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18565_none_2f262b711a2a98e5\iexplore.exe
    [7] 2010-12-20 . B021EBF2A5344FF71A641B2EFDAF813E . 634648 . . [7.00.6001.22816] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22816_none_2fe6dbee331ec09f\iexplore.exe
    [7] 2010-12-18 . 7852371DA9EFBC17B645558E23780EAC . 638232 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
    [7] 2010-12-18 . B988D7F127B94BD5BF8356FE81B985C4 . 638232 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
    [7] 2009-04-10 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
    [7] 2009-03-11 . D762642A109433EEDCD332B0A9511137 . 634024 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
    [7] 2009-03-11 . 4CBA2F58668F2D5F3259CBE73E227F25 . 634024 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
    [7] 2009-03-11 . 9437CA21CD48C9B6BFD6F5AC0143D251 . 625664 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
    [7] 2009-03-11 . 182CAF7403705ACCB51211A761080B8F . 625664 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
    [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
    [7] 2008-01-21 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
    .
    .
    [7] 2011-10-27 . C7D1507B837BC41D13D6EAC31A032AE3 . 3550080 . . [6.0.6002.18533] . . c:\windows\System32\ntoskrnl.exe
    [7] 2011-10-27 . C7D1507B837BC41D13D6EAC31A032AE3 . 3550080 . . [6.0.6002.18533] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18533_none_6df973d2b15ef09c\ntoskrnl.exe
    [7] 2011-10-27 . D91407C7DF48B369E35E9E1426563EFA . 3552640 . . [6.0.6002.22732] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22732_none_6e821239ca7d7436\ntoskrnl.exe
    [7] 2010-10-15 . A573338BDCED710795C618EA5FCF48D5 . 3548048 . . [6.0.6001.18538] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_6c17fdaab43422b6\ntoskrnl.exe
    [7] 2010-10-15 . 8B5EEAA99965E26C3FBB9FAC8BD3B6A1 . 3552144 . . [6.0.6002.22505] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_6ea57f0fca62721a\ntoskrnl.exe
    [7] 2010-10-15 . F276ABE13DD0BA1024A42A443E47A4A2 . 3550608 . . [6.0.6001.22777] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_6c755c61cd731614\ntoskrnl.exe
    [7] 2010-10-15 . 1ACD7FC485D0E0FF9097E08900D834CC . 3550096 . . [6.0.6002.18327] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_6e08411ab1533fb9\ntoskrnl.exe
    [7] 2010-06-08 . C5AB434D0C8FA38EAD136FB29E2504B7 . 3550600 . . [6.0.6002.22420] . . c:\windows\SoftwareDistribution\Download\a09884c79a2ed1bcfa2532db0a630db4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_6e8adbdfca772e22\ntoskrnl.exe
    [7] 2010-06-08 . F2BEE482023F146CF85EBB15B9E1CD35 . 3548040 . . [6.0.6002.18267] . . c:\windows\SoftwareDistribution\Download\a09884c79a2ed1bcfa2532db0a630db4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_6ddcff84b173b256\ntoskrnl.exe
    [7] 2010-06-08 . D5FA5D17F03E6D39E1A12431DD6F2A39 . 3545992 . . [6.0.6001.18488] . . c:\windows\SoftwareDistribution\Download\a09884c79a2ed1bcfa2532db0a630db4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_6be1ec28b45cb144\ntoskrnl.exe
    [7] 2010-06-08 . 47DB9968B8CF2031C46007F42CCE2437 . 3548552 . . [6.0.6001.22707] . . c:\windows\SoftwareDistribution\Download\a09884c79a2ed1bcfa2532db0a630db4\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_6cc10bd5cd3a527d\ntoskrnl.exe
    [7] 2009-04-10 . 6798DBF3F25721637AEF5B6C69911C9C . 3549672 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_6e1bdaacb144ddb4\ntoskrnl.exe
    [7] 2009-03-11 . C719F4815748F136261627FF0B5888C8 . 3549752 . . [6.0.6001.22258] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22258_none_6c8bf305cd6205c6\ntoskrnl.exe
    [7] 2009-03-11 . 03279407E78F76BA1131DAB35A5E55C0 . 3470904 . . [6.0.6000.16754] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntoskrnl.exe
    [7] 2009-03-11 . 1E09CE4D9BB7B6521FB023CAE2E55F63 . 3472952 . . [6.0.6000.20921] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntoskrnl.exe
    [7] 2009-03-11 . 1FD3E8BFFD38F9B145E4B2B238B692F7 . 3549240 . . [6.0.6001.18145] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntoskrnl.exe
    [7] 2009-03-11 . DEA801F2D9FD1DB35ED6B9BC4A6657F1 . 3549752 . . [6.0.6001.22269] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntoskrnl.exe
    [7] 2009-03-11 . C9CD31B3CBA8134F2B47FB5E78376ACC . 3549240 . . [6.0.6001.18063] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
    [7] 2009-03-11 . 22D444D3D88A4C299894B3638A114BF7 . 3549240 . . [6.0.6001.22167] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
    [7] 2009-03-03 . 393BB8FE05D66ABA7B091E6032179272 . 3547632 . . [6.0.6001.18226] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntoskrnl.exe
    [7] 2009-03-03 . DFF34C5D66AB4BF1EED47BF19D1267BB . 3548656 . . [6.0.6001.22389] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntoskrnl.exe
    [7] 2009-03-03 . 3910FE042C707E6BACD0FEC5AB9ECDE6 . 3469280 . . [6.0.6000.16830] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntoskrnl.exe
    [7] 2009-03-03 . 808C86316AED98716C5F305A6265F393 . 3471328 . . [6.0.6000.21023] . . c:\windows\SoftwareDistribution\Download\f13192b645fde958d0047e219b26d32a\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntoskrnl.exe
    [7] 2008-01-21 . 6700F35EBA206E5C89AC27C9A124DC01 . 3548728 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntoskrnl.exe
    .
    [7] 2009-04-10 . 96EA68B9EB310A69C25EBB0282B2B9DE . 282624 . . [6.0.6001.18000] . . c:\windows\System32\w32time.dll
    [7] 2009-04-10 . 96EA68B9EB310A69C25EBB0282B2B9DE . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6002.18005_none_8a92dcbb6a6c707b\w32time.dll
    [7] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6001.18000_none_88a763af6d4aa52f\w32time.dll
    .
    [7] 2009-04-10 . 5DE7D67E49B88F5F07F3E53C4B92A352 . 453120 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
    [7] 2009-04-10 . 5DE7D67E49B88F5F07F3E53C4B92A352 . 453120 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_347fb41db0752753\wiaservc.dll
    [7] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
    .
    [7] 2009-04-10 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\midimap.dll
    [7] 2009-04-10 . 83199EF88D691E730B80666E29F90D58 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6002.18005_none_8ee941100db1acf2\midimap.dll
    [7] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\midimap.dll
    .
    [7] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\System32\rasadhlp.dll
    [7] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
     
