Jump to content

was infected, still having problems with updates and dxdiag.exe


Recommended Posts

My original post describing problems:

http://forums.malwarebytes.org/index.php?showtopic=66709

Defogger log attached

The GMER log was blank.

DDS log is as Follows:

DDS (Ver_10-11-05.01) - NTFS_AMD64

Run by mike at 13:24:29.39 on Fri 11/05/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1866 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\mike\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\mike\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery"

UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

StartupFolder: C:\Users\mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mike\AppData\Roaming\Dropbox\bin\Dropbox.exe

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File

TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

mRun-x64: [igfxTray] C:\Windows\system32\igfxtray.exe

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-11-3 121936]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-11-3 20048]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-11-3 61008]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-3 40384]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-24 292864]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-26 138752]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-28 215040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-17 216064]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-1 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-11-03 08:31:34 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-11-03 08:31:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-11-03 07:25:35 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2010-11-03 07:25:09 38848 ----a-w- C:\Windows\avastSS.scr

2010-11-02 10:06:03 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2010-11-02 10:06:03 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2010-11-02 10:04:26 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-11-02 09:55:00 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C49F422C-72FC-4CAC-AFD3-434DC4B88699}\mpengine.dll

2010-11-02 02:05:02 -------- d-----w- C:\Windows\SysWow64\Wat

2010-11-02 02:05:02 -------- d-----w- C:\Windows\System32\Wat

2010-11-02 01:59:09 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2010-11-02 01:55:58 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2010-11-02 01:55:58 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2010-11-02 01:49:15 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2010-11-02 01:47:39 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2010-11-02 01:47:39 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2010-11-02 01:47:39 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2010-11-02 01:47:39 444752 ----a-w- C:\Windows\System32\mscoree.dll

2010-11-02 01:47:39 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2010-11-02 01:47:39 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2010-11-02 01:47:39 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2010-11-02 01:47:39 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2010-11-02 01:47:39 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2010-11-02 01:47:39 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2010-11-02 01:01:28 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2010-11-02 01:01:27 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

2010-11-02 01:01:27 2085376 ----a-w- C:\Windows\System32\ole32.dll

2010-11-02 01:01:27 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll

2010-11-02 01:01:26 2870272 ----a-w- C:\Windows\explorer.exe

2010-11-02 01:01:25 2614272 ----a-w- C:\Windows\SysWow64\explorer.exe

2010-11-02 01:01:24 389632 ----a-w- C:\Windows\System32\winlogon.exe

2010-11-02 01:01:07 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-11-02 01:01:07 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-11-02 01:01:01 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2010-11-02 01:01:00 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-11-02 00:59:44 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2010-11-02 00:59:44 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2010-11-02 00:59:44 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2010-11-02 00:59:32 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-11-02 00:59:32 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-11-02 00:59:21 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2010-11-02 00:59:20 612352 ----a-w- C:\Windows\System32\vbscript.dll

2010-11-02 00:59:20 427520 ----a-w- C:\Windows\SysWow64\vbscript.dll

2010-11-02 00:58:28 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2010-11-02 00:58:28 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2010-11-02 00:58:22 84992 ----a-w- C:\Windows\System32\asycfilt.dll

2010-11-02 00:58:22 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll

2010-11-02 00:57:10 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2010-11-02 00:57:10 46080 ----a-w- C:\Windows\System32\atmlib.dll

2010-11-02 00:57:10 366080 ----a-w- C:\Windows\System32\atmfd.dll

2010-11-02 00:57:10 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2010-11-02 00:57:10 293888 ----a-w- C:\Windows\SysWow64\atmfd.dll

2010-11-02 00:57:10 100864 ----a-w- C:\Windows\System32\fontsub.dll

2010-11-02 00:56:40 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-11-02 00:56:40 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-11-02 00:56:40 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-11-02 00:56:40 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-11-02 00:56:40 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-11-02 00:56:22 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-10-27 02:28:51 -------- d-----w- C:\Users\mike\AppData\Roaming\Malwarebytes

2010-10-27 02:28:40 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-10-27 02:28:40 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-10-26 12:43:58 -------- d-----w- C:\Users\mike\AppData\Local\{6F8B1001-E04C-4285-9498-560232F5AD2D}

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-26 02:44:56 223768 ----a-w- C:\Windows\System32\igfxext.exe

2010-08-26 02:44:54 386584 ----a-w- C:\Windows\System32\SETCAC3.tmp

2010-08-26 02:44:54 386584 ----a-w- C:\Windows\System32\SETB3FA.tmp

2010-08-26 02:44:54 386584 ----a-w- C:\Windows\System32\SETAA2C.tmp

2010-08-26 02:44:54 386584 ----a-w- C:\Windows\System32\SETA6F4.tmp

2010-08-26 02:44:54 386584 ----a-w- C:\Windows\System32\SET9889.tmp

2010-08-26 02:44:54 386584 ----a-w- C:\Windows\System32\SET65F9.tmp

2010-08-26 02:44:54 386584 ----a-w- C:\Windows\System32\SET1649.tmp

2010-08-26 02:44:52 3156504 ----a-w- C:\Windows\System32\GfxUI.exe

2010-08-26 02:44:48 152600 ----a-w- C:\Windows\System32\difx64.exe

2010-08-26 02:40:48 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2202.dll

2010-08-26 02:36:04 10611552 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2010-08-26 02:36:02 6547968 ----a-w- C:\Windows\System32\igdumd64.dll

2010-08-26 02:34:30 982240 ----a-w- C:\Windows\SysWow64\igkrng500.bin

2010-08-26 02:34:30 982240 ----a-w- C:\Windows\System32\igkrng500.bin

2010-08-26 02:34:30 92356 ----a-w- C:\Windows\SysWow64\igfcg500m.bin

2010-08-26 02:34:30 92356 ----a-w- C:\Windows\System32\igfcg500m.bin

2010-08-26 02:34:30 439308 ----a-w- C:\Windows\SysWow64\igcompkrng500.bin

2010-08-26 02:34:30 439308 ----a-w- C:\Windows\System32\igcompkrng500.bin

2010-08-26 02:31:30 4967424 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2010-08-26 02:28:22 571904 ----a-w- C:\Windows\SysWow64\igdumdx32.dll

2010-08-26 02:26:32 4720128 ----a-w- C:\Windows\System32\igd10umd64.dll

2010-08-26 02:23:14 4411904 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2010-08-26 02:17:38 15032832 ----a-w- C:\Windows\System32\ig4icd64.dll

2010-08-26 02:09:34 11040256 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2010-08-26 02:04:48 380416 ----a-w- C:\Windows\System32\igfxTMM.dll

2010-08-26 02:04:48 243200 ----a-w- C:\Windows\System32\igfxpph.dll

2010-08-26 02:04:40 27648 ----a-w- C:\Windows\System32\igfxexps.dll

2010-08-26 02:04:28 61952 ----a-w- C:\Windows\System32\igfxsrvc.dll

2010-08-26 02:04:00 108032 ----a-w- C:\Windows\System32\hccutils.dll

2010-08-26 02:03:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2010-08-26 02:03:50 271360 ----a-w- C:\Windows\System32\igfxdev.dll

2010-08-26 02:03:50 119808 ----a-w- C:\Windows\System32\gfxSrvc.dll

2010-08-26 02:03:24 87552 ----a-w- C:\Windows\System32\SETCB52.tmp

2010-08-26 02:03:24 87552 ----a-w- C:\Windows\System32\SETB43A.tmp

2010-08-26 02:03:24 87552 ----a-w- C:\Windows\System32\SETB2A6.tmp

2010-08-26 02:03:24 87552 ----a-w- C:\Windows\System32\SETA792.tmp

2010-08-26 02:03:24 87552 ----a-w- C:\Windows\System32\SET9975.tmp

2010-08-26 02:03:24 87552 ----a-w- C:\Windows\System32\SET68B9.tmp

2010-08-26 02:03:24 87552 ----a-w- C:\Windows\System32\SET16C8.tmp

2010-08-26 02:03:18 830464 ----a-w- C:\Windows\System32\igfxress.dll

2010-08-26 02:03:18 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2010-08-26 02:00:00 23552 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2010-08-26 01:59:06 228864 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2010-08-26 01:52:00 208896 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2010-08-26 01:52:00 205824 ----a-w- C:\Windows\System32\iglhsip64.dll

2010-08-26 01:52:00 187392 ----a-w- C:\Windows\System32\iglhcp64.dll

2010-08-26 01:52:00 143360 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dl

Attach.zip

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to the Malwarebytes Forum . :D

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

64bit Operating System Advice:

Your log shows signs that this is a 64 bit machine. Most of the tools we use don't run on 64 bit machines, so the help I can offer is limited.

I'm going to need you to run two different scans for me in due course.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Peer to Peer Advice:

I see you have BitTorrent installed. If you have used this, you can be fairly confident this is a principal reason your computer is infected.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.

Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.

It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

My advice would be to uninstall BitTorrent, if you choose not to please refrain from using it during the course of the malware removal process, thank you.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1

Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

    [*]Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • SecurityCheck Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

Link to post
Share on other sites

I have discovered a new problem, i can't install programs from my optical drive. autorun programs cannot access the files they need and when i run the setup programs directly they get through all the setup fine and then as soon as it tries to install there is a critical error saying that my internet security settings prevented one or more files to open. i get the same popup every time i close internet explorer, saying it prevented iexplorer.exe from opening, but i had it open.

