1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved laptop pc having some concerns

Discussion in 'Malware and Virus Removal Archive' started by Forsaken Knight, 2011/05/28.

Page 1 of 3
  1. 2011/05/28
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    [Resolved] laptop pc having some concerns

    The following is a description of what I have experienced with the issues with my laptop. I first posted this on a game forum that I usually play. Within the description of the events that I have seen happen on my laptop, are several events that have happened recently which are of great concern for me. I have run mbrcheck, dds, hijackthis, mbam, avast, and gmer. I will post these logs after this first initial post.

    I was playing on my alt account, while logged in on another pc for my main to recover loyalty while I was busy. Now, lately, like in the past weeks, my game has been just crashing. I sent in a ticket about this crashing. I noticed also that at certain times, the connection to dfo was drastically slow. I checked to see if the site was slow, and yeah, the site was not loading properly. this was about a week ago. Anyways, earlier today, I was grinding on my sader, when in the middle of a solo run, my game had an error. It was the 0x00000007 error. I got the message that I was disconnected from the internet. I have itunes on all the time, and itunes was not turned off when I got this message, so I know that the internet was fine. I then checked my game on my other pc, and I was still logged in. I then tried to restart the game, but there was no response from the start button from the nexon web site. I then noticed no response at all from the dfo home page. Not even f5 refreshing did anything. I then decided to close the browser window and open a new one. The window opened up normally, and I checked other web sites, and the other web sites loaded normally. I then tried to go to dfo nexon home page, and the page wouldn't load, it would just stall. I then tried to go to dfo forums,and the same thing happened. I tried to go to dfo world wiki home page, and even though there was a long pause, the home page loaded. I then checked up on my other pc, and the same error message for my other account popped up. My other pc had to auto restart after I clicked on ok within the dfo game error window. I guess the error made a serious problem that my other pc had to reset. I then saw that on my pc that I was on that had the error originally showed breifly a bsod. The error was one with numbers and letters in the name of the error. The pc that I was originally talking about then auto restarted, but did not load properly. Stating that the drive was not detected. I then turned off my pc and turned it back on. The pc turned on normally. I then ran various scans and nothing was detected. I then went to the dfo home page and it loaded normally. I don't know where this bug came from. An error that halted activity on two seperate pc's and caused a bsod on one of my pc's.

    Please help me diagnose my laptop.
     
    Forsaken Knight,
    #1
  2. 2011/05/28
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    avast screen shot of what was found.

    Also, I ran an avast boot scan, and that boot scan found the following.

    C:\Program Files (x86)\Google\Update\Download\{810056AF-4D98-4087-84D1-16687A572F63}\Chrome_Updater.exel>chrome_patch.dff Error 42139{7ZIP archive is corrupted.}

    I wrote that down as the boot scan was during its scan in the percentage step of the boot scan.

    http://imageshack.us/photo/my-images/59/avastthingfoundonmay27f.png/
     
    Forsaken Knight,
    #2


  3. to hide this advert.

  4. 2011/05/28
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: eMachines
    BIOS Manufacturer: eMachines
    System Manufacturer: eMachines
    System Product Name: eMachines E725
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 194):
    0x02A1F000 \SystemRoot\system32\ntoskrnl.exe
    0x02FFB000 \SystemRoot\system32\hal.dll
    0x00BB2000 \SystemRoot\system32\kdcom.dll
    0x00C38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C7C000 \SystemRoot\system32\PSHED.dll
    0x00C90000 \SystemRoot\system32\CLFS.SYS
    0x00CEE000 \SystemRoot\system32\CI.dll
    0x00ECA000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F6E000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F7D000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FD4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FDD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x0106A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x010C6000 \SystemRoot\System32\drivers\mountmgr.sys
    0x010E0000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01000000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01009000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01033000 \SystemRoot\system32\drivers\amdxata.sys
    0x00DAE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0103E000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01251000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014A5000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01503000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0151D000 \SystemRoot\System32\Drivers\cng.sys
    0x01590000 \SystemRoot\System32\drivers\pcw.sys
    0x015A1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01648000 \SystemRoot\system32\drivers\ndis.sys
    0x0173A000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0179A000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01801000 \SystemRoot\System32\drivers\tcpip.sys
    0x015AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017C5000 \SystemRoot\System32\Drivers\spldr.sys
    0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
    0x017CD000 \SystemRoot\System32\Drivers\mup.sys
    0x017DF000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x017E8000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x03BA6000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03CF0000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x03D88000 \SystemRoot\System32\Drivers\Null.SYS
    0x03D91000 \SystemRoot\System32\Drivers\Beep.SYS
    0x03D98000 \SystemRoot\System32\drivers\vga.sys
    0x03DA6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x03DCB000 \SystemRoot\System32\drivers\watchdog.sys
    0x03DDB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x03DE4000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x03DED000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x03C00000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x03C0B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x03C1C000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x03C3A000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03C47000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x03C57000 \SystemRoot\system32\drivers\afd.sys
    0x03CE1000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03EFE000 \SystemRoot\system32\DRIVERS\vsdatant.sys
    0x03F93000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03F9C000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03FC2000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03FD8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03E1B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03E2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03E80000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03E8C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03E97000 \SystemRoot\System32\drivers\discache.sys
    0x03EA6000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03EC4000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x040AE000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x04121000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04804000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x04F0C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04137000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0417D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0418A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x041E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04269000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
    0x04544000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x04551000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x04564000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04569000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x04587000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    0x04593000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x045A2000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x045EB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x045ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04200000 \??\C:\Windows\system32\drivers\UBHelper.sys
    0x04208000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
    0x04210000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x0421D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04226000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04236000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04024000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0424C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04048000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04077000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03ED5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04092000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04258000 \SystemRoot\system32\drivers\SaiBus.sys
    0x04263000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x00E7F000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03FE7000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05077000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x050D1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x050E6000 \SystemRoot\system32\DRIVERS\SaiMini.sys
    0x050EA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05103000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05215000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0510C000 \SystemRoot\system32\drivers\portcls.sys
    0x05149000 \SystemRoot\system32\drivers\drmk.sys
    0x053F4000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05200000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0516B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00050000 \SystemRoot\System32\win32k.sys
    0x05178000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05184000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x03A45000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x05192000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x051A5000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x051B3000 \SystemRoot\system32\DRIVERS\point64.sys
    0x051C3000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005B0000 \SystemRoot\System32\TSDDD.dll
    0x007D0000 \SystemRoot\System32\cdd.dll
    0x00810000 \SystemRoot\System32\ATMFD.DLL
    0x05029000 \SystemRoot\system32\drivers\luafv.sys
    0x03B61000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x0504C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x05055000 \SystemRoot\system32\drivers\WudfPf.sys
    0x051DA000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x024D8000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0252B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0253E000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02556000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    0x02400000 \SystemRoot\system32\drivers\HTTP.sys
    0x02561000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0257F000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02597000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0641F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0646D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06490000 \SystemRoot\system32\drivers\peauth.sys
    0x06536000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06541000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0656E000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06580000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06C0C000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77C60000 \Windows\System32\ntdll.dll
    0x47D20000 \Windows\System32\smss.exe
    0xFFF80000 \Windows\System32\apisetschema.dll
    0xFF310000 \Windows\System32\autochk.exe
    0xFFF60000 \Windows\System32\nsi.dll
    0x77E30000 \Windows\System32\psapi.dll
    0xFFEC0000 \Windows\System32\clbcatq.dll
    0x77B60000 \Windows\System32\user32.dll
    0xFFCE0000 \Windows\System32\setupapi.dll
    0xFFC10000 \Windows\System32\usp10.dll
    0xFFBC0000 \Windows\System32\Wldap32.dll
    0xFFB90000 \Windows\System32\imm32.dll
    0xFFB10000 \Windows\System32\shlwapi.dll
    0xFF9E0000 \Windows\System32\rpcrt4.dll
    0xFF860000 \Windows\System32\urlmon.dll
    0xFF850000 \Windows\System32\lpk.dll
    0x77E20000 \Windows\System32\normaliz.dll
    0xFF640000 \Windows\System32\ole32.dll
    0xFF5C0000 \Windows\System32\difxapi.dll
    0xFF4B0000 \Windows\System32\msctf.dll
    0xFF250000 \Windows\System32\iertutil.dll
    0xFF230000 \Windows\System32\sechost.dll
    0xFF190000 \Windows\System32\comdlg32.dll
    0xFF0B0000 \Windows\System32\advapi32.dll
    0xFF090000 \Windows\System32\imagehlp.dll
    0xFE300000 \Windows\System32\shell32.dll
    0xFE260000 \Windows\System32\msvcrt.dll
    0x77A40000 \Windows\System32\kernel32.dll
    0xFE210000 \Windows\System32\ws2_32.dll
    0xFE1A0000 \Windows\System32\gdi32.dll
    0xFE0C0000 \Windows\System32\oleaut32.dll
    0xFDF90000 \Windows\System32\wininet.dll
    0xFDF50000 \Windows\System32\cfgmgr32.dll
    0xFDF10000 \Windows\System32\wintrust.dll
    0xFDE70000 \Windows\System32\comctl32.dll
    0xFDE50000 \Windows\System32\devobj.dll
    0xFDCE0000 \Windows\System32\crypt32.dll
    0xFDC70000 \Windows\System32\KernelBase.dll
    0xFDC60000 \Windows\System32\msasn1.dll
    0x76130000 \Windows\SysWOW64\normaliz.dll