  8. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    Combofix log part 3

    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}"= "c:\program files\Softonic-Canada_\prxtbSoft.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7293F213-FF03-434B-820F-6A3842F77C3C}]
    2011-06-17 08:04 1726472 ----a-w- c:\program files\Sigwich\Sigwich 1.0\SigWebMailIE8.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-16 18:36 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\Softonic-Canada_\prxtbSoft.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}"= "c:\program files\Softonic-Canada_\prxtbSoft.dll" [2011-03-28 176936]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\The Perrrys\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\The Perrrys\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\The Perrrys\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Wclock"="c:\program files\Wclock\Wclock.exe" [2009-12-05 63800]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-04-29 273544]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-04 450652]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableStartupSound"= 1 (0x1)
    "HideFastUserSwitching"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisableThumbnailsOnNetworkFolders"= 0 (0x0)
    "HideRunAsVerb"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-03 81920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - FSUSBEXDISK
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    .
    NETSVCS REQUIRES REPAIRS - current entries shown
    AeLookupSvc
    wercplsupport
    Themes
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    srservice
    flutilssvc
    MSIRCOMM
    elservice
    teefer2
    nwdls
    ftrtsvc
    drvmcdb
    Cam5607
    NWSLP
    sysplant
    ftpds
    qbcfmonitorservice
    tosrfcom
    transarcafsdaemon
    XBCD
    tabletservice
    spcsutilityservice
    SprintRcAppSvc
    Machnm32
    cwafadminmonitor
    kavsvc
    besclient
    zmxpzip
    pdlnctdl
    webrootcommagentservice
    lxcf_device
    idisw2km
    bcftdi
    HWIONT
    elnkupdateservice
    tosrfnds
    DN2AKNET
    SSFS0BB9
    L1e
    bwmservice
    aec
    ccalib8
    irbus
    NTIDrvr
    cmigameport
    bgsvcgen
    RVIEG01
    zpsc
    winmtsrv
    fa_scheduler
    dbmanagerscheduler
    aawservice
    axskbus
    vaiomediaplatform-integratedserver-http
    Accelerometer
    RMCAST
    sfhlp01
    avgarcln
    adobeversioncue
    senfilt
    truecrypt
    navex15
    LHidKe
    SunkFilt39
    ipcsvc
    raspti
    cebdaldr
    protectionservice
    scdemu
    oracleservicelocalora
    symsnap
    AVCamUSB20
    mctaskmanager
    amdppm
    QPCapSvc
    niorbk
    rksample
    UimBus
    cxpt_service
    starwindservice
    Wmi
    WmdmPmSp
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    ProfSvc
    EapHost
    winmgmt
    schedule
    SessionEnv
    browser
    hkmsvc
    ezSharedSvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 23:35]
    .
    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 23:35]
    .
    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513904107-2587497094-3204873482-1000Core.job
    - c:\users\The Perrrys\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 21:12]
    .
    2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513904107-2587497094-3204873482-1000UA.job
    - c:\users\The Perrrys\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 21:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://remote.nursenextdoor.com/RDWeb/Pages/en-US/login.aspx?ReturnUrl=default.aspx
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    FF - ProfilePath - c:\users\The Perrrys\AppData\Roaming\Mozilla\Firefox\Profiles\mfvpmr1u.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B634692c9-0354-4c12-bbfd-06d398863bde%7D&mid=6ab6d4a0daa847d18fd1d16fd8f65cdd-6c70f526cfa8290077e10c5a25f06c683607a992&ds=AVG&v=9.0.0.22&lang=en&pr=pr&d=2011-09-21%2014%3A47%3A50&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{58ea4eec-188b-4644-b41b-79c7a96de193} - (no file)
    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    URLSearchHooks-{cf45c54f-801c-41b5-ac77-57f2bf418edc} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    AddRemove-AVG PC Tuneup 2011_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-29 13:56
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoManager10Deluxe.8.alb"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3920)
    c:\users\The Perrrys\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\AVG\AVG2012\avgfws.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe
    c:\windows\system32\FsUsbExService.Exe
    c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\SMINST\BLService.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-29 14:10:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-29 22:10
    .
    Pre-Run: 33*461*448*704 bytes free
    Post-Run: 33*499*521*024 bytes free
    .
    - - End Of File - - 3F364F6E7C53E88B109E034218A3DFD2
     
  9. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    ESET log

    C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir a variant of Win32/Rootkit.Kryptik.JV trojan
    C:\Users\The Perrrys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6a1afde2-66a40ab8 a variant of Java/Exploit.CVE-2011-3544.AU trojan
    C:\Users\The Perrrys\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111017124817065.rsc a variant of Win32/InstallCore.D application
    C:\Users\The Perrrys\Downloads\cnet2_easydvd_download_com_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\The Perrrys\Downloads\cnet_vfcssetup_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\The Perrrys\Downloads\fsSetup132.exe Win32/Adware.Toolbar.Dealio application
    C:\Windows\System32\drivers\dfsc.sys a variant of Win32/Rootkit.Kryptik.JV trojan
    C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys a variant of Win32/Rootkit.Kryptik.JV trojan



    Bobbye, I couldn't get DDS to run, even after adding the Vista SCR file association fix.
    Haven't re-installed AVG as yet, just using Windows Security Essentials.

    Let me know your next instructions based on all the info provided.
    Once again, I really appreciate your assistance..thanks!!
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, we'll work around it.
    For the Eset entries:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Users\The Perrrys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6a1afde2-66a40ab8 
      C:\Users\The Perrrys\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111017124817065.rsc 
      C:\Users\The Perrrys\Downloads\cnet2_easydvd_download_com_exe.exe 
      C:\Users\The Perrrys\Downloads\cnet_vfcssetup_exe.exe 
      C:\Users\The Perrrys\Downloads\fsSetup132.exe 
      C:\Windows\System32\drivers\dfsc.sys 
      C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\dds_trash_log.cmd
    FileLook::
    c:\program files\Common Files\System\wab32.dll
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}"=-
    [HKEY_CLASSES_ROOT\clsid\{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}"=- 
    [HKEY_CLASSES_ROOT\clsid\{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}]
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    ===================================
    Open a Command Prompt: Start> Run> type in cmd[/n]> Enter> at the blinking C Prompt, type in the following:

    sc query bits

    Then Enter.
    Copy the result and paste in next reply.
    ==============================
    Please include the OTM log and OTL log in next reply.
     
  11. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    OTM

    Wow, thanks for all the instructions.

    Initially had a litte problem with OTM. All ran perfectly, clicke Moveit! and it worked for 45 seconds, produced some results on the other side of the window, the green bar was moving at the bottom of the window, then the window disappeared, i heard the windows error/notification sound, and all desktop icon and functionallity disappeared except for the mouse cursor. I could move the mouse around but no start menu, task bar etc.
    I restarted the computer with task manager (ctrl+alt+delete), disabled Security Essentials and disconnected internet and ran it again. It successfully finished and created a log. Not sure if this will affect the log produced.

    Here is the OTM log:

    All processes killed
    ========== FILES ==========
    File/Folder C:\Users\The Perrrys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6a1afde2-66a40ab8 not found.
    File/Folder C:\Users\The Perrrys\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111017124817065.rsc not found.
    File/Folder C:\Users\The Perrrys\Downloads\cnet2_easydvd_download_com_exe.exe not found.
    File/Folder C:\Users\The Perrrys\Downloads\cnet_vfcssetup_exe.exe not found.
    File/Folder C:\Users\The Perrrys\Downloads\fsSetup132.exe not found.
    File/Folder C:\Windows\System32\drivers\dfsc.sys not found.
    File/Folder C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: The Perrrys
    ->Temp folder emptied: 364265 bytes
    ->Temporary Internet Files folder emptied: 146472 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 9890436 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10622 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 15354939 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 740 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 25.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 03012012_144910
     
  12. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    Combofix

    Ran Combofix as directed, all worked well. During the scan it stated "Rootkit.ZeroAccess! has inserted itself into the tcp/ip stack. This is a particularly difficult infection" and some other info regarding loss of internet connectivity.
    I am sure this is contained in the log, but thought I should mention it (better to disclose all info to I guess).

    Here is the combofix log:

    ComboFix 12-02-29.01 - The Perrrys 2012/03/01 15:48:32.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.27.1033.18.2974.2191 [GMT -8:00]
    Running from: c:\users\The Perrrys\Downloads\ComboFix.exe
    Command switches used :: c:\users\The Perrrys\Downloads\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\dds_trash_log.cmd"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB62280$
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-02 00:01 . 2012-03-02 00:01 -------- d-----w- c:\users\The Perrrys\AppData\Local\temp
    2012-03-02 00:01 . 2012-03-02 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-01 23:06 . 2012-02-20 09:05 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-03-01 23:06 . 2012-02-20 09:05 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82DB0C55-A226-461D-AA9B-D6B12C087AFF}\mpengine.dll
    2012-03-01 22:20 . 2012-03-01 22:20 -------- d-----w- C:\_OTM
    2012-03-01 04:05 . 2012-03-01 04:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2012-02-29 22:16 . 2012-02-29 22:16 -------- d-----w- c:\program files\ESET
    2012-02-29 20:42 . 2012-02-09 21:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{601F22AA-E1C5-4F64-9132-44C9A5ADDC37}\gapaengine.dll
    2012-02-29 20:31 . 2012-02-29 20:31 -------- d-----w- c:\program files\Microsoft Security Client
    2012-02-29 20:30 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-02-29 20:15 . 2012-02-29 20:15 -------- d-----w- c:\programdata\MFAData
    2012-02-27 15:38 . 2012-02-27 15:38 -------- d-----w- c:\users\The Perrrys\AppData\Roaming\Malwarebytes
    2012-02-27 15:37 . 2012-02-27 15:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-27 15:37 . 2012-02-27 15:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-27 15:37 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-27 04:20 . 2012-02-29 21:13 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-19 18:34 . 2012-02-19 18:34 -------- d-----w- c:\users\The Perrrys\AppData\Roaming\Sigwich
    2012-02-19 18:33 . 2012-02-19 18:33 -------- d-----w- c:\program files\Sigwich
    2012-02-18 18:25 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2012-02-18 18:22 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
    2012-02-18 18:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2012-02-18 18:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2012-02-18 18:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2012-02-18 18:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2012-02-17 14:45 . 2012-02-18 17:51 -------- d-----r- c:\users\The Perrrys\Dropbox
    2012-02-17 14:42 . 2012-02-18 17:51 -------- d-----w- c:\users\The Perrrys\AppData\Roaming\Dropbox
    2012-02-13 01:24 . 2012-02-22 23:11 -------- d-----w- c:\program files\PeerBlock
    2012-02-10 23:32 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2012-02-10 23:32 . 2012-02-10 23:32 -------- d-----w- c:\program files\K-Lite Codec Pack
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-27 04:20 . 2011-06-14 19:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-31 12:44 . 2010-08-26 07:24 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-14 16:26 . 2011-05-09 17:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\program files\Common Files\System\wab32.dll ---
    Company: Microsoft Corporation
    File Description: Microsoft (R) Contacts DLL
    File Version: 6.0.6002.18521 (vistasp2_gdr.110930-0337)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: WAB32.DLL
    File size: 707584
    Created time: 2012-02-18 18:22
    Modified time: 2011-09-30 15:57
    MD5: F101C848A95FDC6474A66A9D395EAAEB
    SHA1: 38EE5E6D0237B99CD368E4C7451DA6BEFB7D2176
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7293F213-FF03-434B-820F-6A3842F77C3C}]
    2011-06-17 08:04 1726472 ----a-w- c:\program files\Sigwich\Sigwich 1.0\SigWebMailIE8.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-01-16 18:36 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afffc28e-48d0-4bf5-92dd-4f74a082e9fb}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\Softonic-Canada_\prxtbSoft.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\The Perrrys\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\The Perrrys\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\The Perrrys\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Wclock"="c:\program files\Wclock\Wclock.exe" [2009-12-05 63800]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-04-29 273544]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-04 450652]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 45056]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableStartupSound"= 1 (0x1)
    "HideFastUserSwitching"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisableThumbnailsOnNetworkFolders"= 0 (0x0)
    "HideRunAsVerb"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-03 81920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    .
    NETSVCS REQUIRES REPAIRS - current entries shown
    AeLookupSvc
    wercplsupport
    Themes
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Ias
    Irmon
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    Remoteaccess
    SENS
    Sharedaccess
    SRService
    Tapisrv
    srservice
    flutilssvc
    MSIRCOMM
    elservice
    teefer2
    nwdls
    ftrtsvc
    drvmcdb
    Cam5607
    NWSLP
    sysplant
    ftpds
    qbcfmonitorservice
    tosrfcom
    transarcafsdaemon
    XBCD
    tabletservice
    spcsutilityservice
    SprintRcAppSvc
    Machnm32
    cwafadminmonitor
    kavsvc
    besclient
    zmxpzip
    pdlnctdl
    webrootcommagentservice
    lxcf_device
    idisw2km
    bcftdi
    HWIONT
    elnkupdateservice
    tosrfnds
    DN2AKNET
    SSFS0BB9
    L1e
    bwmservice
    aec
    ccalib8
    irbus
    NTIDrvr
    cmigameport
    bgsvcgen
    RVIEG01
    zpsc
    winmtsrv
    fa_scheduler
    dbmanagerscheduler
    aawservice
    axskbus
    vaiomediaplatform-integratedserver-http
    Accelerometer
    RMCAST
    sfhlp01
    avgarcln
    adobeversioncue
    senfilt
    truecrypt
    navex15
    LHidKe
    SunkFilt39
    ipcsvc
    raspti
    cebdaldr
    protectionservice
    scdemu
    oracleservicelocalora
    symsnap
    AVCamUSB20
    mctaskmanager
    amdppm
    QPCapSvc
    niorbk
    rksample
    UimBus
    cxpt_service
    starwindservice
    Wmi
    WmdmPmSp
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    AppInfo
    msiscsi
    MMCSS
    ProfSvc
    EapHost
    winmgmt
    schedule
    SessionEnv
    browser
    hkmsvc
    ezSharedSvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 23:35]
    .
    2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 23:35]
    .
    2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513904107-2587497094-3204873482-1000Core.job
    - c:\users\The Perrrys\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 21:12]
    .
    2012-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-513904107-2587497094-3204873482-1000UA.job
    - c:\users\The Perrrys\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 21:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://remote.nursenextdoor.com/RDWeb/Pages/en-US/login.aspx?ReturnUrl=default.aspx
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    FF - ProfilePath - c:\users\The Perrrys\AppData\Roaming\Mozilla\Firefox\Profiles\mfvpmr1u.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B634692c9-0354-4c12-bbfd-06d398863bde%7D&mid=6ab6d4a0daa847d18fd1d16fd8f65cdd-6c70f526cfa8290077e10c5a25f06c683607a992&ds=AVG&v=9.0.0.22&lang=en&pr=pr&d=2011-09-21%2014%3A47%3A50&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-01 16:01
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoManager10Deluxe.8.alb"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-03-01 16:03:36
    ComboFix-quarantined-files.txt 2012-03-02 00:03
    ComboFix2.txt 2012-02-29 22:10
    .
    Pre-Run: 33*566*314*496 bytes free
    Post-Run: 33*521*725*440 bytes free
    .
    - - End Of File - - 2ACD5BB29C23652DDFE617810CF19E91
     
  13. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    OTL log - part 1

    OTL logfile created on: 2012/03/01 04:12:57 PM - Run 1
    OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\The Perrrys\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

    2.90 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 60.83% Memory free
    6.05 Gb Paging File | 5.07 Gb Available in Paging File | 83.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.45 Gb Total Space | 31.27 Gb Free Space | 14.06% Space Free | Partition Type: NTFS
    Drive D: | 10.44 Gb Total Space | 1.79 Gb Free Space | 17.12% Space Free | Partition Type: NTFS

    Computer Name: LYLEPERRY | User Name: The Perrrys | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\The Perrrys\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
    PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
    PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
    PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\SMINST\BLService.exe ()


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - (zpsc) -- File not found
    SRV - (zmxpzip) -- File not found
    SRV - (XBCD) -- File not found
    SRV - (winmtsrv) -- File not found
    SRV - (webrootcommagentservice) -- File not found
    SRV - (vaiomediaplatform-integratedserver-http) -- File not found
    SRV - (UimBus) -- File not found
    SRV - (truecrypt) -- File not found
    SRV - (transarcafsdaemon) -- File not found
    SRV - (tosrfnds) -- File not found
    SRV - (tosrfcom) -- File not found
    SRV - (teefer2) -- File not found
    SRV - (tabletservice) -- File not found
    SRV - (sysplant) -- File not found
    SRV - (symsnap) -- File not found
    SRV - (SunkFilt39) -- File not found
    SRV - (starwindservice) -- File not found
    SRV - (SSFS0BB9) -- File not found
    SRV - (srservice) -- File not found
    SRV - (SprintRcAppSvc) -- File not found
    SRV - (spcsutilityservice) -- File not found
    SRV - (sfhlp01) -- File not found
    SRV - (senfilt) -- File not found
    SRV - (scdemu) -- File not found
    SRV - (RVIEG01) -- File not found
    SRV - (RMCAST) -- File not found
    SRV - (rksample) -- File not found
    SRV - (raspti) -- File not found
    SRV - (QPCapSvc) -- File not found
    SRV - (qbcfmonitorservice) -- File not found
    SRV - (protectionservice) -- File not found
    SRV - (pdlnctdl) -- File not found
    SRV - (oracleservicelocalora) -- File not found
    SRV - (NWSLP) -- File not found
    SRV - (nwdls) -- File not found
    SRV - (NTIDrvr) -- File not found
    SRV - (niorbk) -- File not found
    SRV - (navex15) -- File not found
    SRV - (MSIRCOMM) -- File not found
    SRV - (mctaskmanager) -- File not found
    SRV - (Machnm32) -- File not found
    SRV - (lxcf_device) -- File not found
    SRV - (LHidKe) -- File not found
    SRV - (L1e) -- File not found
    SRV - (kavsvc) -- File not found
    SRV - (irbus) -- File not found
    SRV - (ipcsvc) -- File not found
    SRV - (idisw2km) -- File not found
    SRV - (ftrtsvc) -- File not found
    SRV - (ftpds) -- File not found
    SRV - (flutilssvc) -- File not found
    SRV - (fa_scheduler) -- File not found
    SRV - (elservice) -- File not found
    SRV - (elnkupdateservice) -- File not found
    SRV - (drvmcdb) -- File not found
    SRV - (DN2AKNET) -- File not found
    SRV - (dbmanagerscheduler) -- File not found
    SRV - (cxpt_service) -- File not found
    SRV - (cwafadminmonitor) -- File not found
    SRV - (cmigameport) -- File not found
    SRV - (cebdaldr) -- File not found
    SRV - (ccalib8) -- File not found
    SRV - (Cam5607) -- File not found
    SRV - (bwmservice) -- File not found
    SRV - (bgsvcgen) -- File not found
    SRV - (besclient) -- File not found
    SRV - (bcftdi) -- File not found
    SRV - (axskbus) -- File not found
    SRV - (avgarcln) -- File not found
    SRV - (AVCamUSB20) -- File not found
    SRV - (amdppm) -- File not found
    SRV - (aec) -- File not found
    SRV - (adobeversioncue) -- File not found
    SRV - (Accelerometer) -- File not found
    SRV - (aawservice) -- File not found
    SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
    SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
    SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
    SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
    SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
    SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe (Andrea Electronics Corporation)
    SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
    SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
    SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- File not found
    DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
    DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
    DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
    DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
    DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
    DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
    DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
    DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
    DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
    DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
    DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
    DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
    DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
    DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
    DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=91&bd=Presario&pf=cnnb
    IE - HKLM\..\URLSearchHook: {afffc28e-48d0-4bf5-92dd-4f74a082e9fb} - C:\Program Files\Softonic-Canada_\prxtbSoft.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031743