When i tried to run Security Check, it errored saying it could not locate "security check\security check.bat" and then closed.

here is the first OLT log from OLT.txt:

OTL logfile created on: 11/8/2010 10:49:37 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\mike\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.82 Gb Total Space | 95.08 Gb Free Space | 43.06% Space Free | Partition Type: NTFS

Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Drive E: | 1.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: COMPUTER | User Name: mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Users\mike\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found

DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)

DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/25 13:40:07 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()

O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()

O3 - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mike\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/26 14:22:58 | 000,676,064 | R--- | M] (Stardock Entertainment, Inc.) - E:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2008/07/26 14:36:24 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{a1a5a2d2-c3d9-11de-9f38-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a1a5a2d2-c3d9-11de-9f38-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008/07/26 14:22:58 | 000,676,064 | R--- | M] (Stardock Entertainment, Inc.)

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 22:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock Games

[2010/11/08 22:31:14 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Stardock

[2010/11/05 13:36:19 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/11/05 13:36:18 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/11/05 13:36:17 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2010/11/05 13:36:17 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/11/05 13:36:17 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2010/11/05 13:36:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/11/05 13:36:17 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/11/05 13:36:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/11/05 13:36:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/11/05 13:27:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2010/11/05 13:27:37 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll

[2010/11/05 13:27:37 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll

[2010/11/05 13:27:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2010/11/05 13:27:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2010/11/05 13:27:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll

[2010/11/05 13:27:35 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll

[2010/11/05 13:27:35 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2010/11/05 13:27:35 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll

[2010/11/05 13:27:35 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2010/11/05 13:27:35 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2010/11/05 13:27:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2010/11/05 13:27:35 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll

[2010/11/05 13:27:35 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2010/11/05 13:27:34 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll

[2010/11/05 13:27:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2010/11/05 13:27:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll

[2010/11/05 13:27:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll

[2010/11/05 13:27:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll

[2010/11/05 13:27:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll

[2010/11/05 13:27:30 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll

[2010/11/05 13:27:30 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll

[2010/11/05 13:27:30 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll

[2010/11/05 13:27:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll

[2010/11/05 13:27:28 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll

[2010/11/05 13:27:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll

[2010/11/05 13:27:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll

[2010/11/05 13:27:28 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll

[2010/11/05 13:27:27 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll

[2010/11/05 13:27:27 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll

[2010/11/05 13:27:24 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll

[2010/11/05 13:27:24 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll

[2010/11/05 13:27:22 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll

[2010/11/05 13:27:22 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll

[2010/11/05 13:27:21 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll

[2010/11/05 13:27:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll

[2010/11/05 13:27:20 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll

[2010/11/05 13:27:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll

[2010/11/05 13:27:19 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll

[2010/11/05 13:27:19 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll

[2010/11/05 13:27:19 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll

[2010/11/05 13:27:19 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll

[2010/11/05 13:27:19 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll

[2010/11/05 13:27:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll

[2010/11/05 13:27:17 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll

[2010/11/05 13:27:17 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll

[2010/11/05 13:27:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll

[2010/11/05 13:27:17 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll

[2010/11/05 13:27:17 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll

[2010/11/05 13:27:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll

[2010/11/05 13:27:17 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll

[2010/11/05 13:27:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll

[2010/11/05 13:27:16 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2010/11/05 13:27:16 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2010/11/05 13:27:16 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2010/11/05 13:27:16 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2010/11/05 13:27:15 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2010/11/05 13:27:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2010/11/05 13:27:15 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll

[2010/11/05 13:27:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll

[2010/11/05 13:27:15 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll

[2010/11/05 13:27:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll

[2010/11/05 13:27:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll

[2010/11/05 13:27:14 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll

[2010/11/05 13:27:13 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll

[2010/11/05 13:27:13 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll

[2010/11/05 13:27:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll

[2010/11/05 13:27:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll

[2010/11/05 13:27:13 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll

[2010/11/05 13:27:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll

[2010/11/05 13:27:13 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll

[2010/11/05 13:27:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll

[2010/11/05 13:27:12 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll

[2010/11/05 13:27:12 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2010/11/05 13:27:12 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll

[2010/11/05 13:27:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2010/11/05 13:27:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll

[2010/11/05 13:27:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2010/11/05 13:27:11 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll

[2010/11/05 13:27:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll

[2010/11/05 13:27:11 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll

[2010/11/05 13:27:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll

[2010/11/05 13:27:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll

[2010/11/05 13:27:10 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll

[2010/11/05 13:27:09 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll

[2010/11/05 13:27:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll

[2010/11/05 13:27:09 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll

[2010/11/05 13:27:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll

[2010/11/05 13:27:09 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll

[2010/11/05 13:27:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll

[2010/11/05 13:27:08 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll

[2010/11/05 13:27:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll

[2010/11/05 13:27:07 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll

[2010/11/05 13:27:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll

[2010/11/05 13:27:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll

[2010/11/05 13:27:06 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll

[2010/11/05 13:27:06 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll

[2010/11/05 13:27:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll

[2010/11/05 13:27:05 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll

[2010/11/05 13:27:05 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll

[2010/11/05 13:27:05 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll

[2010/11/05 13:27:05 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll

[2010/11/05 13:27:04 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll

[2010/11/05 13:27:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll

[2010/11/05 13:27:03 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll

[2010/11/05 13:27:03 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll

[2010/11/05 13:27:01 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll

[2010/11/05 13:27:01 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll

[2010/11/05 13:27:01 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll

[2010/11/05 13:27:01 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll

[2010/11/05 13:27:01 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll

[2010/11/05 13:27:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll

[2010/11/05 13:26:59 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll

[2010/11/05 13:26:59 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll

[2010/11/05 13:26:58 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll

[2010/11/05 13:26:58 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll

[2010/11/05 13:26:58 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll

[2010/11/05 13:26:58 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll

[2010/11/05 13:26:58 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll

[2010/11/05 13:26:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll

[2010/11/05 13:26:54 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll

[2010/11/05 13:26:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll

[2010/11/05 13:26:54 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll

[2010/11/05 13:26:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll

[2010/11/05 13:26:52 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll

[2010/11/05 13:26:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll

[2010/11/05 13:26:52 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll

[2010/11/05 13:26:52 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll

[2010/11/05 13:26:52 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll

[2010/11/05 13:26:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll

[2010/11/05 13:26:51 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll

[2010/11/05 13:26:51 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll

[2010/11/05 13:26:49 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll

[2010/11/05 13:26:49 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll

[2010/11/05 13:26:49 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll

[2010/11/05 13:26:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll

[2010/11/05 13:26:49 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll

[2010/11/05 13:26:49 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll

[2010/11/05 13:26:47 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll

[2010/11/05 13:26:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll

[2010/11/05 13:26:46 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll

[2010/11/05 13:26:46 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll

[2010/11/05 13:26:45 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll

[2010/11/05 13:26:45 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll

[2010/11/05 13:26:45 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll

[2010/11/05 13:26:45 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll

[2010/11/05 13:26:44 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll

[2010/11/05 13:26:44 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll

[2010/11/05 13:26:44 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll

[2010/11/05 13:26:44 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll

[2010/11/05 13:26:44 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll

[2010/11/05 13:26:44 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll

[2010/11/05 13:26:43 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll

[2010/11/05 13:26:43 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll

[2010/11/05 13:26:43 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll

[2010/11/05 13:26:43 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll

[2010/11/05 13:26:40 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll

[2010/11/05 13:26:40 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll

[2010/11/05 13:26:40 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll

[2010/11/05 13:26:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll

[2010/11/05 13:26:39 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll

[2010/11/05 13:26:39 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll

[2010/11/05 13:26:30 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll

[2010/11/05 13:26:30 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll

[2010/11/05 13:26:26 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll

[2010/11/05 13:26:26 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll

[2010/11/05 13:26:26 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll

[2010/11/05 13:26:26 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll

[2010/11/05 13:26:26 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll

[2010/11/05 13:26:26 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll

[2010/11/05 13:26:25 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll

[2010/11/05 13:26:25 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll

[2010/11/05 13:26:25 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll

[2010/11/05 13:26:25 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll

[2010/11/05 13:26:24 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll

[2010/11/05 13:26:24 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll

[2010/11/05 13:26:23 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll

[2010/11/05 13:26:23 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll

[2010/11/05 13:26:21 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll

[2010/11/05 13:26:21 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll

[2010/11/05 13:17:32 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp

[2010/11/05 13:17:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx

[2010/11/03 00:31:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/11/03 00:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/11/02 23:25:54 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2010/11/02 23:25:53 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2010/11/02 23:25:50 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2010/11/02 23:25:45 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2010/11/02 23:25:35 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2010/11/02 23:25:09 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2010/11/02 23:25:09 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2010/11/02 02:06:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys

[2010/11/02 01:59:45 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2010/11/02 01:59:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2010/11/02 01:59:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2010/11/02 01:59:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2010/11/02 01:59:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2010/11/02 01:59:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2010/11/02 01:59:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2010/11/02 01:59:43 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2010/11/02 01:59:43 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2010/11/01 18:05:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/11/01 18:05:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/11/01 17:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2010/11/01 17:47:39 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010/11/01 17:47:39 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010/11/01 17:47:39 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010/11/01 17:47:39 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010/11/01 17:47:39 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/11/01 17:47:39 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010/11/01 17:47:39 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010/11/01 17:47:39 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010/11/01 17:02:54 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2010/11/01 17:02:45 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010/11/01 17:02:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010/11/01 17:02:44 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010/11/01 17:02:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/11/01 17:02:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2010/11/01 17:02:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2010/11/01 17:02:43 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010/11/01 17:02:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010/11/01 17:02:43 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010/11/01 17:02:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010/11/01 17:02:43 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010/11/01 17:02:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010/11/01 17:02:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010/11/01 17:02:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010/11/01 17:01:27 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010/11/01 17:01:26 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2010/11/01 17:01:25 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2010/11/01 17:01:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2010/11/01 17:01:00 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010/11/01 17:00:57 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2010/11/01 17:00:57 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2010/11/01 17:00:56 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2010/11/01 17:00:55 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll

[2010/11/01 17:00:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll

[2010/11/01 17:00:52 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2010/11/01 17:00:52 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2010/11/01 17:00:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010/11/01 17:00:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010/11/01 17:00:33 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2010/11/01 17:00:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2010/11/01 17:00:29 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010/11/01 17:00:27 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010/11/01 17:00:25 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010/11/01 17:00:24 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010/11/01 17:00:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2010/11/01 17:00:19 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2010/11/01 17:00:19 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2010/11/01 17:00:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll

[2010/11/01 17:00:18 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll

[2010/11/01 17:00:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2010/11/01 17:00:16 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll

[2010/11/01 17:00:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll

[2010/11/01 17:00:16 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2010/11/01 16:59:32 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010/11/01 16:59:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010/11/01 16:59:21 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2010/11/01 16:59:20 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2010/11/01 16:58:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2010/11/01 16:57:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/11/01 16:57:10 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/11/01 16:57:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2010/11/01 16:57:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2010/11/01 16:57:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/11/01 16:57:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/11/01 16:56:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010/10/26 18:28:51 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Malwarebytes

[2010/10/26 18:28:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/10/26 18:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/26 04:43:58 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\{6F8B1001-E04C-4285-9498-560232F5AD2D}

[2010/10/11 00:57:49 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[35 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/08 22:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-329689184-2713047746-1803584903-1000UA.job

[2010/11/08 21:51:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/08 21:51:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/08 21:48:59 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/08 21:48:59 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/08 21:48:59 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/08 21:44:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/08 21:44:24 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/05 12:47:54 | 000,003,232 | ---- | M] () -- C:\Users\mike\Documents\Attach.zip

[2010/11/05 12:23:33 | 000,000,000 | ---- | M] () -- C:\Users\mike\defogger_reenable

[2010/11/05 03:26:28 | 000,002,354 | ---- | M] () -- C:\Users\mike\Desktop\Google Chrome.lnk

[2010/11/04 22:24:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-329689184-2713047746-1803584903-1000Core.job

[2010/11/03 02:21:49 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf

[2010/11/03 00:31:36 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/02 23:25:54 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/11/02 23:25:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2010/11/01 19:14:38 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/11/01 18:06:40 | 000,355,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/26 05:01:52 | 000,000,006 | ---- | M] () -- C:\Users\mike\AppData\Roaming\start

[2010/10/26 05:00:33 | 000,000,006 | ---- | M] () -- C:\Users\mike\AppData\Roaming\completescan

[2010/10/26 04:56:12 | 000,000,010 | ---- | M] () -- C:\Users\mike\AppData\Roaming\install

[2010/10/25 21:07:35 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini

[2010/10/19 21:53:30 | 000,012,960 | ---- | M] () -- C:\Users\mike\Documents\eCommerce Questionnaire.docx

[35 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 12:47:54 | 000,003,232 | ---- | C] () -- C:\Users\mike\Documents\Attach.zip

[2010/11/05 12:23:33 | 000,000,000 | ---- | C] () -- C:\Users\mike\defogger_reenable

[2010/11/03 00:31:36 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/02 23:25:54 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/11/01 18:37:43 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/10/26 05:01:52 | 000,000,006 | ---- | C] () -- C:\Users\mike\AppData\Roaming\start

[2010/10/26 05:00:33 | 000,000,006 | ---- | C] () -- C:\Users\mike\AppData\Roaming\completescan

[2010/10/26 04:56:12 | 000,000,010 | ---- | C] () -- C:\Users\mike\AppData\Roaming\install

[2010/10/18 15:27:38 | 000,012,960 | ---- | C] () -- C:\Users\mike\Documents\eCommerce Questionnaire.docx

[2010/09/28 02:29:06 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/09/28 02:29:06 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/08/25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/05/08 16:09:51 | 000,000,106 | ---- | C] () -- C:\Users\mike\AppData\Roaming\wklnhst.dat

[2010/04/17 11:15:13 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/03/20 19:45:51 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI

[2010/02/09 07:57:15 | 000,003,584 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/28 22:45:42 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt

[2009/12/25 13:39:45 | 000,000,362 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/12/25 13:10:13 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\QSwitch.txt

[2009/12/25 13:10:13 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\DSwitch.txt

[2009/12/25 13:10:13 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\AtStart.txt

[2009/12/25 13:10:12 | 000,000,281 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2009/10/28 07:56:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

[2009/10/28 07:56:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

[2009/10/28 07:56:12 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log

[2009/10/28 07:55:50 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

[2009/10/28 07:55:11 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

[2009/10/28 07:55:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log

[2009/08/17 12:22:33 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

[2009/08/17 12:18:04 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

[2009/08/17 12:16:01 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

[2009/08/17 12:15:15 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

Link to post
Share on other sites

here is the second OLT log, Extras.txt:

OTL Extras logfile created on: 11/8/2010 10:49:37 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\mike\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.82 Gb Total Space | 95.08 Gb Free Space | 43.06% Space Free | Partition Type: NTFS

Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Drive E: | 1.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: COMPUTER | User Name: mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit)

"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support

"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 17

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{293F900D-3743-A8CC-46AD-5AFBFF8E29CF}" = muvee Reveal

"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar

"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant

"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant

"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156

"{655CD886-3B90-4E4D-B314-92BDA9B08C86}" = Vegas Movie Studio HD 9.0

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = File Viewer Utility 1.3.1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EF91B23E-3819-43A1-AE47-043E1900EB2B}" = RemoteCapture 2.7.4

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast5" = avast! Free Antivirus

"Bejeweled Blitz" = Bejeweled Blitz

"BitTorrent" = BitTorrent

"Diablo II" = Diablo II

"FLV Player" = FLV Player 2.0 (build 25)

"Free RAR Extract Frog" = Free RAR Extract Frog

"Galactic Civilizations II - Dread Lords" = Galactic Civilizations II - Dread Lords

"Guild Wars" = Guild Wars

"Homepage Protection" = Homepage Protection

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA Driver

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{74344F10-34CA-480E-BD02-B3F4FA692BFA}" = Canon Utilities File Viewer Utility 1.3

"InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{EF91B23E-3819-43A1-AE47-043E1900EB2B}" = Canon Utilities RemoteCapture 2.7

"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"PhotoRecord" = Canon PhotoRecord

"Search Toolbar" = Search Toolbar

"StarCraft" = StarCraft

"WinLiveSuite_Wave3" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

"Xvid_is1" = Xvid 1.2.1 final uninstall

"Zynga Toolbar" = Zynga Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/25/2010 10:46:07 PM | Computer Name = Computer | Source = Bonjour Service | ID = 100

Description = 216: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 10/25/2010 10:46:07 PM | Computer Name = Computer | Source = Bonjour Service | ID = 100

Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 10/25/2010 10:46:07 PM | Computer Name = Computer | Source = Bonjour Service | ID = 100

Description = 508: ERROR: read_msg errno 10054 (An existing connection was forcibly

closed by the remote host.)