    Processes (total 82):
    0 System Idle Process
    4 System
    336 C:\Windows\System32\smss.exe
    484 csrss.exe
    536 C:\Windows\System32\wininit.exe
    548 csrss.exe
    584 C:\Windows\System32\services.exe
    624 C:\Windows\System32\winlogon.exe
    632 C:\Windows\System32\lsass.exe
    640 C:\Windows\System32\lsm.exe
    764 C:\Windows\System32\svchost.exe
    864 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\svchost.exe
    992 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    472 C:\Windows\System32\audiodg.exe
    848 C:\Windows\System32\svchost.exe
    1084 C:\Windows\System32\svchost.exe
    1148 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    1308 C:\Windows\System32\dwm.exe
    1332 C:\Windows\explorer.exe
    1392 C:\Windows\System32\wlanext.exe
    1400 C:\Windows\System32\conhost.exe
    1608 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1636 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    1244 C:\Windows\System32\spoolsv.exe
    1472 C:\Windows\System32\taskhost.exe
    1704 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    1764 C:\Windows\System32\svchost.exe
    2056 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2128 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2192 C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
    2224 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2252 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2276 C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
    2388 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    2472 C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    2628 C:\Windows\System32\igfxtray.exe
    2684 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2776 C:\Windows\System32\igfxsrvc.exe
    2936 C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    2976 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3012 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3060 C:\Windows\System32\hkcmd.exe
    1228 C:\Windows\System32\igfxpers.exe
    2116 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    2108 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    504 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2532 C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    2620 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2500 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    3240 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    3328 C:\Windows\System32\SearchIndexer.exe
    3532 C:\Windows\System32\igfxext.exe
    3564 C:\Windows\System32\wbem\unsecapp.exe
    3632 WmiPrvSE.exe
    3740 C:\Windows\System32\svchost.exe
    3812 C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
    3856 C:\Program Files (x86)\Launch Manager\LManager.exe
    4108 C:\Windows\System32\svchost.exe
    4164 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4452 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    4564 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    4700 C:\Windows\System32\svchost.exe
    4756 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    4780 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    5060 C:\Program Files\iPod\bin\iPodService.exe
    3304 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    2432 C:\Windows\System32\svchost.exe
    2992 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    4024 C:\Windows\System32\taskeng.exe
    4992 C:\Windows\System32\svchost.exe
    2360 C:\Users\walmart\Desktop\dds.scr
    3888 C:\Windows\System32\conhost.exe
    3864 C:\Windows\SysWOW64\cmd.exe
    4852 C:\Users\walmart\Desktop\MBRCheck.exe
    3276 C:\Windows\System32\conhost.exe
    1364 C:\Windows\System32\dllhost.exe
    4480 C:\Users\walmart\Desktop\HijackThis.exe
    3368 C:\Windows\System32\SearchProtocolHost.exe
    2952 <unknown>
    2152 C:\Windows\System32\SearchFilterHost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`069e5800 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEVT-22ZCT0, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
    Forsaken Knight,
    #3
  5. 2011/05/28
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by walmart at 21:33:21.53 on Fri 05/27/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1714 [GMT -4:00]

    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\walmart\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/ig
    uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273603108715l04f4z1m5r4422023o
    mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273603108715l04f4z1m5r4422023o
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273603108715l04f4z1m5r4422023o
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe "
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    StartupFolder: C:\Users\walmart\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Security Engine Registrar - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
    TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [OOTag] C:\windows\oobeoffer\oobeoffer\ootag.exe
    mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon= "hidden "
    mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    mRun-x64: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\walmart\AppData\Roaming\Mozilla\Firefox\Profiles\obavtsyv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
    FF - component: C:\Users\walmart\AppData\Roaming\Mozilla\Firefox\Profiles\obavtsyv.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
    FF - component: C:\Users\walmart\AppData\Roaming\Mozilla\Firefox\Profiles\obavtsyv.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - Ext: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - %profile%\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}