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://remote.nursenextdoor.com/RDWeb/Pages/en-US/login.aspx?ReturnUrl=default.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F6EB60DB-29BE-490D-B97E-67B0EC4AC59E}&mid=6ab6d4a0daa847d18fd1d16fd8f65cdd-6c70f526cfa8290077e10c5a25f06c683607a992&lang=en&ds=AVG&pr=pr&d=2011-09-21 14:47:50&v=8.0.0.34&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{E833B25D-F873-4359-917C-BE49DE6776AB}: "URL" = http://www.mysigwich.com/?q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "PhotoJoy Bar Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2966884&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
    FF - prefs.js..extensions.enabledItems: 5
    FF - prefs.js..extensions.enabledItems: 3
    FF - prefs.js..extensions.enabledItems: 1
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B634692c9-0354-4c12-bbfd-06d398863bde%7D&mid=6ab6d4a0daa847d18fd1d16fd8f65cdd-6c70f526cfa8290077e10c5a25f06c683607a992&ds=AVG&v=9.0.0.22&lang=en&pr=pr&d=2011-09-21%2014%3A47%3A50&sap=ku&q="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\The Perrrys\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\The Perrrys\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\The Perrrys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/16 10:37:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 09:08:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 07:14:31 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sigwebmailplugin@sigwich.com.xpi: C:\Users\The Perrrys\AppData\Roaming\Sigwich\sigwebmailplugin@sigwich.com.xpi [2012/02/19 11:20:06 | 000,000,000 | ---D | M]

    [2011/02/08 17:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Perrrys\AppData\Roaming\Mozilla\Extensions
    [2012/02/19 11:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Perrrys\AppData\Roaming\Mozilla\Firefox\Profiles\mfvpmr1u.default\extensions
    [2011/06/06 19:39:43 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\The Perrrys\AppData\Roaming\Mozilla\Firefox\Profiles\mfvpmr1u.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2011/06/07 13:42:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\The Perrrys\AppData\Roaming\Mozilla\Firefox\Profiles\mfvpmr1u.default\extensions\engine@conduit.com
    [2011/04/29 15:14:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\The Perrrys\AppData\Roaming\Mozilla\Firefox\Profiles\mfvpmr1u.default\extensions\firefox@tvunetworks.com
    [2011/10/24 07:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/02/22 10:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/03 12:45:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/10/24 07:14:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\THE PERRRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFVPMR1U.DEFAULT\EXTENSIONS\DRUPALFORFIREBUG@DRUPAL.ORG.XPI
    () (No name found) -- C:\USERS\THE PERRRYS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFVPMR1U.DEFAULT\EXTENSIONS\SIGWEBMAILPLUGIN@SIGWICH.COM.XPI
    [2011/04/12 13:46:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/04/14 08:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/07/12 08:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2012/01/16 10:36:58 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/06/16 20:39:08 | 000,001,746 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sigwich.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\The Perrrys\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\The Perrrys\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\The Perrrys\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\The Perrrys\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\The Perrrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\The Perrrys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\The Perrrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\The Perrrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: Sigwich for Google Chrome = C:\Users\The Perrrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgkpejfibbaedhhkagdcdbnlknahkpnc\1.0.0_0\
    CHR - Extension: Gmail = C:\Users\The Perrrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/02/29 13:55:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SigWebMail IE Plugin) - {7293F213-FF03-434B-820F-6A3842F77C3C} - C:\Program Files\Sigwich\Sigwich 1.0\SigWebMailIE8.dll (sigwich.com)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Softonic-Canada_ Toolbar) - {afffc28e-48d0-4bf5-92dd-4f74a082e9fb} - C:\Program Files\Softonic-Canada_\prxtbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
    O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [Wclock] C:\Program Files\Wclock\wclock.exe (DI Management Services Pty Ltd <www.di-mgt.com.au>)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
    O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AFB0155-15EF-4E78-8D2A-BF1963139C34}: DhcpNameServer = 64.59.144.92 64.59.144.93 64.59.150.135
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{918EF022-5A73-4C2F-8F72-D93DEB2E4063}: DhcpNameServer = 64.59.144.18 64.59.144.19 64.59.150.133
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: srservice - File not found
    NetSvcs: flutilssvc - File not found
    NetSvcs: MSIRCOMM - File not found
    NetSvcs: elservice - File not found
    NetSvcs: teefer2 - File not found
    NetSvcs: nwdls - File not found
    NetSvcs: ftrtsvc - File not found
    NetSvcs: drvmcdb - File not found
    NetSvcs: Cam5607 - File not found
    NetSvcs: NWSLP - File not found
    NetSvcs: sysplant - File not found
    NetSvcs: ftpds - File not found
    NetSvcs: qbcfmonitorservice - File not found
    NetSvcs: tosrfcom - File not found
    NetSvcs: transarcafsdaemon - File not found
    NetSvcs: XBCD - File not found
    NetSvcs: tabletservice - File not found
    NetSvcs: spcsutilityservice - File not found
    NetSvcs: SprintRcAppSvc - File not found
    NetSvcs: Machnm32 - File not found
    NetSvcs: cwafadminmonitor - File not found
    NetSvcs: kavsvc - File not found
    NetSvcs: besclient - File not found
    NetSvcs: zmxpzip - File not found
    NetSvcs: pdlnctdl - File not found
    NetSvcs: webrootcommagentservice - File not found
    NetSvcs: lxcf_device - File not found
    NetSvcs: idisw2km - File not found
    NetSvcs: bcftdi - File not found
    NetSvcs: HWIONT - File not found
    NetSvcs: elnkupdateservice - File not found
    NetSvcs: tosrfnds - File not found
    NetSvcs: DN2AKNET - File not found
    NetSvcs: SSFS0BB9 - File not found
    NetSvcs: L1e - File not found
    NetSvcs: bwmservice - File not found
    NetSvcs: aec - File not found
    NetSvcs: ccalib8 - File not found
    NetSvcs: irbus - File not found
    NetSvcs: NTIDrvr - File not found
    NetSvcs: cmigameport - File not found
    NetSvcs: bgsvcgen - File not found
    NetSvcs: RVIEG01 - File not found
    NetSvcs: zpsc - File not found
    NetSvcs: winmtsrv - File not found
    NetSvcs: fa_scheduler - File not found
    NetSvcs: dbmanagerscheduler - File not found
    NetSvcs: aawservice - File not found
    NetSvcs: axskbus - File not found
    NetSvcs: vaiomediaplatform-integratedserver-http - File not found
    NetSvcs: Accelerometer - File not found
    NetSvcs: RMCAST - File not found
    NetSvcs: sfhlp01 - File not found
    NetSvcs: avgarcln - File not found
    NetSvcs: adobeversioncue - File not found
    NetSvcs: senfilt - File not found
    NetSvcs: truecrypt - File not found
    NetSvcs: navex15 - File not found
    NetSvcs: LHidKe - File not found
    NetSvcs: SunkFilt39 - File not found
    NetSvcs: ipcsvc - File not found
    NetSvcs: raspti - File not found
    NetSvcs: cebdaldr - File not found
    NetSvcs: protectionservice - File not found
    NetSvcs: scdemu - File not found
    NetSvcs: oracleservicelocalora - File not found
    NetSvcs: symsnap - File not found
    NetSvcs: AVCamUSB20 - File not found
    NetSvcs: mctaskmanager - File not found
    NetSvcs: amdppm - File not found
    NetSvcs: QPCapSvc - File not found
    NetSvcs: niorbk - File not found
    NetSvcs: rksample - File not found
    NetSvcs: UimBus - File not found
    NetSvcs: cxpt_service - File not found
    NetSvcs: starwindservice - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
     