Error - 10/26/2010 5:55:56 AM | Computer Name = Computer | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 10/26/2010 8:41:27 AM | Computer Name = Computer | Source = Application Error | ID = 1000

Description = Faulting application name: rascnxomwe.exe, version: 26.1.2.1, time

stamp: 0x4cc56d50 Faulting module name: rascnxomwe.exe, version: 26.1.2.1, time

stamp: 0x4cc56d50 Exception code: 0xc0000005 Fault offset: 0x00001128 Faulting process

id: 0xf64 Faulting application start time: 0x01cb750b1b224c0b Faulting application

path: C:\Users\mike\AppData\Local\Temp\rascnxomwe.exe Faulting module path: C:\Users\mike\AppData\Local\Temp\rascnxomwe.exe

Report

Id: 58eca834-e0fe-11df-8c31-001f16ee4d58

Error - 10/26/2010 8:41:27 AM | Computer Name = Computer | Source = Application Error | ID = 1000

Description = Faulting application name: rascnxomwe.exe, version: 26.1.2.1, time

stamp: 0x4cc56d50 Faulting module name: rascnxomwe.exe, version: 26.1.2.1, time

stamp: 0x4cc56d50 Exception code: 0xc0000005 Fault offset: 0x00001128 Faulting process

id: 0x738 Faulting application start time: 0x01cb750b1b46eb94 Faulting application

path: C:\Users\mike\AppData\Local\Temp\rascnxomwe.exe Faulting module path: C:\Users\mike\AppData\Local\Temp\rascnxomwe.exe

Report

Id: 58fab228-e0fe-11df-8c31-001f16ee4d58

Error - 10/26/2010 9:59:54 AM | Computer Name = Computer | Source = Application Error | ID = 1000

Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:

0x4c98293e Faulting module name: chrome.dll, version: 6.0.472.63, time stamp: 0x4c982907

Exception

code: 0x80000003 Fault offset: 0x000c958c Faulting process id: 0x6b4 Faulting application

start time: 0x01cb751608152282 Faulting application path: C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

Faulting

module path: C:\Users\mike\AppData\Local\Google\Chrome\Application\6.0.472.63\chrome.dll

Report

Id: 4eecba30-e109-11df-bc2e-af0d134c056a

Error - 10/26/2010 10:00:03 AM | Computer Name = Computer | Source = Application Error | ID = 1000

Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:

0x4c98293e Faulting module name: chrome.dll, version: 6.0.472.63, time stamp: 0x4c982907

Exception

code: 0x80000003 Fault offset: 0x000c958c Faulting process id: 0x6dc Faulting application

start time: 0x01cb75160d8808e2 Faulting application path: C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

Faulting

module path: C:\Users\mike\AppData\Local\Google\Chrome\Application\6.0.472.63\chrome.dll

Report

Id: 542b424b-e109-11df-bc2e-af0d134c056a

Error - 10/26/2010 10:18:29 AM | Computer Name = Computer | Source = Application Error | ID = 1000

Description = Faulting application name: Kze.exe, version: 7.3.0.0, time stamp:

0x4cc57db8 Faulting module name: icuuc36.dll, version: 3.6.0.0, time stamp: 0x470efe15

Exception

code: 0xc0000005 Fault offset: 0x0000ebc8 Faulting process id: 0x9d4 Faulting application

start time: 0x01cb751720d9f44f Faulting application path: C:\Users\mike\AppData\Local\Temp\Kze.exe

Faulting

module path: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icuuc36.dll Report Id:

e71f58ee-e10b-11df-bb0a-001f16ee4d58

Error - 10/28/2010 9:06:15 AM | Computer Name = Computer | Source = Application Hang | ID = 1002

Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 240 Start Time:

01cb76868801d920 Termination Time: 41 Application Path: C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

Report

Id: 227e8389-e294-11df-ba6c-001f16ee4d58

[ Hewlett-Packard Events ]

Error - 1/18/2010 2:31:55 AM | Computer Name = C-dweeb-PO | Source = Hewlett-Packard | ID = 0

Description = en-US Object reference not set to an instance of an object. HPSF at

HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs

e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs

routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,

RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject

sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs

e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,

RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object

root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object

resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object

resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate

callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 2/8/2010 5:13:34 AM | Computer Name = C-dweeb-PO | Source = Hewlett-Packard | ID = 0

Description = en-US Object reference not set to an instance of an object. HPSF at

HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs

e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs

routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,

RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject

sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs

e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,

RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object

root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object

resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object

resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate

callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 3/28/2010 2:44:09 AM | Computer Name = C-dweeb-PO | Source = Hewlett-Packard | ID = 0

Description = en-US Object reference not set to an instance of an object. HPSF at

HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs

e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs

routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,

RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject

sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs

e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,

RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object

root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object

resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object

resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate

callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

Error - 4/17/2010 2:53:01 PM | Computer Name = C-dweeb-PO | Source = Hewlett-Packard | ID = 0

Description = en-US Object reference not set to an instance of an object. HPSF at

HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs

e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs

routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,

RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject

sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs

e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,

RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object

root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object

resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object

resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate

callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

[ System Events ]

Error - 11/1/2010 10:30:15 PM | Computer Name = Computer | Source = DCOM | ID = 10005

Description =

Error - 11/1/2010 10:30:15 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 11/1/2010 10:30:15 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 11/1/2010 10:30:15 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 11/1/2010 10:30:27 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 11/1/2010 10:30:27 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 11/1/2010 10:30:27 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 11/1/2010 10:32:17 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 11/1/2010 10:32:17 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 11/1/2010 10:32:17 PM | Computer Name = Computer | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

< End of report >

Link to post
Share on other sites

Hi. :P

Thanks for the update, lets proceed as follows shall we.

Question:

Do you have a copy of the Windows 7 64 bit installation DVD at all in-case we require it to perform some repairs?

Download/run Rkill:

Please download Rkill from one of the following links and save it to your Desktop:

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Right-click on Rkill and select Run as Administrator.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.

Next:

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update both in due course.

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

Adobe Reader 9.1 MUI

Java

Link to post
Share on other sites

hi and thank you for the continued help.

i do not have a windows dvd, it was pre installed on the laptop when i got it, but there is a recovery partition (D:) with all of the win 7 and drivers and such. in fact when i get to the safe mode menu, there is an option for repairing windows or doing a system recovery. would doing that cause me to lose my data?

first log (rkill):

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as mike on 11/09/2010 at 21:48:49.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Users\mike\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\mike\Downloads\rkill.exe

Rkill completed on 11/09/2010 at 21:48:54.

Link to post
Share on other sites

second log (MBRcheck):

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Wistron

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP G60 Notebook PC

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 235):

0x02C12000 \SystemRoot\system32\ntoskrnl.exe

0x031EE000 \SystemRoot\system32\hal.dll

0x00BBF000 \SystemRoot\system32\kdcom.dll

0x00C4B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C8F000 \SystemRoot\system32\PSHED.dll

0x00CA3000 \SystemRoot\system32\CLFS.SYS

0x00D01000 \SystemRoot\system32\CI.dll

0x00E43000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EE7000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EF6000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F4D000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F56000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F60000 \SystemRoot\system32\DRIVERS\pci.sys

0x00F93000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00FA0000 \SystemRoot\system32\DRIVERS\isapnp.sys

0x00FA9000 \SystemRoot\system32\DRIVERS\mpio.sys

0x00FD3000 \SystemRoot\System32\drivers\partmgr.sys

0x00FE8000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00FF1000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x010B5000 \SystemRoot\System32\drivers\volmgrx.sys

0x01111000 \SystemRoot\system32\DRIVERS\intelide.sys

0x01119000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x01129000 \SystemRoot\system32\DRIVERS\aliide.sys

0x01130000 \SystemRoot\system32\DRIVERS\amdide.sys

0x01137000 \SystemRoot\system32\DRIVERS\cmdide.sys

0x0113F000 \SystemRoot\System32\drivers\mountmgr.sys

0x01159000 \SystemRoot\system32\DRIVERS\msdsm.sys

0x0117F000 \SystemRoot\system32\DRIVERS\nvraid.sys

0x011A8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x011D8000 \SystemRoot\system32\DRIVERS\pciide.sys

0x011DF000 \SystemRoot\system32\DRIVERS\viaide.sys

0x01205000 \SystemRoot\system32\DRIVERS\iaStorV.sys

0x01323000 \SystemRoot\system32\DRIVERS\atapi.sys

0x0132C000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x01356000 \SystemRoot\system32\DRIVERS\lsi_sas.sys

0x01373000 \SystemRoot\system32\DRIVERS\storport.sys

0x013D5000 \SystemRoot\system32\DRIVERS\msahci.sys

0x013E0000 \SystemRoot\system32\DRIVERS\HpSAMD.sys

0x01000000 \SystemRoot\system32\DRIVERS\adp94xx.sys

0x0144C000 \SystemRoot\system32\DRIVERS\adpahci.sys

0x014A2000 \SystemRoot\system32\DRIVERS\adpu320.sys

0x014D1000 \SystemRoot\system32\DRIVERS\amdsata.sys

0x014EF000 \SystemRoot\system32\DRIVERS\amdsbs.sys

0x01536000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01541000 \SystemRoot\system32\DRIVERS\arc.sys

0x0155A000 \SystemRoot\system32\DRIVERS\arcsas.sys

0x01575000 \SystemRoot\system32\DRIVERS\elxstor.sys

0x01400000 \SystemRoot\system32\DRIVERS\iirsp.sys

0x01411000 \SystemRoot\system32\DRIVERS\lsi_fc.sys

0x01430000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys

0x0107B000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys

0x0109A000 \SystemRoot\system32\DRIVERS\megasas.sys

0x01637000 \SystemRoot\system32\DRIVERS\MegaSR.sys

0x016DB000 \SystemRoot\system32\DRIVERS\nfrd960.sys

0x016EB000 \SystemRoot\system32\DRIVERS\nvstor.sys

0x01817000 \SystemRoot\system32\DRIVERS\ql2300.sys

0x01716000 \SystemRoot\system32\DRIVERS\ql40xx.sys

0x019BB000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys

0x019C9000 \SystemRoot\system32\DRIVERS\sisraid4.sys

0x019E1000 \SystemRoot\system32\DRIVERS\stexstor.sys

0x01775000 \SystemRoot\system32\DRIVERS\vsmraid.sys

0x0179F000 \SystemRoot\system32\drivers\fltmgr.sys

0x019EB000 \SystemRoot\system32\drivers\fileinfo.sys

0x01A14000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01CDE000 \SystemRoot\System32\Drivers\msrpc.sys

0x01D3C000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01D56000 \SystemRoot\System32\Drivers\cng.sys