    ============= SERVICES / DRIVERS ===============

    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-18 600920]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-5-3 287064]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-5-3 22360]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-5-3 64344]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-4-18 42184]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-11-5 844320]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 33008]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2009-10-14 823272]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
    R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-5 240160]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-5 58880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-13 135664]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-27 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-13 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-5 225280]
    S3 SaiH5F0D;SaiH5F0D;C:\Windows\System32\drivers\SaiH5F0D.sys [2007-5-1 171144]
    S3 SaiU5F0D;SaiU5F0D;C:\Windows\System32\drivers\SaiU5F0D.sys [2007-5-1 34304]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-4 1255736]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2x.sys [2010-7-9 553472]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    =============== Created Last 30 ================

    2011-05-28 01:26:34 -------- d-----w- C:\Users\walmart\AppData\Local\{72AFEB76-4517-4CC4-8888-B9FCD80E19E5}
    2011-05-27 19:17:45 8718160 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{C0D00183-CBB7-422B-8A2D-9755537157BE}\mpengine.dll
    2011-05-27 10:21:36 -------- d-----w- C:\Users\walmart\AppData\Local\{064E1AEB-08FC-4CE8-9715-7BC04626DC73}
    2011-05-26 12:08:03 -------- d-----w- C:\Users\walmart\AppData\Local\{14C37D11-6F38-49C5-AA6C-D44DBE612985}
    2011-05-25 13:21:07 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-25 13:14:27 -------- d-----w- C:\Users\walmart\AppData\Local\{DD93F1AD-6970-4C14-9B9B-F7AAEA5EE0AE}
    2011-05-22 23:40:13 -------- d-----w- C:\Users\walmart\AppData\Local\{4F4FC3F3-1C02-4D24-8E88-D24A33355A6D}
    2011-05-22 11:36:45 -------- d-----w- C:\Users\walmart\AppData\Local\{A262F216-724F-43E1-8A6E-E0FB5CFE7EF2}
    2011-05-21 17:47:14 -------- d-----w- C:\Users\walmart\AppData\Local\{8D4AC9FB-7303-41B9-B312-84885BBFBFD0}
    2011-05-18 20:18:48 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-18 20:18:48 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-18 20:01:52 -------- d-----w- C:\Users\walmart\AppData\Local\{E7AEDFFF-64D0-4A5F-8285-3E3FE257ABE0}
    2011-05-18 19:51:48 -------- d-----w- C:\Users\walmart\AppData\Local\{497590D8-8A6D-4734-915F-EE3C1FCA4DF8}
    2011-05-18 18:35:03 -------- d-----w- C:\Users\walmart\AppData\Local\{34791F86-9BC3-4DE8-B118-30E1B03CCB1B}
    2011-05-18 16:47:01 -------- d-----w- C:\Users\walmart\AppData\Local\{968A6565-3BD0-4899-8879-12F50A1DE76F}
    2011-05-18 00:16:08 -------- d-----w- C:\Users\walmart\AppData\Local\{5DA9594C-0E0A-4EFE-957D-AF2123A90B7B}
    2011-05-17 12:37:18 -------- d-----w- C:\Users\walmart\AppData\Local\{EF227575-327A-459E-B5CE-98614686A313}
    2011-05-16 15:48:00 -------- d-----w- C:\Users\walmart\AppData\Local\{DEDF877A-79BE-4E6E-AD69-6777616E200D}
    2011-05-16 06:40:58 -------- d-----w- C:\Users\walmart\AppData\Local\{3AAFE453-698C-48E8-9550-2CB7013DE1AC}
    2011-05-15 16:11:15 -------- d-----w- C:\Users\walmart\AppData\Local\{0D0B6A0F-8E3D-4505-A400-65647B897870}
    2011-05-14 18:28:05 -------- d-----w- C:\Users\walmart\AppData\Local\{7C50C130-B6F1-4C77-98F7-86FE872CFE5E}
    2011-05-13 17:28:21 -------- d-----w- C:\Users\walmart\AppData\Local\{541BEB2D-73B3-4E9A-9205-76A60E847809}
    2011-05-12 17:18:21 -------- d-----w- C:\Users\walmart\AppData\Local\{83D0E0D1-F357-40FA-802C-5FD959ADAC85}
    2011-05-11 16:23:04 -------- d-----w- C:\Users\walmart\AppData\Local\{B38A1B24-2264-44A8-9810-20EBDA044835}
    2011-05-11 10:45:35 -------- d-----w- C:\Users\walmart\AppData\Local\{DED73177-B5F8-4141-BE0D-B01C8F24FC51}
    2011-05-11 03:44:16 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 03:44:15 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 03:44:14 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-11 03:44:11 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 03:44:11 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 03:44:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 03:44:11 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 03:44:10 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 03:44:10 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 03:44:10 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-10 17:50:40 -------- d-----w- C:\Users\walmart\AppData\Local\{C8C52A38-C9E5-4F83-ACB2-43202F5A9375}
    2011-05-09 16:52:37 -------- d-----w- C:\Users\walmart\AppData\Local\{DA0F3494-043C-47A7-918F-FBA5587A710E}
    2011-05-07 13:38:00 -------- d-----w- C:\Users\walmart\AppData\Local\{75503FE0-FE72-4F44-87BE-5798A7998A14}
    2011-05-07 00:07:10 -------- d-----w- C:\Users\walmart\AppData\Local\{C4A52F2B-3C84-4AA2-BD63-CA9994A9E8F9}
    2011-05-06 10:23:29 -------- d-----w- C:\Users\walmart\AppData\Local\{395B9B4A-1B5D-4054-825E-FFBAA26AA288}
    2011-05-04 22:36:27 -------- d-----w- C:\Users\walmart\AppData\Local\{663D4798-30D0-4CA9-A4BF-8368C2D7714D}
    2011-05-04 03:14:03 -------- d-----w- C:\Users\walmart\AppData\Local\{8A63A842-8481-489D-AB95-1693C57A5159}
    2011-05-03 01:08:30 -------- d-----w- C:\Users\walmart\AppData\Local\{17A89B68-B3DF-4E29-8643-C2403AF0960A}
    2011-05-02 10:44:12 -------- d-----w- C:\Users\walmart\AppData\Local\{EB4C53F7-BD60-4289-AB6E-287F271D73BA}
    2011-04-30 18:56:56 -------- d-----w- C:\Users\walmart\AppData\Local\{E47338A3-E08D-4573-9580-576EAF2389EA}
    2011-04-30 00:40:26 -------- d-----w- C:\Users\walmart\AppData\Local\{1DBAE90F-E26D-4A97-B35B-BDFC1D510055}
    2011-04-29 05:17:31 -------- d-----w- C:\Users\walmart\AppData\Local\{73D3C98B-710E-4692-A71E-C928197C4709}
    2011-04-28 10:24:32 -------- d-----w- C:\Users\walmart\AppData\Local\{29458A3D-032E-4EB2-B780-B0D7624278EB}
    2011-04-28 05:56:18 -------- d-----w- C:\Users\walmart\AppData\Local\{C24968F7-7536-4A7A-BC8C-F2B736CA2E19}
    2011-04-28 02:35:16 -------- d-----w- C:\Program Files\iTunes
    2011-04-28 02:35:16 -------- d-----w- C:\Program Files\iPod
    2011-04-28 02:35:16 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-04-28 02:33:03 -------- d-----w- C:\Program Files\Bonjour
    2011-04-28 02:33:03 -------- d-----w- C:\Program Files (x86)\Bonjour