  14. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    OTL log - part 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/01 16:09:59 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\The Perrrys\Desktop\OTL.exe
    [2012/03/01 16:03:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/01 16:03:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/01 16:03:38 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\AppData\Local\temp
    [2012/03/01 15:37:56 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/03/01 14:20:04 | 000,000,000 | ---D | C] -- C:\_OTM
    [2012/03/01 14:17:31 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\The Perrrys\Desktop\OTM.exe
    [2012/02/29 14:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/02/29 14:15:35 | 002,322,184 | ---- | C] (ESET) -- C:\Users\The Perrrys\Desktop\esetsmartinstaller_enu.exe
    [2012/02/29 13:22:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/29 13:22:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/29 13:22:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/29 13:22:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/29 13:22:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/29 12:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/02/29 12:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/02/28 14:26:30 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Desktop\FDD docs
    [2012/02/27 15:49:33 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Desktop\FA Docs
    [2012/02/27 08:13:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\The Perrrys\Desktop\dds.scr
    [2012/02/27 07:54:23 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Desktop\MBAM
    [2012/02/27 07:38:04 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\AppData\Roaming\Malwarebytes
    [2012/02/27 07:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/27 07:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/27 07:37:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/27 07:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/27 07:36:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Perrrys\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/26 20:29:28 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Desktop\slideshow
    [2012/02/23 16:59:35 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Documents\Test]
    [2012/02/22 15:09:47 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Documents\Downloads
    [2012/02/19 10:34:34 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Documents\Add-in Express
    [2012/02/19 10:34:23 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\AppData\Roaming\Sigwich
    [2012/02/19 10:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sigwich
    [2012/02/17 06:45:52 | 000,000,000 | R--D | C] -- C:\Users\The Perrrys\Dropbox
    [2012/02/17 06:43:10 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2012/02/17 06:42:12 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\AppData\Roaming\Dropbox
    [2012/02/12 17:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
    [2012/02/11 13:58:06 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Desktop\Holiday - for slideshow
    [2012/02/10 22:42:59 | 000,000,000 | ---D | C] -- C:\Users\The Perrrys\Desktop\Holiday Original
    [2012/02/10 15:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
    [1 C:\Users\The Perrrys\Desktop\*.tmp files -> C:\Users\The Perrrys\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/01 16:09:59 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\The Perrrys\Desktop\OTL.exe
    [2012/03/01 15:55:05 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-513904107-2587497094-3204873482-1000UA.job
    [2012/03/01 15:54:40 | 000,610,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/01 15:54:40 | 000,110,146 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/01 15:47:22 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/01 15:47:22 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/01 15:47:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/01 15:46:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/01 15:46:48 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/01 15:43:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/03/01 15:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/01 14:17:56 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\The Perrrys\Desktop\OTM.exe
    [2012/03/01 11:55:13 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-513904107-2587497094-3204873482-1000Core.job
    [2012/02/29 14:15:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\The Perrrys\Desktop\esetsmartinstaller_enu.exe
    [2012/02/29 13:55:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/29 13:13:42 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012/02/29 12:33:08 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/28 21:54:54 | 000,006,080 | ---- | M] () -- C:\Users\The Perrrys\AppData\Local\d3d9caps.dat
    [2012/02/27 14:51:37 | 000,535,235 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/02/27 12:29:48 | 000,002,587 | ---- | M] () -- C:\Users\The Perrrys\Desktop\Microsoft Office Word 2007.lnk
    [2012/02/27 12:19:23 | 000,000,594 | ---- | M] () -- C:\Users\The Perrrys\Desktop\scrfix_vista.zip
    [2012/02/27 10:23:40 | 000,015,590 | ---- | M] () -- C:\Users\The Perrrys\Desktop\Chennel Desk.jpg
    [2012/02/27 08:13:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\The Perrrys\Desktop\dds.scr
    [2012/02/27 07:56:28 | 000,302,592 | ---- | M] () -- C:\Users\The Perrrys\Desktop\58bfqs9w.exe
    [2012/02/27 07:37:54 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/27 07:37:04 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Perrrys\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/24 14:39:54 | 000,622,194 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
    [2012/02/19 17:23:41 | 000,218,624 | ---- | M] () -- C:\Users\The Perrrys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/19 16:39:01 | 000,000,776 | ---- | M] () -- C:\Users\The Perrrys\Desktop\peerblock.exe - Shortcut.lnk
    [2012/02/19 11:09:48 | 003,870,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/17 21:57:04 | 000,002,072 | ---- | M] () -- C:\Users\The Perrrys\Desktop\Google Chrome.lnk
    [2012/02/17 21:57:04 | 000,002,034 | ---- | M] () -- C:\Users\The Perrrys\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/02/17 06:45:52 | 000,000,947 | ---- | M] () -- C:\Users\The Perrrys\Desktop\Dropbox.lnk
    [2012/02/09 08:49:41 | 000,000,000 | -H-- | M] () -- C:\Users\The Perrrys\Documents\Default.rdp
    [2012/02/06 07:12:23 | 000,234,309 | ---- | M] () -- C:\Users\The Perrrys\Desktop\Letter e-migration to Perry1.pdf
    [1 C:\Users\The Perrrys\Desktop\*.tmp files -> C:\Users\The Perrrys\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/29 13:22:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/29 13:22:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/29 13:22:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/29 13:22:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/29 13:22:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/29 12:33:08 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/02/29 12:31:17 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/27 12:19:36 | 000,001,738 | ---- | C] () -- C:\Users\The Perrrys\Desktop\scrfix_vista.reg
    [2012/02/27 12:19:22 | 000,000,594 | ---- | C] () -- C:\Users\The Perrrys\Desktop\scrfix_vista.zip
    [2012/02/27 11:19:47 | 000,001,608 | ---- | C] () -- C:\Users\The Perrrys\Desktop\xp_scr_fix.reg
    [2012/02/27 10:23:39 | 000,015,590 | ---- | C] () -- C:\Users\The Perrrys\Desktop\Chennel Desk.jpg
    [2012/02/27 07:56:24 | 000,302,592 | ---- | C] () -- C:\Users\The Perrrys\Desktop\58bfqs9w.exe
    [2012/02/27 07:37:54 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/26 20:20:58 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
    [2012/02/19 16:39:01 | 000,000,776 | ---- | C] () -- C:\Users\The Perrrys\Desktop\peerblock.exe - Shortcut.lnk
    [2012/02/17 06:45:52 | 000,000,947 | ---- | C] () -- C:\Users\The Perrrys\Desktop\Dropbox.lnk
    [2012/02/10 15:32:34 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012/02/09 08:49:41 | 000,000,000 | -H-- | C] () -- C:\Users\The Perrrys\Documents\Default.rdp
    [2012/02/06 07:12:20 | 000,234,309 | ---- | C] () -- C:\Users\The Perrrys\Desktop\Letter e-migration to Perry1.pdf
    [2012/01/21 12:08:31 | 000,001,057 | ---- | C] () -- C:\Users\The Perrrys\AppData\Roaming\vso_ts_preview.xml
    [2012/01/21 11:42:10 | 000,000,041 | -H-- | C] () -- C:\Windows\System32\swk.ini
    [2011/12/05 14:41:54 | 000,001,395 | ---- | C] () -- C:\Windows\APDFPRP.INI
    [2011/11/16 08:37:04 | 000,000,000 | ---- | C] () -- C:\Users\The Perrrys\AppData\Local\{489C6A10-1DD1-4642-9198-DFD9909F0B7B}
    [2011/09/26 10:30:20 | 000,000,000 | ---- | C] () -- C:\Users\The Perrrys\AppData\Roaming\bibstats
    [2011/08/26 09:39:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/07/22 16:11:35 | 000,001,182 | ---- | C] () -- C:\ProgramData\jaksta.smr.lic
    [2011/06/08 16:01:54 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2011/06/08 16:01:54 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2011/05/27 16:37:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2011/05/07 16:10:55 | 000,000,145 | ---- | C] () -- C:\Users\The Perrrys\AppData\Roaming\burnaware.ini
    [2011/03/21 16:51:46 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
    [2011/03/21 16:51:45 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
    [2011/03/21 16:51:45 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
    [2011/03/21 16:51:45 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
    [2011/03/09 20:29:35 | 000,001,456 | ---- | C] () -- C:\Users\The Perrrys\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/02/11 08:32:01 | 000,130,805 | ---- | C] () -- C:\Windows\hpoins18.dat
    [2011/02/11 08:31:52 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
    [2010/12/05 06:41:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/12/05 06:41:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/09/09 04:14:31 | 000,006,080 | ---- | C] () -- C:\Users\The Perrrys\AppData\Local\d3d9caps.dat
    [2010/09/08 02:12:43 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2010/08/28 09:34:11 | 000,218,624 | ---- | C] () -- C:\Users\The Perrrys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/25 07:15:00 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin

    ========== LOP Check ==========

    [2011/03/10 13:17:14 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\4Media
    [2011/08/17 09:53:56 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Ashampoo
    [2011/10/17 11:59:26 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\AVG
    [2011/01/08 06:46:40 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\avidemux
    [2012/02/26 19:48:33 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\BitTorrent
    [2011/05/07 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Canneverbe Limited
    [2011/08/24 07:09:52 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/02/18 09:51:21 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Dropbox
    [2010/09/25 04:27:58 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\FloodLightGames
    [2011/06/07 12:19:02 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\GARMIN
    [2012/02/22 15:12:25 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\GetRightToGo
    [2010/12/22 04:18:25 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\HamsterSoft
    [2011/11/10 08:46:21 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Image Zone Express
    [2011/05/03 16:09:27 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\InfraRecorder
    [2012/01/20 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\MAGIX
    [2010/09/17 08:48:13 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Nokia
    [2010/10/12 06:17:35 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Nseries
    [2010/09/26 23:47:55 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\PC Suite
    [2012/01/09 17:04:31 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\PearlMountainSoft
    [2011/02/11 15:18:29 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Printer Info Cache
    [2011/06/08 16:01:21 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Samsung
    [2012/02/19 10:34:23 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Sigwich
    [2011/04/30 08:26:47 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012/01/21 15:43:28 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Vso
    [2011/02/06 23:56:09 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\Wclock
    [2010/09/24 11:39:55 | 000,000,000 | ---D | M] -- C:\Users\The Perrrys\AppData\Roaming\WildTangent
    [2012/03/01 15:43:46 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2009/03/11 01:15:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2009/03/11 01:15:17 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2009/03/11 01:15:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/10 13:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/10 13:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2009/03/11 01:15:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/20 18:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/04/10 13:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/10 13:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/20 18:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:C10F9B26

    < End of report >
     
  15. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    OTL - Extras.txt

    OTL Extras logfile created on: 2012/03/01 04:12:57 PM - Run 1
    OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\The Perrrys\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

    2.90 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 60.83% Memory free
    6.05 Gb Paging File | 5.07 Gb Available in Paging File | 83.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.45 Gb Total Space | 31.27 Gb Free Space | 14.06% Space Free | Partition Type: NTFS
    Drive D: | 10.44 Gb Total Space | 1.79 Gb Free Space | 17.12% Space Free | Partition Type: NTFS

    Computer Name: LYLEPERRY | User Name: The Perrrys | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{4215F886-F15A-4389-ADDD-1B4C0F31561D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{4248C03B-CB81-4BD1-8CC3-7E4ED388DCE8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8F219C14-38D6-4018-B876-8560906B96F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B4F9BB9-927B-464A-B641-5BDE3886C6EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{0B850CEE-D909-426B-9AB3-5FE9F1B5B89D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{0F547503-2B3A-4B6F-B8FE-06C10ACBFC4B}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{11A798EE-AEB3-4360-88E5-7E2443463F72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{143B5829-EC12-4C62-8597-F12D2C72CE06}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
    "{1D91FBD5-29B1-44C5-A35C-299D0E39AAEE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{1E1CD409-186E-4A23-95B0-3A31F5C9A784}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{272D39B2-F0FF-4967-B3A5-D96B5B9A5028}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{2AAD4760-4C2A-4457-8EDC-DE54D6D46715}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{308EACE1-F592-4985-9883-DFA0AEF659E5}" = protocol=6 | dir=in | app=c:\users\the perrrys\appdata\roaming\dropbox\bin\dropbox.exe |
    "{33DEA078-566A-4FA8-8F22-80FBAE00639E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{3E1BBBB0-992F-4E13-99B0-FACE471996A5}" = protocol=17 | dir=in | app=c:\users\the perrrys\appdata\roaming\dropbox\bin\dropbox.exe |
    "{4A9FE30A-DA0D-4748-97D3-7CD70C57FEB0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{5EE85243-237B-4DDC-874F-7264BC354369}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{634EC3C1-E0EB-4A54-88D1-7542641F4A80}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{67843EDA-1CDF-4B10-B396-F8D02FDBA422}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{683E9DC9-8F97-40FA-83C3-4E8243E74ACC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{6910EBFF-9CE5-4517-BFC4-C2905B12D8B2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{6D5D2EB3-266E-4ABC-912B-78C147482997}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
    "{6EDB7349-CAEE-484D-B0E0-9115418CBEF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{80F05717-21D8-46FB-BEBC-814B7F404216}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{82808FD1-3AB1-4A7E-B26F-FFA9B2787231}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{885D5915-C0AC-4E57-95AF-92FB72F2D6B7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{9246E240-60AA-440C-8A9C-6FCA2D441050}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{9B6BA253-22E4-4BF5-9D45-310D6CD4EC08}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9B8E7DD2-47F0-4F5B-B989-E1E758D00A82}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
    "{A18BCDAD-DA05-450D-BA20-1D692B07EE67}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A58F2801-2E62-4F00-8322-A36D3891A2CA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{A605928B-19EF-4F72-9A6C-0344738E8BEF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{A6CE3B2D-7AAF-461C-95C7-B9E81E288D1F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{A9014B98-1F27-4E73-B074-87B8E2CF3BE9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{AB08D8C4-52F4-468A-A5EA-3CBA55504449}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{B53224A7-F69B-4096-8D31-E14FB77663FF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{BF8C838E-360F-4729-92D2-593B0E9B0A40}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C6EB85C9-B5C7-434A-A9AD-1B4E154C3AE2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{D0E6CA2D-6DFB-4668-A379-BA2853926DD4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{E6880304-38CF-486E-9716-0C34074B9824}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
    "{EFB10F9F-7DD3-4B3F-9B26-68AB20BEFFFC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{F3218FA8-8F6A-4B6A-A326-513AFB551EB1}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
    "TCP Query User{0402FA5C-797C-43ED-A27B-D76BB340D6D8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
    "TCP Query User{107C0061-5333-4216-A9FB-1B4F8380D420}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{249E4730-9AD8-4825-AB79-D38FB1466D3A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{274557CD-92DF-48AC-85BE-F03BD3976921}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
    "TCP Query User{5BFCF961-6304-43F9-92D3-34B3FB405312}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
    "TCP Query User{870DF8A6-C23E-431B-959A-BD7016907C57}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{A5CF8BDC-7EF5-424B-929D-33B1E8A0AC39}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{AE5F0BB4-D4EA-4534-87BA-8F19633A32CE}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "TCP Query User{B18AB9AF-DE73-4DE7-8CB8-5E90A86D3199}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "TCP Query User{B816283C-7A0E-41AD-A71D-4DA8A82A474D}C:\users\the perrrys\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\the perrrys\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{C75C8C25-F6D4-4B3F-810C-8B90D43CE245}C:\users\the perrrys\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\the perrrys\appdata\local\google\chrome\application\chrome.exe |
    "TCP Query User{ECAF76DE-8B8B-4DF1-8544-EDBEF026D3A6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
    "TCP Query User{F14C64D3-C43F-4C48-A5DF-AD44EB212177}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{F6C2BE21-0D04-43C4-945A-C73EDD9BB368}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
    "UDP Query User{1B22898C-E8BB-4992-835B-85FBFEC33206}C:\users\the perrrys\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\the perrrys\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{2C50D815-0929-40E5-BD88-46A64106FB7B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{398009A5-BA07-453B-9BE0-E0A06B94AC82}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "UDP Query User{3DEB5758-41E6-4568-A594-F6963B7C132F}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
    "UDP Query User{50622E60-A626-47AB-8F21-0A8D15E5A569}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{5B01A376-9E39-49D6-AC02-D07C77DA87D9}C:\users\the perrrys\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\the perrrys\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{701E5CD3-6EAD-4DAD-8D03-509F1B31BF82}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{A16F0959-7305-46B7-AD76-8D5A46758233}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
    "UDP Query User{A2FC49D7-7B34-446C-895E-95292E7EA474}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
    "UDP Query User{A90641D4-4919-45B6-98F9-C405A6E63294}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
    "UDP Query User{B6C4EE00-A276-404B-A600-6B5AF862833F}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
    "UDP Query User{CF03C101-A971-4F79-A431-E13304EC011A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{E1865344-823D-4679-9BE0-41717BFE8B97}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
    "UDP Query User{F511F5A4-ED43-474F-BF73-C6C430117359}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{150C6C87-D187-4105-BF7A-090378D7AE2A}" = Nokia Ovi Suite
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
    "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
    "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{4099FB98-FA37-4B4E-9C81-39EE0B3CDE85}" = MAGIX Speed burnR (MSI)
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
    "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
    "{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{66120AC1-2B4A-4BD4-8D3C-7BC30FD5A5C4}" = MAGIX Screenshare
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 3.2.0
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
    "{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{88F3FD61-6C98-4E1E-8E0D-BF6C24A5C734}" = MAGIX Photo Manager 10
    "{8FFCC4F5-6ED0-4814-8C8F-84D7F4857DC8}" = MAGIX PhotoStory on CD & DVD 10 Deluxe Download Version
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
    "{B0B49C20-D2D1-437B-80F0-C2298F5DCD2B}" = Nokia Photos
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}" = Nokia Music
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C505742A-0F8E-467B-8763-31588A777BC2}" = Garmin City Navigator North America NT 2011.30 Update
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C7CDB2AC-A0AB-4D83-B046-187E24D9EA68}" = Nokia Ovi System Utilities
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E17EDD14-5230-452A-82D1-041780DF822F}_is1" = Sigwich version 1.0
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
    "{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
    "AVG Secure Search" = AVG Security Toolbar
    "BitTorrent" = BitTorrent
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Digital Editions" = Adobe Digital Editions
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Fotosizer" = Fotosizer 1.32
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Battery Check" = HP Battery Check
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
    "MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
    "MAGIX_MSI_Fotos_auf_CD_DVD_10_Dlx" = MAGIX PhotoStory on CD & DVD 10 Deluxe Download Version
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Matroska Pack" = Matroska Pack
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
    "NeoGo Datacard" = NeoGo Datacard
    "Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
    "Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
    "Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
    "Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3014
    "RealPlayer 12.0" = RealPlayer
    "Samsung Universal Print Driver" = Samsung Universal Print Driver
    "Softonic-Canada_ Toolbar" = Softonic-Canada_ Toolbar
    "SopCast" = SopCast 3.3.2
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TVUPlayer" = TVUPlayer 2.5.3.1
    "Veetle TV" = Veetle TV 0.9.18
    "VideoCutter_is1" = Kate's Video Cutter
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 1.1.9
    "Wclock" = Wclock
    "WildTangent hp Master Uninstall" = My HP Games
    "Winamp" = Winamp
    "WinPcapInst" = WinPcap 4.1.1
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 4.8.0.723
    "UnityWebPlayer" = Unity Web Player
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2012/02/28 12:35:38 AM | Computer Name = LylePerry | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10748