0x01DC9000 \SystemRoot\System32\drivers\pcw.sys

0x01DDA000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01E3F000 \SystemRoot\system32\drivers\ndis.sys

0x01F31000 \SystemRoot\system32\drivers\NETIO.SYS

0x01F91000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x02002000 \SystemRoot\System32\drivers\tcpip.sys

0x01C00000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01FBC000 \SystemRoot\system32\DRIVERS\wd.sys

0x01C4A000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x01FC4000 \SystemRoot\System32\Drivers\spldr.sys

0x01FCC000 \SystemRoot\system32\DRIVERS\sbp2port.sys

0x01E00000 \SystemRoot\System32\drivers\rdyboost.sys

0x01FE9000 \SystemRoot\System32\Drivers\mup.sys

0x01C96000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01C9F000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01DE4000 \SystemRoot\system32\DRIVERS\disk.sys

0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01BEF000 \SystemRoot\System32\Drivers\Null.SYS

0x01BF8000 \SystemRoot\System32\Drivers\Beep.SYS

0x01A00000 \SystemRoot\System32\drivers\vga.sys

0x00E15000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01800000 \SystemRoot\System32\drivers\watchdog.sys

0x0162A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x017EB000 \SystemRoot\system32\drivers\rdpencdd.sys

0x017F4000 \SystemRoot\system32\drivers\rdprefmp.sys

0x010A6000 \SystemRoot\System32\Drivers\Msfs.SYS

0x011E7000 \SystemRoot\System32\Drivers\Npfs.SYS

0x00DC1000 \SystemRoot\system32\DRIVERS\tdx.sys

0x00DDF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x00DEC000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x03427000 \SystemRoot\system32\drivers\afd.sys

0x034B1000 \SystemRoot\System32\Drivers\aswRdr.SYS

0x034BB000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03500000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03509000 \SystemRoot\system32\DRIVERS\pacer.sys

0x0352F000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03545000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03571000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x0358C000 \SystemRoot\system32\DRIVERS\termdd.sys

0x035A0000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x035F1000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03400000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x0340B000 \SystemRoot\System32\drivers\discache.sys

0x00C00000 \SystemRoot\System32\Drivers\dfsc.sys

0x03554000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x00C1E000 \SystemRoot\System32\Drivers\aswSP.SYS

0x03EB8000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03EDE000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03EF4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x04282000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x04CA1000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04D95000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04DDB000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03EFD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x03F21000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x0546A000 \SystemRoot\system32\DRIVERS\athrx.sys

0x055D9000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x05400000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x0541E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

0x0542A000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x03F5A000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x05439000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x0543B000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x0544A000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x0544F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x055E6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x04267000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03FA3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x0545C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03FC7000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03E1B000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03E3C000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x05468000 \SystemRoot\system32\DRIVERS\swenum.sys

0x03E56000 \SystemRoot\system32\DRIVERS\ks.sys

0x04DE8000 \SystemRoot\system32\DRIVERS\umbus.sys

0x05072000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x050CC000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x050E1000 \SystemRoot\system32\drivers\CHDRT64.sys

0x0518F000 \SystemRoot\system32\drivers\portcls.sys

0x051CC000 \SystemRoot\system32\drivers\drmk.sys

0x051EE000 \SystemRoot\system32\drivers\ksthunk.sys

0x05000000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x05810000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x05AD0000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x05B9B000 \SystemRoot\system32\drivers\modem.sys

0x05BAA000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x00010000 \SystemRoot\System32\win32k.sys

0x05BD1000 \SystemRoot\System32\drivers\Dxapi.sys

0x05BDD000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00420000 \SystemRoot\System32\TSDDD.dll

0x006B0000 \SystemRoot\System32\cdd.dll

0x05A00000 \SystemRoot\system32\DRIVERS\udfs.sys

0x00980000 \SystemRoot\System32\ATMFD.DLL

0x05A54000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05A62000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x05A6E000 \SystemRoot\System32\Drivers\dump_msahci.sys

0x05A79000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x05A8C000 \SystemRoot\system32\drivers\luafv.sys

0x05984000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x05AAF000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x059BE000 \SystemRoot\system32\drivers\WudfPf.sys

0x05AB8000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02E62000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x02EB5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x02EC8000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02EE0000 \SystemRoot\system32\drivers\HTTP.sys

0x02FA8000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02FC6000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x03230000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0327E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x032A1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x032A6000 \SystemRoot\system32\drivers\peauth.sys

0x0334C000 \SystemRoot\System32\Drivers\secdrv.SYS

0x03357000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x03384000 \SystemRoot\System32\drivers\tcpipreg.sys

0x03396000 \SystemRoot\system32\DRIVERS\XAudio64.sys

0x04E4E000 \SystemRoot\System32\DRIVERS\srv2.sys

0x04EB5000 \SystemRoot\System32\DRIVERS\srv.sys

0x04F4B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04F68000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04F76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04F8F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04F98000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x77B60000 \Windows\System32\ntdll.dll

0x48420000 \Windows\System32\smss.exe

0xFFE80000 \Windows\System32\apisetschema.dll

0xFFED0000 \Windows\System32\autochk.exe

0xFFD60000 \Windows\System32\msctf.dll

0xFFB00000 \Windows\System32\iertutil.dll

0xFFA90000 \Windows\System32\gdi32.dll

0xFFA60000 \Windows\System32\imm32.dll

0xFF850000 \Windows\System32\ole32.dll

0xFEAC0000 \Windows\System32\shell32.dll

0xFE9E0000 \Windows\System32\advapi32.dll

0xFE860000 \Windows\System32\urlmon.dll

0xFE7E0000 \Windows\System32\difxapi.dll

0xFE6B0000 \Windows\System32\wininet.dll

0x77D30000 \Windows\System32\normaliz.dll

0x77A60000 \Windows\System32\user32.dll

0x77940000 \Windows\System32\kernel32.dll

0x77D20000 \Windows\System32\psapi.dll

0xFE580000 \Windows\System32\rpcrt4.dll

0xFE4E0000 \Windows\System32\comdlg32.dll

0xFE410000 \Windows\System32\usp10.dll

0xFE230000 \Windows\System32\setupapi.dll

0xFE190000 \Windows\System32\clbcatq.dll

0xFE0B0000 \Windows\System32\oleaut32.dll

0xFE0A0000 \Windows\System32\lpk.dll

0xFE020000 \Windows\System32\shlwapi.dll

0xFDFD0000 \Windows\System32\ws2_32.dll

0xFDF80000 \Windows\System32\Wldap32.dll

0xFDF60000 \Windows\System32\imagehlp.dll

0xFDF50000 \Windows\System32\nsi.dll

0xFDF30000 \Windows\System32\sechost.dll

0xFDE90000 \Windows\System32\msvcrt.dll

0xFDE50000 \Windows\System32\cfgmgr32.dll

0xFDDE0000 \Windows\System32\KernelBase.dll

0xFDD40000 \Windows\System32\comctl32.dll

0xFDBD0000 \Windows\System32\crypt32.dll

0xFDB90000 \Windows\System32\wintrust.dll

0xFDB70000 \Windows\System32\devobj.dll

0xFDB60000 \Windows\System32\msasn1.dll

0x77D10000 \Windows\SysWOW64\normaliz.dll

Processes (total 52):

0 System Idle Process

4 System

232 C:\Windows\System32\smss.exe

336 csrss.exe

388 C:\Windows\System32\wininit.exe

400 csrss.exe

456 C:\Windows\System32\winlogon.exe

492 C:\Windows\System32\services.exe

500 C:\Windows\System32\lsass.exe

508 C:\Windows\System32\lsm.exe

616 C:\Windows\System32\svchost.exe

732 C:\Windows\System32\svchost.exe

784 C:\Windows\System32\svchost.exe

900 C:\Windows\System32\svchost.exe

960 C:\Windows\System32\svchost.exe

356 C:\Windows\System32\svchost.exe

1056 C:\Windows\System32\svchost.exe

1140 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

1328 C:\Windows\System32\spoolsv.exe

1364 C:\Windows\System32\svchost.exe

1476 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1496 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1556 C:\Windows\System32\svchost.exe

1592 C:\Windows\System32\svchost.exe

1616 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1652 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

1692 C:\Windows\System32\svchost.exe

2472 C:\Windows\System32\taskhost.exe

2520 C:\Windows\System32\dwm.exe

2532 C:\Windows\explorer.exe

2668 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2676 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

2692 C:\Windows\System32\igfxtray.exe

2700 C:\Windows\System32\hkcmd.exe

2708 C:\Windows\System32\igfxpers.exe

2716 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

3040 C:\Windows\System32\igfxsrvc.exe

544 C:\Program Files\Windows Media Player\wmpnetwk.exe

2120 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

3080 C:\Windows\System32\svchost.exe

472 C:\Windows\System32\audiodg.exe

2640 C:\Windows\System32\msiexec.exe

992 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

3976 C:\Windows\System32\SearchIndexer.exe

3268 C:\Windows\winsxs\wow64_microsoft-windows-notepad_31bf3856ad364e35_6.1.7600.16385_none_d5642974be118415\notepad.exe

3716 C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

1848 C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

2856 C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

988 C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe

2064 C:\Users\mike\Downloads\MBRCheck.exe

3848 C:\Windows\System32\conhost.exe

3588 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`41000000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OCA0G

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 74514A4A2FF1F413024A469C0E6781B42D465460

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

third log (new OTL):

OTL logfile created on: 11/9/2010 9:55:13 PM - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\mike\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.82 Gb Total Space | 95.25 Gb Free Space | 43.13% Space Free | Partition Type: NTFS

Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.85% Space Free | Partition Type: NTFS

Drive E: | 1.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: COMPUTER | User Name: mike | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mike\Downloads\MBRCheck.exe ()

PRC - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\mike\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\mike\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found

DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)

DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/25 13:40:07 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mike\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O7 - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-329689184-2713047746-1803584903-1000\..Trusted Domains: google.com ([www] http in Local intranet)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/07/26 14:22:58 | 000,676,064 | R--- | M] (Stardock Entertainment, Inc.) - E:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2008/07/26 14:36:24 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{a1a5a2d2-c3d9-11de-9f38-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a1a5a2d2-c3d9-11de-9f38-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008/07/26 14:22:58 | 000,676,064 | R--- | M] (Stardock Entertainment, Inc.)