    ==================== Find3M ====================

    2011-04-18 17:25:12 40112 ----a-w- C:\Windows\avastSS.scr
    2011-04-18 17:17:59 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-04-18 17:13:13 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-04-06 20:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2011-04-06 20:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-04-06 20:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-04-06 20:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys

    ============= FINISH: 21:39:02.10 ===============
     
    Forsaken Knight,
    #4
  6. 2011/05/28
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/1/2010 6:28:55 AM
    System Uptime: 5/27/2011 9:25:17 PM (0 hours ago)

    Motherboard: eMachines | | eMachines E725
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | uPGA-478 | 2200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 221 GiB total, 158.929 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel

    ==== System Restore Points ===================

    RP236: 5/6/2011 6:27:00 AM - Windows Update
    RP237: 5/9/2011 1:02:33 PM - Windows Backup
    RP238: 5/10/2011 11:41:36 PM - Windows Update
    RP239: 5/11/2011 2:43:09 AM - Windows Update
    RP240: 5/13/2011 1:32:12 PM - Windows Update
    RP241: 5/15/2011 7:00:17 PM - Windows Backup
    RP242: 5/17/2011 8:41:43 AM - Windows Update
    RP243: 5/20/2011 3:00:18 AM - Windows Update
    RP244: 5/20/2011 12:37:49 PM - Windows Update
    RP245: 5/22/2011 7:50:05 PM - Windows Backup
    RP246: 5/24/2011 10:23:15 AM - Windows Update
    RP247: 5/26/2011 3:00:18 AM - Windows Update
    RP248: 5/27/2011 3:17:11 PM - Windows Update

    ==== Installed Programs ======================

    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Acrobat.com
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.4 MUI
    AirRivals_EN 1.0.0.39
    Apple Application Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    avast! Free Antivirus
    Compatibility Pack for the 2007 Office system
    D3DX10
    DFOLauncher
    eBay Worldwide
    eMachines Games
    eMachines Power Management
    eMachines Recovery Management
    eMachines Registration
    eMachines ScreenSaver
    eMachines Updater
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Identity Card
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    Launch Manager
    Malwarebytes' Anti-Malware
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.6)
    MSVCRT
    MSVCRT_amd64
    MyScribe
    Nexon Game Manager
    Norton Online Backup
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    OpenOffice.org 3.2
    Pando Media Booster
    QuickTime
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Safari
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    ZoneAlarm

    ==== End Of File ===========================
     
    Forsaken Knight,
    #5
  7. 2011/05/28
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6696

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    5/27/2011 10:35:43 PM
    mbam-log-2011-05-27 (22-35-43).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 298091
    Time elapsed: 1 hour(s), 4 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    Forsaken Knight,
    #6
  8. 2011/05/28
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-05-28 01:12:10
    Windows 6.1.7600
    Running: 2zhgrn2g.exe