    Error - 2012/02/29 01:54:32 AM | Computer Name = LylePerry | Source = Application Error | ID = 1000
    Description = Faulting application WINWORD.EXE, version 12.0.6425.1000, time stamp
    0x49d64d22, faulting module hpz3r4v2.dll, version 61.63.249.0, time stamp 0x45c2d639,
    exception code 0xc0000005, fault offset 0x00046078, process id 0xe80, application
    start time 0x01ccf5aeaeacf572.

    Error - 2012/02/29 04:15:40 PM | Computer Name = LylePerry | Source = Application Error | ID = 1000
    Description = Faulting application avgmfapx.exe, version 12.0.0.1912, time stamp
    0x4f1ecb9b, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
    exception code 0xe06d7363, fault offset 0x0003fc56, process id 0x1244, application
    start time 0x01ccf71edfa9ea20.

    Error - 2012/02/29 04:25:21 PM | Computer Name = LylePerry | Source = WinMgmt | ID = 10
    Description =

    Error - 2012/02/29 04:39:31 PM | Computer Name = LylePerry | Source = WinMgmt | ID = 10
    Description =

    Error - 2012/02/29 05:14:36 PM | Computer Name = LylePerry | Source = WinMgmt | ID = 10
    Description =

    Error - 2012/02/29 05:35:03 PM | Computer Name = LylePerry | Source = WinMgmt | ID = 10
    Description =

    Error - 2012/02/29 05:56:06 PM | Computer Name = LylePerry | Source = WinMgmt | ID = 10
    Description =

    Error - 2012/03/01 12:05:08 AM | Computer Name = LylePerry | Source = Windows Search Service | ID = 3006
    Description =

    Error - 2012/03/01 12:05:08 AM | Computer Name = LylePerry | Source = Windows Search Service | ID = 3007
    Description =

    [ OSession Events ]
    Error - 2011/05/02 05:33:43 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011/05/17 02:02:52 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011/05/18 05:13:34 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011/05/23 12:45:15 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 600100
    seconds with 9960 seconds of active time. This session ended with a crash.

    Error - 2011/05/25 11:41:46 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011/05/26 06:07:08 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011/06/07 02:58:35 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2570
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011/06/07 06:53:41 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24756
    seconds with 780 seconds of active time. This session ended with a crash.

    Error - 2011/06/09 09:59:58 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2011/08/06 12:09:03 PM | Computer Name = ThePerrrys | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 259053
    seconds with 24960 seconds of active time. This session ended with a crash.


    < End of report >
     
  16. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    sc query bits

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation. All rights reserved.

    C:\Users\The Perrrys>sc query bits

    SERVICE_NAME: bits
    TYPE : 20 WIN32_SHARE_PROCESS
    STATE : 4 RUNNING
    (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x0
    WAIT_HINT : 0x0

    C:\Users\The Perrrys>
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please give me an update on the system. Are you having any problems? Has anything changed since I had you run the fixes?
    I would like for you to run the Eset scan again- not OTM, but the scan itself.

    Also this scan:
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    By the way, you were suppose to temporarily uninstall AVG before running Combofix. However, since the AWG Firewall is still enabled, it appears you did not use the AppRemover. Please note that when directions specify to disable or remove security before running scan, it's because the security can affect the results in the scan if it's running.
    You don't need to send a 2 day PM reminder.
     
  18. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    Haven't really been using the computer since the virus (using my wife`s one)...don't want any important personal info to be "stolen", especially when I am only using Security Essentials and you told me what this trojan can potentially do.
    Will use it tomorrow and see how it seems and report back to you. The only real operational issues I was having was AVG constantly telling me it found a trojan&being unable to remove most of them and random re-directing of websites (I open up a website and it takes me to a completely different site to the one I selected to go to).
    I will nevertheless report back on how it is going now.

    I have read so many people not following instructions and I make sure I do what you say. I did uninstall AVG using the ApprRemover you instructed, prior to running ComboFix. It seemed to be removed sucessfully and I installed Microsoft Security Essentials as a temporary AV. I am following your instructions to the tee. I am not sure why it indicates to you (I am assuming it does) that AVG is still there.
    What should I do about the AVG?
    I just ran AppRemover again and it didn`t find AVG. I then also ran the `clean up failed uninstall` selection in the AppRemover and it didn`t find anything. So not sure what is going on with the AVG...any suggestions?

    Eset and CK Scanner logs to follow once completed.
     
  19. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    Eset still found 8 threats. Log below:

    C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir a variant of Win32/Rootkit.Kryptik.JV trojan
    C:\_OTM\MovedFiles\03012012_142004\C_Users\The Perrrys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6a1afde2-66a40ab8 a variant of Java/Exploit.CVE-2011-3544.AV trojan
    C:\_OTM\MovedFiles\03012012_142004\C_Users\The Perrrys\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111017124817065.rsc a variant of Win32/InstallCore.D application
    C:\_OTM\MovedFiles\03012012_142004\C_Users\The Perrrys\Downloads\cnet2_easydvd_download_com_exe.exe a variant of Win32/InstallCore.D application
    C:\_OTM\MovedFiles\03012012_142004\C_Users\The Perrrys\Downloads\cnet_vfcssetup_exe.exe a variant of Win32/InstallCore.D application
    C:\_OTM\MovedFiles\03012012_142004\C_Users\The Perrrys\Downloads\fsSetup132.exe Win32/Adware.Toolbar.Dealio application
    C:\_OTM\MovedFiles\03012012_142004\C_Windows\System32\drivers\dfsc.sys a variant of Win32/Rootkit.Kryptik.JV trojan
    C:\_OTM\MovedFiles\03012012_142004\C_Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys a variant of Win32/Rootkit.Kryptik.JV trojan

    -----------------------


    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\users\the perrrys\downloads\garmin_nuvi_gps_-_map_of_north_america_2009_keygen_510921.rar.zip
    c:\users\the perrrys\downloads\city_navigator_north_america_2011.30mapsource_6.16.3_\garmin_keygen_v1.5.exe
    c:\users\the perrrys\downloads\city_navigator_north_america_2011.30mapsource_6.16.3_\city navigator north america nt 2011.30.gmap\tutoriel_keygen.doc
    c:\users\the perrrys\downloads\magix.photostory.on.cd.and.dvd.deluxe.v10.0.3.2-equinox\crack\fotos_dlx.exe
    c:\users\the perrrys\downloads\magix.photostory.on.cd.and.dvd.deluxe.v10.0.3.2-equinox\crack\original exe\fotos_dlx.exe
    c:\users\the perrrys\lyle\misc\samsung coby_bjagad\softwares\cracked screen_bjagad.jar
    scanner sequence 3.FN.11.HRLBFA
    ----- EOF -----
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    None of the Eset entries are active. Qoobox is where Combofix sends it's quarantined files. OTM is the program you ran to remove the last entries.