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 21:42:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/11/08 22:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock Games

[2010/11/08 22:31:14 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Stardock

[2010/11/05 13:36:19 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/11/05 13:36:18 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/11/05 13:36:17 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2010/11/05 13:36:17 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/11/05 13:36:17 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2010/11/05 13:36:17 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/11/05 13:36:17 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/11/05 13:36:17 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/11/05 13:36:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/11/05 13:27:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2010/11/05 13:27:37 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll

[2010/11/05 13:27:37 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll

[2010/11/05 13:27:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2010/11/05 13:27:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2010/11/05 13:27:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll

[2010/11/05 13:27:35 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll

[2010/11/05 13:27:35 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2010/11/05 13:27:35 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll

[2010/11/05 13:27:35 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2010/11/05 13:27:35 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2010/11/05 13:27:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2010/11/05 13:27:35 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll

[2010/11/05 13:27:35 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2010/11/05 13:27:34 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll

[2010/11/05 13:27:34 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2010/11/05 13:27:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll

[2010/11/05 13:27:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll

[2010/11/05 13:27:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll

[2010/11/05 13:27:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll

[2010/11/05 13:27:30 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll

[2010/11/05 13:27:30 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll

[2010/11/05 13:27:30 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll

[2010/11/05 13:27:30 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll

[2010/11/05 13:27:28 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll

[2010/11/05 13:27:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll

[2010/11/05 13:27:28 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll

[2010/11/05 13:27:28 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll

[2010/11/05 13:27:27 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll

[2010/11/05 13:27:27 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll

[2010/11/05 13:27:24 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll

[2010/11/05 13:27:24 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll

[2010/11/05 13:27:22 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll

[2010/11/05 13:27:22 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll

[2010/11/05 13:27:21 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll

[2010/11/05 13:27:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll

[2010/11/05 13:27:20 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll

[2010/11/05 13:27:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll

[2010/11/05 13:27:19 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll

[2010/11/05 13:27:19 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll

[2010/11/05 13:27:19 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll

[2010/11/05 13:27:19 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll

[2010/11/05 13:27:19 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll

[2010/11/05 13:27:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll

[2010/11/05 13:27:17 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll

[2010/11/05 13:27:17 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll

[2010/11/05 13:27:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll

[2010/11/05 13:27:17 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll

[2010/11/05 13:27:17 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll

[2010/11/05 13:27:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll

[2010/11/05 13:27:17 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll

[2010/11/05 13:27:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll

[2010/11/05 13:27:16 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2010/11/05 13:27:16 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2010/11/05 13:27:16 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2010/11/05 13:27:16 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2010/11/05 13:27:15 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2010/11/05 13:27:15 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2010/11/05 13:27:15 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll

[2010/11/05 13:27:15 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll

[2010/11/05 13:27:15 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll

[2010/11/05 13:27:15 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll

[2010/11/05 13:27:14 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll

[2010/11/05 13:27:14 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll

[2010/11/05 13:27:13 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll

[2010/11/05 13:27:13 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll

[2010/11/05 13:27:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll

[2010/11/05 13:27:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll

[2010/11/05 13:27:13 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll

[2010/11/05 13:27:13 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll

[2010/11/05 13:27:13 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll

[2010/11/05 13:27:13 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll

[2010/11/05 13:27:12 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll

[2010/11/05 13:27:12 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2010/11/05 13:27:12 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll

[2010/11/05 13:27:12 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2010/11/05 13:27:12 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll

[2010/11/05 13:27:12 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2010/11/05 13:27:11 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll

[2010/11/05 13:27:11 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll

[2010/11/05 13:27:11 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll

[2010/11/05 13:27:11 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll

[2010/11/05 13:27:10 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll

[2010/11/05 13:27:10 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll

[2010/11/05 13:27:09 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll

[2010/11/05 13:27:09 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll

[2010/11/05 13:27:09 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll

[2010/11/05 13:27:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll

[2010/11/05 13:27:09 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll

[2010/11/05 13:27:09 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll

[2010/11/05 13:27:08 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll

[2010/11/05 13:27:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll

[2010/11/05 13:27:07 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll

[2010/11/05 13:27:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll

[2010/11/05 13:27:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll

[2010/11/05 13:27:06 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll

[2010/11/05 13:27:06 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll

[2010/11/05 13:27:06 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll

[2010/11/05 13:27:05 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll

[2010/11/05 13:27:05 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll

[2010/11/05 13:27:05 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll

[2010/11/05 13:27:05 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll

[2010/11/05 13:27:04 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll

[2010/11/05 13:27:04 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll

[2010/11/05 13:27:03 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll

[2010/11/05 13:27:03 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll

[2010/11/05 13:27:01 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll

[2010/11/05 13:27:01 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll

[2010/11/05 13:27:01 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll

[2010/11/05 13:27:01 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll

[2010/11/05 13:27:01 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll

[2010/11/05 13:27:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll

[2010/11/05 13:26:59 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll

[2010/11/05 13:26:59 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll

[2010/11/05 13:26:58 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll

[2010/11/05 13:26:58 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll

[2010/11/05 13:26:58 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll

[2010/11/05 13:26:58 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll

[2010/11/05 13:26:58 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll

[2010/11/05 13:26:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll

[2010/11/05 13:26:54 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll

[2010/11/05 13:26:54 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll

[2010/11/05 13:26:54 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll

[2010/11/05 13:26:54 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll

[2010/11/05 13:26:52 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll

[2010/11/05 13:26:52 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll

[2010/11/05 13:26:52 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll

[2010/11/05 13:26:52 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll

[2010/11/05 13:26:52 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll

[2010/11/05 13:26:52 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll

[2010/11/05 13:26:51 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll

[2010/11/05 13:26:51 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll

[2010/11/05 13:26:49 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll

[2010/11/05 13:26:49 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll

[2010/11/05 13:26:49 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll

[2010/11/05 13:26:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll

[2010/11/05 13:26:49 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll

[2010/11/05 13:26:49 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll

[2010/11/05 13:26:47 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll

[2010/11/05 13:26:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll

[2010/11/05 13:26:46 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll

[2010/11/05 13:26:46 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll

[2010/11/05 13:26:45 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll

[2010/11/05 13:26:45 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll

[2010/11/05 13:26:45 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll

[2010/11/05 13:26:45 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll

[2010/11/05 13:26:44 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll

[2010/11/05 13:26:44 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll

[2010/11/05 13:26:44 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll

[2010/11/05 13:26:44 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll

[2010/11/05 13:26:44 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll

[2010/11/05 13:26:44 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll

[2010/11/05 13:26:43 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll

[2010/11/05 13:26:43 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll

[2010/11/05 13:26:43 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll

[2010/11/05 13:26:43 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll

[2010/11/05 13:26:40 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll

[2010/11/05 13:26:40 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll

[2010/11/05 13:26:40 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll

[2010/11/05 13:26:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll

[2010/11/05 13:26:39 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll

[2010/11/05 13:26:39 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll

[2010/11/05 13:26:30 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll

[2010/11/05 13:26:30 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll

[2010/11/05 13:26:26 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll

[2010/11/05 13:26:26 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll

[2010/11/05 13:26:26 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll

[2010/11/05 13:26:26 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll

[2010/11/05 13:26:26 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll

[2010/11/05 13:26:26 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll

[2010/11/05 13:26:25 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll

[2010/11/05 13:26:25 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll

[2010/11/05 13:26:25 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll

[2010/11/05 13:26:25 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll

[2010/11/05 13:26:24 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll

[2010/11/05 13:26:24 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll

[2010/11/05 13:26:23 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll

[2010/11/05 13:26:23 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll

[2010/11/05 13:26:21 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll

[2010/11/05 13:26:21 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll

[2010/11/05 13:17:32 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp

[2010/11/05 13:17:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx

[2010/11/03 00:31:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/11/03 00:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/11/02 23:25:54 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2010/11/02 23:25:53 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2010/11/02 23:25:50 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2010/11/02 23:25:45 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2010/11/02 23:25:35 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2010/11/02 23:25:09 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2010/11/02 23:25:09 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2010/11/02 02:06:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys

[2010/11/02 01:59:45 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2010/11/02 01:59:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2010/11/02 01:59:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2010/11/02 01:59:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2010/11/02 01:59:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2010/11/02 01:59:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2010/11/02 01:59:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2010/11/02 01:59:43 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2010/11/02 01:59:43 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2010/11/01 18:05:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/11/01 18:05:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/11/01 17:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2010/11/01 17:47:39 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010/11/01 17:47:39 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010/11/01 17:47:39 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010/11/01 17:47:39 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010/11/01 17:47:39 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/11/01 17:47:39 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010/11/01 17:47:39 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010/11/01 17:47:39 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010/11/01 17:02:54 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2010/11/01 17:02:45 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010/11/01 17:02:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010/11/01 17:02:44 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010/11/01 17:02:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/11/01 17:02:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2010/11/01 17:02:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2010/11/01 17:02:43 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010/11/01 17:02:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010/11/01 17:02:43 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010/11/01 17:02:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010/11/01 17:02:43 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010/11/01 17:02:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010/11/01 17:02:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010/11/01 17:02:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2010/11/01 17:01:27 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010/11/01 17:01:26 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2010/11/01 17:01:25 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2010/11/01 17:01:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2010/11/01 17:01:00 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010/11/01 17:00:57 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2010/11/01 17:00:57 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2010/11/01 17:00:56 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2010/11/01 17:00:55 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll

[2010/11/01 17:00:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll

[2010/11/01 17:00:52 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2010/11/01 17:00:52 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2010/11/01 17:00:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010/11/01 17:00:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010/11/01 17:00:33 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2010/11/01 17:00:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2010/11/01 17:00:29 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010/11/01 17:00:27 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010/11/01 17:00:25 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010/11/01 17:00:24 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010/11/01 17:00:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2010/11/01 17:00:19 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2010/11/01 17:00:19 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2010/11/01 17:00:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll

[2010/11/01 17:00:18 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll

[2010/11/01 17:00:16 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2010/11/01 17:00:16 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll

[2010/11/01 17:00:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll

[2010/11/01 17:00:16 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2010/11/01 16:59:32 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010/11/01 16:59:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010/11/01 16:59:21 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2010/11/01 16:59:20 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2010/11/01 16:58:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2010/11/01 16:57:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010/11/01 16:57:10 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010/11/01 16:57:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2010/11/01 16:57:10 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2010/11/01 16:57:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010/11/01 16:57:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010/11/01 16:56:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010/10/26 18:28:51 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Malwarebytes

[2010/10/26 18:28:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/10/26 18:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/26 04:43:58 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\{6F8B1001-E04C-4285-9498-560232F5AD2D}

[2010/10/11 00:57:49 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server

[35 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 21:40:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/09 21:40:46 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/09 21:37:49 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/09 21:37:49 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/09 21:37:49 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/09 21:33:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/09 21:33:18 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/09 07:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-329689184-2713047746-1803584903-1000UA.job

[2010/11/08 23:24:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-329689184-2713047746-1803584903-1000Core.job

[2010/11/05 12:47:54 | 000,003,232 | ---- | M] () -- C:\Users\mike\Documents\Attach.zip

[2010/11/05 12:23:33 | 000,000,000 | ---- | M] () -- C:\Users\mike\defogger_reenable

[2010/11/05 03:26:28 | 000,002,354 | ---- | M] () -- C:\Users\mike\Desktop\Google Chrome.lnk

[2010/11/03 02:21:49 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf

[2010/11/03 00:31:36 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/02 23:25:54 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/11/02 23:25:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2010/11/01 19:14:38 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/11/01 18:06:40 | 000,355,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/26 05:01:52 | 000,000,006 | ---- | M] () -- C:\Users\mike\AppData\Roaming\start

[2010/10/26 05:00:33 | 000,000,006 | ---- | M] () -- C:\Users\mike\AppData\Roaming\completescan

[2010/10/26 04:56:12 | 000,000,010 | ---- | M] () -- C:\Users\mike\AppData\Roaming\install

[2010/10/25 21:07:35 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini

[2010/10/19 21:53:30 | 000,012,960 | ---- | M] () -- C:\Users\mike\Documents\eCommerce Questionnaire.docx

[35 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 12:47:54 | 000,003,232 | ---- | C] () -- C:\Users\mike\Documents\Attach.zip

[2010/11/05 12:23:33 | 000,000,000 | ---- | C] () -- C:\Users\mike\defogger_reenable

[2010/11/03 00:31:36 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/02 23:25:54 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2010/11/01 18:37:43 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/10/26 05:01:52 | 000,000,006 | ---- | C] () -- C:\Users\mike\AppData\Roaming\start

[2010/10/26 05:00:33 | 000,000,006 | ---- | C] () -- C:\Users\mike\AppData\Roaming\completescan

[2010/10/26 04:56:12 | 000,000,010 | ---- | C] () -- C:\Users\mike\AppData\Roaming\install

[2010/10/18 15:27:38 | 000,012,960 | ---- | C] () -- C:\Users\mike\Documents\eCommerce Questionnaire.docx

[2010/09/28 02:29:06 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/09/28 02:29:06 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/08/25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/05/08 16:09:51 | 000,000,106 | ---- | C] () -- C:\Users\mike\AppData\Roaming\wklnhst.dat

[2010/04/17 11:15:13 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/03/20 19:45:51 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI

[2010/02/09 07:57:15 | 000,003,584 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/28 22:45:42 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt

[2009/12/25 13:39:45 | 000,000,362 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/12/25 13:10:13 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\QSwitch.txt

[2009/12/25 13:10:13 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\DSwitch.txt

[2009/12/25 13:10:13 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Local\AtStart.txt

[2009/12/25 13:10:12 | 000,000,281 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2009/10/28 07:56:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

[2009/10/28 07:56:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

[2009/10/28 07:56:12 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log

[2009/10/28 07:55:50 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

[2009/10/28 07:55:11 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

[2009/10/28 07:55:09 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log

[2009/08/17 12:22:33 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

[2009/08/17 12:18:04 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

[2009/08/17 12:16:01 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

[2009/08/17 12:15:15 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >

Link to post
Share on other sites

Hi. :lol:

thank you for the continued help.

You're welcome and thanks for the update also.

i do not have a windows dvd, it was pre installed on the laptop when i got it, but there is a recovery partition (D:) with all of the win 7 and drivers and such. in fact when i get to the safe mode menu,

This explains the MBRCheck results which as a precaution we will check out shortly.

there is an option for repairing windows or doing a system recovery. would doing that cause me to lose my data?

What this basically means is your machine has what is know as a OEM(Original Equipment Manufacturer) version of Windows 7 and rather than having a W7 DVD. So any form of repairs and or recovery is via manufacturer specific software installed on a partition of a hard-drive. Basically if a complete system recovery is performed this resets the machine back to it original status when purchased and is defacto a reformat and reinstallation of the Windows operating system. So you would loose any data you have not backed up.

The below explains about the process:-

HP System Recovery <-- Though states for Vista this appears to be the most recent documentation for your machine/make & modal and the process will probably be the same.

I would also either order and or create a set of Recovery Disks as a precaution when I give the all clear.

Next:

Run Rkill again if you have rebooted your machine since last time, I do not need to review a new RKill log however.

Create a MBR Backup:

Your machines MBR(Master Boot Record) is unknown to MBRCheck. This is not necessarily a bad thing, but I'd like to check to make sure as I mentioned prior.

  • Please download MBRBackup to your Desktop.
  • Right-click on MBRBackup.exe and select Run as Administrator to launch the program.
  • Click on SaveMBR... (top left corner) and save the backup file to your Desktop. It will have a name similar to MBR_2010-11-10.bin where the numbers correspond to the date the backup was made.
  • Save this file to the desktop >> click on Exit.

Next:

Now please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-

http://forums.malwarebytes.org/index.php?showtopic=66876&st=0&gopid=340721entry340721

Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Users\mike\Desketop\MBR_2010-11-10.bin

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL

O2:64bit: - BHO: (Java

Link to post
Share on other sites

well so far things are pretty much the same. programs can't update and i can't install programs at all from the internal dvd drive. but if i download the same program it will load just fine. i thought it was odd that it was my internet security settings were stopping me from installing a program even while offline, so i went to the control panel to check my internet options and on the security tab there was not only the standard icons for internet, intranet and so on, there was an icon for "my computer" as well. i don't remember ever seeing that before. it wouldn't even let me click on it to see what the settings were, much less change them. the attached image is a portion of the screenshot i took to show you what i mean. i really hope this helps, thank you.

OTL log:

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

Registry value HKEY_USERS\S-1-5-21-329689184-2713047746-1803584903-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

Registry value HKEY_USERS\S-1-5-21-329689184-2713047746-1803584903-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-329689184-2713047746-1803584903-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\www\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.

File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.

File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.

File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: mike

->Flash cache emptied: 127519 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: AppData

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: mike

->Temp folder emptied: 159609705 bytes

->Temporary Internet Files folder emptied: 152457570 bytes

->Java cache emptied: 15255737 bytes

->Google Chrome cache emptied: 823583412 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 10917536 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 59790316 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,165.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11112010_000149

Files\Folders moved on Reboot...

C:\Users\mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

post-57930-1289466407_thumb.jpg

Link to post
Share on other sites

MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5094

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/11/2010 12:14:35 AM

mbam-log-2010-11-11 (00-14-35).txt

Scan type: Quick scan

Objects scanned: 141441

Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi. :D

i really hope this helps, thank you.