    ---- Services - GMER 1.0.15 ----

    Service .NET CLR Data
    Service .NET CLR Networking
    Service .NET CLR Networking 4.0.0.0
    Service .NET Data Provider for Oracle
    Service .NET Data Provider for SqlServer
    Service .NETFramework
    Service system32\DRIVERS\1394ohci.sys (1394 OpenHCI Driver/Microsoft Corporation) [MANUAL] 1394ohci
    Service system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
    Service system32\DRIVERS\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation) [MANUAL] AcpiPmi
    Service system32\DRIVERS\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [MANUAL] adp94xx
    Service system32\DRIVERS\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [MANUAL] adpahci
    Service system32\DRIVERS\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [MANUAL] adpu320
    Service adsi
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AeLookupSvc
    Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
    Service system32\DRIVERS\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
    Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
    Service system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [MANUAL] aliide
    Service system32\DRIVERS\amdide.sys (AMD IDE Driver/Microsoft Corporation) [MANUAL] amdide
    Service system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
    Service system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdPPM
    Service system32\drivers\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [MANUAL] amdsata
    Service system32\DRIVERS\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform/AMD Technologies Inc.) [MANUAL] amdsbs
    Service system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata
    Service system32\drivers\appid.sys (AppID Driver/Microsoft Corporation) [MANUAL] AppID
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AppIDSvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
    Service C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
    Service system32\DRIVERS\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [MANUAL] arc
    Service system32\DRIVERS\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [MANUAL] arcsas
    Service (avast! File System Access Blocking Driver/AVAST Software) [AUTO] aswFsBlk
    Service C:\Windows\system32\drivers\aswMonFlt.sys (avast! File System Minifilter for Windows 2003/Vista/AVAST Software) [AUTO] aswMonFlt
    Service (avast! TDI RDR Driver/AVAST Software) [SYSTEM] aswRdr
    Service (avast! Virtualization Driver/AVAST Software) [SYSTEM] aswSnx
    Service (avast! self protection module/AVAST Software) [SYSTEM] aswSP
    Service (avast! TDI Filter Driver/AVAST Software) [SYSTEM] aswTdi
    Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
    Service system32\DRIVERS\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioSrv
    Service C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (avast! Service/AVAST Software) [AUTO] avast! Antivirus
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AxInstSV
    Service system32\DRIVERS\bxvbda.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv
    Service system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation) [MANUAL] b57nd60a
    Service (Battery Class Driver/Microsoft Corporation) BattC
    Service system32\DRIVERS\bcmwl664.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XX
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] BDESVC
    Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
    Service system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [SYSTEM] blbdrive
    Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
    Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
    Service system32\DRIVERS\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
    Service system32\DRIVERS\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Browser
    Service System32\Drivers\Brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] Brserid
    Service System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
    Service System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
    Service System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
    Service system32\DRIVERS\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM
    Service BTHPORT
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] bthserv
    Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
    Service system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
    Service system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass
    Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
    Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32
    Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_64
    Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32
    Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_64
    Service system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
    Service system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [MANUAL] cmdide
    Service System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) [BOOT] CNG
    Service system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
    Service system32\DRIVERS\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) [MANUAL] CompositeBus
    Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
    Service system32\DRIVERS\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [DISABLED] crcdisk
    Service crypt32
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
    Service DCLocator
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] defragsvc
    Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
    Service System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache
    Service system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
    Service C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek 64-bit PS/2 Keyboard Filter Driver/Dritek System Inc.) [MANUAL] DKbFltr
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
    Service system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation) [MANUAL] drmkaud
    Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
    Service C:\Windows\system32\drivers\EagleX64.sys [MANUAL] EagleX64
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
    Service system32\DRIVERS\evbda.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv
    Service C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] EFS
    Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
    Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
    Service system32\DRIVERS\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [MANUAL] elxstor
    Service C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe (ePowerSvc/Acer Incorporated) [AUTO] ePowerSvc
    Service system32\DRIVERS\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev
    Service ESENT
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] eventlog
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
    Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
    Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
    Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax
    Service system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] FDResPub
    Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
    Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
    Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
    Service system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FontCache
    Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
    Service System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation) [MANUAL] FsDepends
    Service system32\DRIVERS\fssfltr.sys (Family Safety Filter Driver (WFP Callout)/Microsoft Corporation) [MANUAL] fssfltr
    Service C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation) [MANUAL] fsssvc
    Service (File System Recognizer Driver/Microsoft Corporation) [BOOT] Fs_Rec
    Service System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [BOOT] fvevol
    Service system32\DRIVERS\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
    Service C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (GameConsoleService/WildTangent, Inc.) [MANUAL] GameConsoleService
    Service system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
    Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Global Registration Service/Acer Incorporated) [AUTO] Greg_Service
    Service C:\Program [AUTO] gupdate
    Service C:\Program [MANUAL] gupdatem
    Service C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
    Service system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir
    Service system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
    Service system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
    Service system32\DRIVERS\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt
    Service system32\DRIVERS\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [MANUAL] HidBth
    Service system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hidserv
    Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] HomeGroupListener
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] HomeGroupProvider
    Service system32\DRIVERS\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [MANUAL] HpSAMD
    Service system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
    Service System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) [BOOT] hwpolicy
    Service system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [MANUAL] i8042prt
    Service C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) [AUTO] IAANTMON
    Service ialm
    Service system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor
    Service system32\drivers\iaStorV.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [MANUAL] iaStorV
    Service C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
    Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
    Service system32\DRIVERS\igdkmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx
    Service system32\DRIVERS\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [MANUAL] iirsp
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
    Service inetaccs
    Service system32\drivers\RTKVHD64.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
    Service system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [MANUAL] intelide
    Service system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
    Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
    Service system32\DRIVERS\IPMIDrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [MANUAL] IPMIDRV
    Service System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
    Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc.) [MANUAL] iPod Service
    Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
    Service system32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [MANUAL] isapnp
    Service system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
    Service C:\??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [AUTO] ISWKL
    Service C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (ZoneAlarm ForceField/Check Point Software Technologies) [AUTO] IswSvc
    Service system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [MANUAL] kbdclass
    Service system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [MANUAL] kbdhid
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
    Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
    Service System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) [BOOT] KSecPkg
    Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] KtmRm
    Service system32\DRIVERS\L1C62x64.sys (Atheros L1c PCI-E Gigabit Ethernet Controller/Atheros Communications, Inc.) [MANUAL] L1C
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
    Service ldap
    Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
    Service Lsa
    Service system32\DRIVERS\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [MANUAL] LSI_FC
    Service system32\DRIVERS\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS
    Service system32\DRIVERS\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS2
    Service system32\DRIVERS\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SCSI
    Service system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
    Service C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe (Component Host Service/McAfee, Inc.) [MANUAL] McComponentHostService
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
    Service system32\DRIVERS\megasas.sys (MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64/LSI Corporation) [MANUAL] megasas
    Service system32\DRIVERS\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [MANUAL] MegaSR
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
    Service system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
    Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
    Service system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [MANUAL] mouclass
    Service system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
    Service System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] mountmgr
    Service system32\DRIVERS\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [MANUAL] mpio
    Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
    Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
    Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
    Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
    Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
    Service system32\DRIVERS\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [MANUAL] msahci
    Service system32\DRIVERS\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [MANUAL] msdsm
    Service C:\Windows\System32\msdtc.exe (Microsoft Distributed Transaction Coordinator Service/Microsoft Corporation) [MANUAL] MSDTC
    Service MSDTC Bridge 3.0.0.0
    Service MSDTC Bridge 4.0.0.0
    Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
    Service System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation) [MANUAL] mshidkmdf
    Service system32\DRIVERS\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
    Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
    Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
    Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
    Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
    Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
    Service MSSCNTRS
    Service system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios
    Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
    Service system32\DRIVERS\MTConfig.sys (Microsoft Multi-Touch HID Driver/Microsoft Corporation) [MANUAL] MTConfig
    Service System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) [BOOT] Mup
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
    Service system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
    Service system32\drivers\ndis.sys (NDIS 6.20 driver/Microsoft Corporation) [BOOT] NDIS
    Service system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation) [MANUAL] NdisCap
    Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
    Service system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
    Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
    Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
    Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
    Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] netprofm
    Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
    Service system32\DRIVERS\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [MANUAL] nfrd960
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] nosGetPlusHelper
    Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi
    Service system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
    Service NTDS
    Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs
    Service C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NTI Backup Now 5 BackupSvc Application/NewTech InfoSystems, Inc.) [MANUAL] NTIBackupSvc
    Service C:\Windows\system32\drivers\NTIDrvr.sys (NTI CD-ROM Filter Driver/NewTech Infosystems, Inc.) [MANUAL] NTIDrvr
    Service C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NTI Backup Now 5 SchedulerSvc NT Service/NewTech Infosystems, Inc.) [AUTO] NTISchedulerSvc
    Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
    Service system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [MANUAL] nvraid
    Service system32\drivers\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [MANUAL] nvstor
    Service system32\DRIVERS\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp
    Service C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
    Service system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
    Service C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
    Service Outlook
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
    Service system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
    Service System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc
    Service system32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
    Service system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [MANUAL] pciide
    Service system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [MANUAL] pcmcia
    Service System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) [BOOT] pcw
    Service system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
    Service PerfDisk
    Service C:\Windows\SysWow64\perfhost.exe (x86 Performance Counter Host/Microsoft Corporation) [MANUAL] PerfHost
    Service PerfNet
    Service PerfOS
    Service PerfProc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc
    Service system32\DRIVERS\point64.sys (Point64k.sys/Microsoft Corporation) [MANUAL] Point64
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PolicyAgent
    Service PortProxy
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Power
    Service system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
    Service system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
    Service system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] Psched
    Service system32\DRIVERS\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [MANUAL] ql2300
    Service system32\DRIVERS\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [MANUAL] ql40xx
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE
    Service system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv
    Service System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [MANUAL] RasAcd
    Service system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation) [MANUAL] RasAgileVpn
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto
    Service system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan
    Service system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
    Service system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp
    Service system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss
    Service system32\DRIVERS\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation) [MANUAL] rdpbus
    Service System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
    Service RDPDD
    Service system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
    Service RDPNP
    Service system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation) [SYSTEM] RDPREFMP
    Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
    Service System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) [BOOT] rdyboost
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcEptMapper
    Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
    Service system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
    Service C:\Windows\System32\Drivers\RtsUStor.sys (Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Realtek Semiconductor Corp.) [MANUAL] RSUSBSTOR
    Service system32\DRIVERS\SaiH5F0D.sys (Saitek Hid Driver/Saitek)
     