    You have pirated programs:
    c:\users\the perrrys\downloads\garmin_nuvi_gps_-_map_of_north_america_2009_keygen_510921.rar.zip
    c:\users\the perrrys\downloads\city_navigator_north_america_2011.30mapsource_6.16.3_\gar min_keygen_v1.5.exe
    c:\users\the perrrys\downloads\city_navigator_north_america_2011.30mapsource_6.16.3_\cit y navigator north america nt 2011.30.gmap\tutoriel_keygen.doc

    They are most likely the reason for the malware. All pirated material will have to be removed to continue. I do not support piracy
     
  21. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    Items removed. Those items are fairly old. Not sure they are what caused the issue.

    Ok, I understand what you mean about the Eset entries.

    On the performance side, laptop seems good. No re-directs on websites and Security Essentials doesn't seem to be finding any Trojans or problems.

    Can I re-install AVG and see if it picks up the trojans?
    Or is there something else I should do before this?
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Jack, if Eset didn't find any new entries, it's unlikely that AVG will>>>> unless malware was put on the system in the week since you ran the Eset scan.

    Let's run some quick scans:
    Download CKScanner and save to your desktop.

    Directions are in previous post.

    Run the Eset scan, update first then rerun.
    =====================================
    It still appears that there is some problems with the NetServs, so we need to check that. Do you know if the EasyBits Magic Desktop actually disables any Services so th kids can't use them?

    Please download Farbar Service Scanner
    • Check ALL boxes to include all files.
    • Press the Scan button
    • Log named FSS.txt will be created in the same directory as the tool
    • Please paste the log into your next reply
    ======================================
    And last scan: First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
  23. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    CKScanner:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\users\the perrrys\lyle\misc\samsung coby_bjagad\softwares\cracked screen_bjagad.jar
    scanner sequence 3.AA.11.WMABVF
    ----- EOF -----


    Fabar:

    Farbar Service Scanner Version: 01-03-2012
    Ran by The Perrrys (administrator) on 12-03-2012 at 11:59:32
    Running from "C:\Users\The Perrrys\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2012-02-18 11:24] - [2011-09-20 14:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****

    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:04:53 PM, on 2012/03/12
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Windows\system32\mstsc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://remote.nursenextdoor.com/RDWeb/Pages/en-US/login.aspx?ReturnUrl=default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=91&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_za&c=91&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SigWebMailIE8 - {7293F213-FF03-434B-820F-6A3842F77C3C} - C:\Program Files\Sigwich\Sigwich 1.0\SigWebMailIE8.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Softonic-Canada_ - {afffc28e-48d0-4bf5-92dd-4f74a082e9fb} - C:\Program Files\Softonic-Canada_\prxtbSoft.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [Wclock] C:\Program Files\Wclock\Wclock.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/components/hidinputmonitorx.ocx
    O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/components/A9.ocx
    O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/components/wmvhdrating.ocx
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\Windows\System32\SUPDSvc.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

    --
    End of file - 11361 bytes


    Regarding Netservs and Easybits Magic Desktop: I didn't even know that was there. It can be deleted if it is causing hassles. And I don't think it actually disables any services.
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- I need to move a file:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
      tcpip.sys
      NetBT.*
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    ==================================
    Reopen HijackThis to 'do system scan only'. Check each of the following if present:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cnnb


    Close all Windows except HijackThis and click on "Fix All"
    ==================================
    Go ahead with both of these:
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader> Adobe Reader Update
    Java(TM) 6 > Current is v6u31> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
    ==================================
    Please leave System Look in next reply.

    When we finish, if you don't use the EasyBits/Magic Desktop, you should uninstall it and delete the program folder.
     
  25. Jack Johnson

    Jack Johnson TS Rookie Topic Starter Posts: 22

    SystemLook 30.07.11 by jpshortstuff
    Log created at 15:38 on 12/03/2012 by The Perrrys
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "tcpip.sys"
    C:\Windows\System32\drivers\tcpip.sys --a---- 913280 bytes [18:24 18/02/2012] [21:02 20/09/2011] 16731B631F28F63CD9F4CB60940E7DDD
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys --a---- 891448 bytes [02:25 21/01/2008] [02:25 21/01/2008] FC6E2835D667774D409C7C7021EAF9C4
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys --a---- 891448 bytes [09:05 11/03/2009] [09:05 11/03/2009] 82E266BEE5F0167E41C6ECFDD2A79C02
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys --a---- 897608 bytes [02:39 02/03/2011] [17:07 14/08/2009] 8A7AD2A214233F684242F289ED83EBC3
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys --a---- 898952 bytes [02:23 02/03/2011] [15:59 16/06/2010] 782568AB6A43160A159B6215B70BCCE9
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys --a---- 891448 bytes [09:05 11/03/2009] [09:05 11/03/2009] 01EC1E92595F839BEE70D439C46796E3
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys --a---- 900168 bytes [02:39 02/03/2011] [17:01 14/08/2009] 2608E71AAD54564647D4BB984E1925AA
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys --a---- 902024 bytes [20:30 29/02/2012] [17:03 05/04/2010] A6A02EF5B5E40FBD31A1ADC577DA54BB
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys --a---- 902032 bytes [02:23 02/03/2011] [15:55 16/06/2010] 6216A954ED7045B62880A92D6C9B9FC7
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys --a---- 897000 bytes [14:41 05/12/2010] [21:33 10/04/2009] 0E6B0885C3D5E4643ED2D043DE3433D8
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys --a---- 904776 bytes [02:39 02/03/2011] [16:27 14/08/2009] 65877AA1B6A7CB797488E831698973E9
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys --a---- 905088 bytes [02:23 02/03/2011] [16:04 16/06/2010] A474879AFA4A596B3A531F3E69730DBF
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys --a---- 905088 bytes [18:24 18/02/2012] [21:02 20/09/2011] 814A1C66FBD4E1B310A517221F1456BF
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys --a---- 905784 bytes [02:39 02/03/2011] [16:33 14/08/2009] FF71856BD4CD6D4367F9FD84BE79A874
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys --a---- 910208 bytes [20:30 29/02/2012] [20:00 05/04/2010] CC9993701AC57F995554C696DDA49C12
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys --a---- 912776 bytes [02:23 02/03/2011] [16:39 16/06/2010] 6A10AFCE0B38371064BE41C1FBFD3C6B
    C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys --a---- 913280 bytes [18:24 18/02/2012] [21:02 20/09/2011] 16731B631F28F63CD9F4CB60940E7DDD
    C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys --a---- 813568 bytes [02:39 02/03/2011] [14:24 14/08/2009] 300208927321066EA53761FDC98747C6
    C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys --a---- 816640 bytes [02:39 02/03/2011] [21:30 15/08/2009] 2512B4D1353370D6688B1AF1F5AFA1CF

    Searching for "NetBT.*"
    C:\Windows\System32\drivers\netbt.sys --a---- 185856 bytes [14:41 05/12/2010] [19:45 10/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [14:41 05/12/2010] [19:45 10/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6

    -= EOF =-



    Followed your instructions on HIjackthis. Uninstalled old versions & re-installed the latest versions of both adobe and java.

    That easybits program is nowhere to be found in Programs& Features in the control panel, nor it is on my desktop or start-menu. It is only located on C:\programfiles\easybitsforkids\promo
    It seems like it is not installed as there is an exe file there which when executed, allows for installation of the program. Can I just delete that folder out program files? Or is there some other way I should/can delete it?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...