Aye thanks it does and you're welcome.

i can't install programs at all from the internal dvd drive

Is the actual drive inoperable? If not it may be just that the auto-run feature has been disabled, which in itself is not a bad thing but for a actual CD/DVD drive not really necessary I think personally.

The results of the file upload/the state of your machines MBR are good. We could have repaired it if necessary but that is a particular option I would be wary to do as it would mean access to the recovery partition would no longer be had...Anyway at least it can still be used if the need.

Browser Repairs/Resets:

Please download Fix IE Utility then unzip the file to your desktop.

Now download this Microsoft FixIt and save it to the desktop.

Run the below tools in the order listed.

Fix IE Utility:

  • Close all open windows, especially Internet Explorer.
  • Right-click on Fix IE Utility and select Run as Administrator
  • Now click on the Run Utility button as shown in the image:-

fie1.gif

  • Wait until the following message appears:-
    fie2.gif

  • Then click on OK.

Reset IE8:

  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.

Note: Any add-ons will require to be reapplied after the above reset.

Reset FireFox:

  • Click on Start(Windows 7 Orb >> Run(or depress the Windows key and R together) to bring up the Run box and and copy and paste in and click OK:
    firefox.exe -safe-mode


  • In the open window, select Reset all user preferences to Firefox defaults.
  • Click on Make the changes and restart.
  • After FireFox restarts click on Check for Updates...

Now reboot your machine.

New Java Installation:

Note:- This is for the 32 bit version of Internet Explorer only.

  • Click here to visit Java's website.
  • Scroll down to JDK 6 Update 22 (JDK or JRE). Click on Download JRE.
  • Select Windows from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u22 with JavaFX License Agreement box and click on Continue.
  • Click on jre-6u22-windows-i586.exe link to download it and save this to a convenient location.
  • Right-click on jre-6u22-windows-i586.exe and select Run as Administrator to install Java.

Note:- If you also use the Internet Explorer (64-bit) browser with Windows 7 and want Java enabled you will require a separate 64 bit installation as follows:-

New 64 bit Java Installation:

  • Click here to visit Java's website.
  • Scroll down to JDK 6 Update 22 (JDK or JRE). Click on Download JRE.
  • Select Windows x64 from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u22 with JavaFX License Agreement box and click on Continue.
  • Click on jre-6u22-windows-x64.exe link to download it and save this to a convenient location.
  • Right-click on jre-6u22-windows-x64.exe and select Run as Administrator to install Java.

Clean Temp Files:

Click on Start(Windows 7 Orb) >> Run(or the depress Windows key and R together) to bring up the Run box type in cleanmgr and select OK.

  • Select Drive C from the drop down menu and click on OK.
  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Delete Files.

Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • Kaspersky report.

Link to post
Share on other sites

Is the actual drive inoperable?

the drive works fine, i can explore the dvd's or watch movies without problems. it's only installing programs that doesn't work

the link you provided for fix ie came up broken, but when i searched the website i found a program by that name and ran it. it seemed to work ok, but i'm not sure because when i tried to run the next utility (fixit), i got an error. the attached image is a screenshot of the image.

also i don't run firefox so i skipped that step. i do run chrome as my primary browser though.

when i tried to run kapersky it wouldn't even start in chrome so i closed it and ran it in IE. it downloaded all the files and the database but then errored out before it started to scan. it gave me an error 0: null.

so i guess no progress this time, same problems continuing. not sure if i mentioned it in this post, but this all started with the thinkpoint virus i picked up through a bogus trojan alert that my AV let through. thanks

post-57930-1289550599_thumb.jpg

Link to post
Share on other sites

Hi. :D

My apoligies about proviiding the incorrect URL for the Fix IE utility, please delete the copy you did find and we will come back to that and the other errors you mentioned.

the drive works fine, i can explore the dvd's or watch movies without problems. it's only installing programs that doesn't work

Thank you for the claification. Please run Rkill again. (I do not require to view the log)

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start(Windows 7 Orb) >> All Programs >> ERUNT >> Right-click on ERUNT and select Run as Administrator.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

:Files
C:\Users\mike\Application Data\install
C:\Users\mike\Application Data\hotfix.exe
C:\Users\mike\Application Data\completescan

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • The report should appear in Notepad afterwards.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: EOLS1.gif
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this may take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTL Log.
  • Malwarebytes Anti-Malware Log.
  • Eset Log.

Link to post
Share on other sites

i tried running erunt, but it gave me several access denied errors.

still having installation and updating "internet Security Setting" problems

i almost feel like i should be apologizing at this point for my computer's lack of cooperation, haha

OTL log:

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"Explorer.exe" /E : value set successfully!

========== FILES ==========

File\Folder C:\Users\mike\Application Data\install not found.

File\Folder C:\Users\mike\Application Data\hotfix.exe not found.

File\Folder C:\Users\mike\Application Data\completescan not found.

OTL by OldTimer - Version 3.2.17.3 log created on 11152010_005042

Link to post
Share on other sites

MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5118

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

11/15/2010 1:09:39 AM

mbam-log-2010-11-15 (01-09-39).txt

Scan type: Quick scan

Objects scanned: 145240

Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ESET log:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=fa2305d15d7518409ed5fc6079ddde9e

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-11-15 11:04:41

# local_time=2010-11-15 03:04:41 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=768 16777215 100 0 24402678 24402678 0 0

# compatibility_mode=5893 16776573 100 94 0 41358435 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=154080

# found=2

# cleaned=0

# scan_time=4095

C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan 00000000000000000000000000000000 I

C:\Users\Public\Documents\Server\sphlp.dll Win32/Bamital.DZ trojan 00000000000000000000000000000000 I

Link to post
Share on other sites

Hi. :)

i tried running erunt, but it gave me several access denied errors.

OK this will occur with Windows 7 and Erunt if you did not run Erunt in admin mode as it requires admin permissions to be able to create a backup successfully. If in the even you did this may be indication the registry is corrupted for example.

still having installation and updating "internet Security Setting" problems

i almost feel like i should be apologizing at this point for my computer's lack of cooperation, haha

No need to apologise, the fault is actually the malware that has been on-board and most likely made some changes to the operating system as a whole which may just not be able to be identified successfully....Though overall the fault is with the criminal lowlifes who create/peddle malware.

As it stands your machine has been badly infected and as I mentioned the very distinct possibility the operating system now damaged also, maybe even beyond repair at this point but I will still try on your behalf before advising a factory reset.

Add the Run... box for Windows 7:

Click on Start(Windows 7 Orb) >> right click on a empty space on the Start Menu and select Properties.

Now click on the Start Menu >> then on Customize....

Scroll down and select the Run Command box >> OK >> Apply >> OK.

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run..., then copy/paste the following command into the box and click on OK:
    recdisc.exe


  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-

WTSRD1.gif

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-

WTSRD2.gif

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Files
C:\Users\Public\Documents\Server

:Commands
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Run Windows 7 SRD:

After OTL has started to reboot your machine, actually boot from the Windows 7 SRD disc.

  • If not sure how to, a very good tutorial can be read here.
  • You will have to answer a few basic questions then select the option Repair your computer
  • At the the System Recovery Options screen click Windows 7 to highlight then Next>
  • Now click on/select Startup Repair
  • If prompted to use System Restore, select Cancel.
  • The same if prompted to Send information about this problem (recommended), select Don't send.
  • Click Finish when Startup Repair has completed, remove the SRD disc and then click on Restart

Windows 7 - System File Checker:

You may require a Windows 7 DVD for the below, if the scan asks for this merely cancel the scan as you do not have a installation DVD unfortunately.

  • Click on Start(Windows 7 Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue in the UAC prompt.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:
  • CD C:\
  • Then depress the Enter/Return key, then type in the following exactly:
  • sfc /scannow
  • Then depress the Enter/Return key.

Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

Next:

Please go here to download a specific Microsoft tool >> click on the Continue tab >> follow the prompts >> now click on the Download tab.

Save this file to the Desktop >> double-click on Windows6.1-KB947821-v7-x64 and follow the prompts.

Next:

When completed the above try Windows Update to see if it can locate any updates but do not install them just yet.

Then let myself know how your computer performing now? Any problems encountered and or any further symptoms? Plus the contents of the log created after running the custom OTM script.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Hi. :)

When completed the above try Windows Update to see if it can locate any updates but do not install them just yet.

Then let myself know how your computer performing now? Any problems encountered and or any further symptoms? Plus the contents of the log created after running the custom OTM script.

there was only one available update, it was a windows defender definitions update.

the only response i got from startup repair was that it said if i had connected a new camera or device to disconnect it. the only thing i had connected was my mouse.

still having the same "internet security settings have prevented ____________ from opening" errors even when i am offline.

OTL log:

All processes killed

========== FILES ==========

C:\Users\Public\Documents\Server folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: mike

->Temp folder emptied: 110055133 bytes

->Temporary Internet Files folder emptied: 50763619 bytes

->Java cache emptied: 128094 bytes

->Google Chrome cache emptied: 357468839 bytes

->Flash cache emptied: 17128 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5644 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 2270 bytes

Total Files Cleaned = 494.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11182010_212911

Files\Folders moved on Reboot...

C:\Users\mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

  • Root Admin

Would also like to get a new DDS log

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.

    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop

  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5166

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

11/22/2010 3:15:12 AM

mbam-log-2010-11-22 (03-15-12).txt

Scan type: Quick scan

Objects scanned: 143321

Time elapsed: 13 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.