    Forsaken Knight,
    #7
  9. 2011/05/28
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    [MANUAL] SaiH5F0D
    Service system32\DRIVERS\SaiMini.sys (Saitek Magic Mini Driver/Saitek) [MANUAL] SaiMini
    Service system32\drivers\SaiBus.sys (Saitek Magic Bus/Saitek) [MANUAL] SaiNtBus
    Service system32\DRIVERS\SaiU5F0D.sys (Saitek Usb Driver/Saitek) [MANUAL] SaiU5F0D
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
    Service system32\DRIVERS\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [MANUAL] sbp2port
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
    Service System32\DRIVERS\scfilter.sys (Microsoft Smart Card Reader Filter Driver/Microsoft Corporation) [MANUAL] scfilter
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
    Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] seclogon
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SensrSvc
    Service system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
    Service system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial
    Service system32\DRIVERS\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [MANUAL] sermouse
    Service ServiceModelEndpoint 3.0.0.0
    Service ServiceModelOperation 3.0.0.0
    Service ServiceModelService 3.0.0.0
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
    Service system32\DRIVERS\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk
    Service system32\DRIVERS\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
    Service system32\DRIVERS\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
    Service system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] SharedAccess
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
    Service system32\DRIVERS\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [MANUAL] SiSRaid2
    Service system32\DRIVERS\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [MANUAL] SiSRaid4
    Service system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [MANUAL] Smb
    Service SMSvcHost 3.0.0.0
    Service SMSvcHost 4.0.0.0
    Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
    Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
    Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
    Service C:\Windows\system32\sppsvc.exe (Microsoft Software Protection Platform Service/Microsoft Corporation) [AUTO] sppsvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] sppuinotify
    Service System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
    Service System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
    Service System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc
    Service system32\DRIVERS\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [MANUAL] stexstor
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] stisvc
    Service system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
    Service system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) [MANUAL] SynTP
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TabletInputService
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TBS
    Service System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [BOOT] Tcpip
    Service system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] TCPIP6
    Service TCPIP6TUNNEL
    Service System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
    Service TCPIPTUNNEL
    Service system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
    Service system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
    Service system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
    Service system32\DRIVERS\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) [SYSTEM] TermDD
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TermService
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
    Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
    Service TSDDD
    Service System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
    Service system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
    Service system32\DRIVERS\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
    Service C:\Windows\system32\drivers\UBHelper.sys (NTI CDROM Filter Driver/NewTech Infosystems Corporation) [MANUAL] UBHelper
    Service system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
    Service UGatherer
    Service UGTHRSVC
    Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
    Service system32\DRIVERS\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
    Service system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
    Service system32\DRIVERS\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass
    Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Update Service/Acer) [AUTO] Updater Service
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] upnphost
    Service system32\drivers\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
    Service system32\DRIVERS\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir
    Service system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
    Service system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
    Service system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
    Service system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
    Service system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
    Service system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
    Service System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] VaultSvc
    Service system32\DRIVERS\vdrvroot.sys (Virtual Drive Root Enumerator/Microsoft Corporation) [BOOT] vdrvroot
    Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
    Service system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
    Service System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
    Service system32\DRIVERS\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation) [MANUAL] vhdmp
    Service system32\DRIVERS\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [MANUAL] viaide
    Service system32\DRIVERS\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
    Service System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx
    Service system32\DRIVERS\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap
    Service C:\Windows\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) [SYSTEM] Vsdatant
    Service C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (TrueVector Service/Check Point Software Technologies LTD) [AUTO] vsmon
    Service system32\DRIVERS\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [MANUAL] vsmraid
    Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
    Service system32\DRIVERS\vwifibus.sys (Virtual WiFi Bus Driver/Microsoft Corporation) [MANUAL] vwifibus
    Service system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation) [SYSTEM] vwififlt
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] W32Time
    Service W3SVC
    Service system32\DRIVERS\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen
    Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] WANARP
    Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
    Service C:\Windows\system32\Wat\WatAdminSvc.exe (Windows Activation Technologies Service/Microsoft Corporation) [MANUAL] WatAdminSvc
    Service C:\Windows\system32\wbengine.exe (Microsoft® Block Level Backup Engine Service EXE/Microsoft Corporation) [MANUAL] wbengine
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WbioSrvc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService
    Service system32\DRIVERS\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [MANUAL] Wd
    Service system32\drivers\Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) [BOOT] Wdf01000
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WebClient
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WerSvc
    Service system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation) [SYSTEM] WfpLwf
    Service C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend
    Service Windows Workflow Foundation 3.0.0.0
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM
    Service [MANUAL] Winsock
    Service WinSock2
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc
    Service C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Windows Live Mesh Remote Desktop Service/Microsoft Corporation) [DISABLED] wlcrasvc
    Service C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft® Windows Live ID Service/Microsoft Corp.) [AUTO] wlidsvc
    Service system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi
    Service WmiApRpl
    Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
    Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc
    Service system32\DRIVERS\WN111v2x.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.) [MANUAL] WN111v2
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPDBusEnum
    Service system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc
    Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch
    Service WSearchIdxPi
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv
    Service system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
    Service system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WwanSvc
    Service xmlprov
    Service {0ACAFB23-3CB5-48B5-9D25-9351FC1E144F}
    Service {DD5D3D63-591C-47D3-8673-1AEDDEB14120}
    Service {E8B8509B-2D36-4A1C-A99C-11394430D6FD}

    ---- EOF - GMER 1.0.15 ----
     
    Forsaken Knight,
    #8
  10. 2011/05/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    So far, all looks clean...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #9
  11. 2011/05/31
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 05/31/2011 at 15:27:40.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 05/31/2011 at 15:27:57.
     
    Forsaken Knight,
    #10
  12. 2011/05/31
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    ComboFix 11-05-31.01 - walmart 05/31/2011 15:31:18.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3002.1877 [GMT -4:00]
    Running from: c:\users\walmart\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\walmart\Desktop\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-31 19:46 . 2011-05-31 19:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-31 19:29 . 2011-05-31 19:29 -------- d-----w- C:\32788R22FWJFW
    2011-05-31 19:17 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE40AB01-321D-4FC6-8505-5703D712B94C}\mpengine.dll
    2011-05-31 19:13 . 2011-05-31 19:14 -------- d-----w- c:\users\walmart\AppData\Local\{9EC41777-1E4D-436F-8DEF-1418CB459D94}
    2011-05-30 11:32 . 2011-05-30 11:32 -------- d-----w- c:\users\walmart\AppData\Local\{C9EFAF33-B532-4A91-BCCB-0F1181BF81CA}
    2011-05-29 19:39 . 2011-05-29 19:39 -------- d-----w- c:\users\walmart\AppData\Local\{C085DAE3-76BF-4BC5-AE0C-B47D21A3CBD8}
    2011-05-28 20:11 . 2011-05-28 20:11 -------- d-----w- c:\users\walmart\AppData\Local\{5E1483C6-2CD6-4FD5-BEB4-429E9E645FEF}
    2011-05-28 01:26 . 2011-05-28 01:26 -------- d-----w- c:\users\walmart\AppData\Local\{72AFEB76-4517-4CC4-8888-B9FCD80E19E5}
    2011-05-27 10:21 . 2011-05-27 10:21 -------- d-----w- c:\users\walmart\AppData\Local\{064E1AEB-08FC-4CE8-9715-7BC04626DC73}
    2011-05-26 12:08 . 2011-05-26 12:08 -------- d-----w- c:\users\walmart\AppData\Local\{14C37D11-6F38-49C5-AA6C-D44DBE612985}
    2011-05-25 13:21 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-25 13:14 . 2011-05-25 13:14 -------- d-----w- c:\users\walmart\AppData\Local\{DD93F1AD-6970-4C14-9B9B-F7AAEA5EE0AE}
    2011-05-22 23:40 . 2011-05-22 23:40 -------- d-----w- c:\users\walmart\AppData\Local\{4F4FC3F3-1C02-4D24-8E88-D24A33355A6D}
    2011-05-22 11:36 . 2011-05-22 11:36 -------- d-----w- c:\users\walmart\AppData\Local\{A262F216-724F-43E1-8A6E-E0FB5CFE7EF2}
    2011-05-21 17:47 . 2011-05-21 17:47 -------- d-----w- c:\users\walmart\AppData\Local\{8D4AC9FB-7303-41B9-B312-84885BBFBFD0}
    2011-05-18 20:18 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-18 20:18 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-18 20:01 . 2011-05-18 20:01 -------- d-----w- c:\users\walmart\AppData\Local\{E7AEDFFF-64D0-4A5F-8285-3E3FE257ABE0}
    2011-05-18 19:51 . 2011-05-18 19:51 -------- d-----w- c:\users\walmart\AppData\Local\{497590D8-8A6D-4734-915F-EE3C1FCA4DF8}
    2011-05-18 18:35 . 2011-05-18 18:35 -------- d-----w- c:\users\walmart\AppData\Local\{34791F86-9BC3-4DE8-B118-30E1B03CCB1B}
    2011-05-18 16:47 . 2011-05-18 16:47 -------- d-----w- c:\users\walmart\AppData\Local\{968A6565-3BD0-4899-8879-12F50A1DE76F}
    2011-05-18 00:16 . 2011-05-18 00:16 -------- d-----w- c:\users\walmart\AppData\Local\{5DA9594C-0E0A-4EFE-957D-AF2123A90B7B}
    2011-05-17 12:37 . 2011-05-17 12:37 -------- d-----w- c:\users\walmart\AppData\Local\{EF227575-327A-459E-B5CE-98614686A313}
    2011-05-16 15:48 . 2011-05-16 15:48 -------- d-----w- c:\users\walmart\AppData\Local\{DEDF877A-79BE-4E6E-AD69-6777616E200D}
    2011-05-16 06:40 . 2011-05-16 06:40 -------- d-----w- c:\users\walmart\AppData\Local\{3AAFE453-698C-48E8-9550-2CB7013DE1AC}
    2011-05-15 16:11 . 2011-05-15 16:11 -------- d-----w- c:\users\walmart\AppData\Local\{0D0B6A0F-8E3D-4505-A400-65647B897870}
    2011-05-14 18:28 . 2011-05-14 18:28 -------- d-----w- c:\users\walmart\AppData\Local\{7C50C130-B6F1-4C77-98F7-86FE872CFE5E}
    2011-05-13 17:28 . 2011-05-13 17:28 -------- d-----w- c:\users\walmart\AppData\Local\{541BEB2D-73B3-4E9A-9205-76A60E847809}
    2011-05-12 17:18 . 2011-05-12 17:18 -------- d-----w- c:\users\walmart\AppData\Local\{83D0E0D1-F357-40FA-802C-5FD959ADAC85}
    2011-05-11 16:23 . 2011-05-11 16:23 -------- d-----w- c:\users\walmart\AppData\Local\{B38A1B24-2264-44A8-9810-20EBDA044835}
    2011-05-11 10:45 . 2011-05-11 10:45 -------- d-----w- c:\users\walmart\AppData\Local\{DED73177-B5F8-4141-BE0D-B01C8F24FC51}
    2011-05-11 03:44 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-11 03:44 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-11 03:44 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-05-11 03:44 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 03:44 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 03:44 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 03:44 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 03:44 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 03:44 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 03:44 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-10 17:50 . 2011-05-10 17:50 -------- d-----w- c:\users\walmart\AppData\Local\{C8C52A38-C9E5-4F83-ACB2-43202F5A9375}
    2011-05-09 16:52 . 2011-05-09 16:52 -------- d-----w- c:\users\walmart\AppData\Local\{DA0F3494-043C-47A7-918F-FBA5587A710E}
    2011-05-07 13:38 . 2011-05-07 13:38 -------- d-----w- c:\users\walmart\AppData\Local\{75503FE0-FE72-4F44-87BE-5798A7998A14}
    2011-05-07 00:07 . 2011-05-07 00:07 -------- d-----w- c:\users\walmart\AppData\Local\{C4A52F2B-3C84-4AA2-BD63-CA9994A9E8F9}
    2011-05-06 10:23 . 2011-05-06 10:23 -------- d-----w- c:\users\walmart\AppData\Local\{395B9B4A-1B5D-4054-825E-FFBAA26AA288}
    2011-05-04 22:36 . 2011-05-04 22:36 -------- d-----w- c:\users\walmart\AppData\Local\{663D4798-30D0-4CA9-A4BF-8368C2D7714D}
    2011-05-04 03:14 . 2011-05-04 03:14 -------- d-----w- c:\users\walmart\AppData\Local\{8A63A842-8481-489D-AB95-1693C57A5159}
    2011-05-03 01:08 . 2011-05-03 01:08 -------- d-----w- c:\users\walmart\AppData\Local\{17A89B68-B3DF-4E29-8643-C2403AF0960A}
    2011-05-02 10:44 . 2011-05-02 10:44 -------- d-----w- c:\users\walmart\AppData\Local\{EB4C53F7-BD60-4289-AB6E-287F271D73BA}
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-18 17:25 . 2011-01-09 22:27 40112 ----a-w- c:\windows\avastSS.scr
    2011-04-18 17:25 . 2010-05-03 04:02 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-04-18 17:25 . 2011-02-05 20:05 253888 ----a-w- c:\windows\system32\aswBoot.exe
    2011-04-18 17:18 . 2010-05-03 04:02 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-04-18 17:17 . 2011-04-18 20:34 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-04-18 17:16 . 2010-05-03 04:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-04-18 17:13 . 2010-05-03 04:02 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-04-18 17:13 . 2010-05-03 04:02 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-04-18 17:13 . 2010-05-03 04:02 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-03-12 16:43 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-12 12:03 . 2011-04-27 19:51 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-03-12 11:31 . 2011-04-27 19:51 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-03-11 06:23 . 2011-04-27 19:50 187264 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-03-11 06:23 . 2011-04-27 19:50 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-03-11 06:23 . 2011-04-27 19:50 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-03-11 06:23 . 2011-04-27 19:50 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-03-11 06:23 . 2011-04-27 19:50 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-03-11 06:22 . 2011-04-27 19:50 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-03-11 06:22 . 2011-04-27 19:50 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-03-11 06:19 . 2011-04-15 17:06 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:19 . 2011-04-15 17:06 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 06:18 . 2011-04-27 19:50 2566144 ----a-w- c:\windows\system32\esent.dll
    2011-03-11 06:15 . 2011-04-27 19:50 96768 ----a-w- c:\windows\system32\fsutil.exe
    2011-03-11 05:40 . 2011-04-15 17:06 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-11 05:40 . 2011-04-15 17:06 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-11 05:39 . 2011-04-27 19:50 1686016 ----a-w- c:\windows\SysWow64\esent.dll
    2011-03-11 05:37 . 2011-04-27 19:50 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2011-03-08 06:14 . 2011-04-15 17:05 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:38 . 2011-04-15 17:05 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-04 06:17 . 2011-04-27 19:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17 . 2011-04-27 19:51 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17 . 2011-04-15 17:05 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 06:14 . 2011-04-15 17:05 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 05:27 . 2011-04-15 17:05 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58 . 2011-04-15 17:07 3133440 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "= "c:\program files (x86)\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
    .
    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
    2010-05-09 15:50 2517088 ----a-w- c:\program files (x86)\ZoneAlarm\tbZone.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "= "c:\program files (x86)\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
    .
    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408]
    "msnmsgr "= "c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LManager "= "c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
    "Adobe Reader Speed Launcher "= "c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "NortonOnlineBackupReminder "= "c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "AppleSyncNotifier "= "c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
    "ZoneAlarm Client "= "c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
    "SunJavaUpdateSched "= "c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper "= "c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    .
    c:\users\walmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 5 (0x5)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2x.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-09-30 844320]
    S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 33008]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 823272]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
    S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
    S3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [x]
    S3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 04:02]
    .
    2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-13 04:02]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @= "{472083B0-C522-11CF-8763-00608CC02F24} "
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-04-18 17:25 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif "= "c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
    "Acer ePower Management "= "c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]
    "OOTag "= "c:\windows\oobeoffer\oobeoffer\ootag.exe" [2009-09-28 23072]
    "ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 1116136]
    "IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
    "ProfilerU "= "c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 357888]
    "SaiMfd "= "c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 194560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273603108715l04f4z1m5r4422023o
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\walmart\AppData\Roaming\Mozilla\Firefox\Profiles\obavtsyv.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - Ext: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - %profile%\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker3 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-31 16:17:43
    ComboFix-quarantined-files.txt 2011-05-31 20:17
    .
    Pre-Run: 170,522,234,880 bytes free
    Post-Run: 170,264,162,304 bytes free
    .
    - - End Of File - - 6E4B5B1FFDE249D3749CA46D401D3A1B
     
    Forsaken Knight,
    #11
  13. 2011/05/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not much there either.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #12
  14. 2011/06/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    OTL logfile created on: 6/1/2011 11:58:19 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\walmart\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.24% Memory free
    6.15 Gb Paging File | 4.72 Gb Available in Paging File | 76.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.78 Gb Total Space | 157.93 Gb Free Space | 71.53% Space Free | Partition Type: NTFS

    Computer Name: WALMART-PC | User Name: walmart | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/01 23:47:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\walmart\Desktop\OTL.exe
    PRC - [2011/05/16 11:55:03 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2009/10/13 15:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/01 23:47:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\walmart\Desktop\OTL.exe
    MOD - [2011/05/20 03:02:23 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll
    MOD - [2011/05/20 03:02:23 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll
    MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2010/05/26 09:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
    MOD - [2009/12/29 02:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/05/26 09:35:34 | 000,823,272 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
    SRV - [2010/11/29 11:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
    SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/08 16:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/10/13 15:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/05/10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2010/05/26 09:35:12 | 000,033,008 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2009/10/13 15:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/01 23:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/10 11:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
    DRV:64bit: - [2009/06/10 11:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2008/09/30 06:22:32 | 000,553,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2x.sys -- (WN111v2)
    DRV:64bit: - [2007/05/01 15:48:56 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiH5F0D.sys -- (SaiH5F0D)
    DRV:64bit: - [2007/05/01 15:48:56 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU5F0D.sys -- (SaiU5F0D)
    DRV - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
    DRV - [2009/09/01 21:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273603108715l04f4z1m5r4422023o
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273603108715l04f4z1m5r4422023o
    IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
    IE - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: " "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms} "
    FF - prefs.js..browser.search.selectedEngine: " "
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
    FF - prefs.js..network.proxy.no_proxies_on: "*.local "
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/10/17 10:59:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/27 22:31:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/27 22:31:41 | 000,000,000 | ---D | M]

    [2010/06/30 00:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\walmart\AppData\Roaming\mozilla\Extensions
    [2010/11/10 22:15:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\walmart\AppData\Roaming\mozilla\Firefox\Profiles\obavtsyv.default\extensions
    [2010/10/17 10:58:42 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Users\walmart\AppData\Roaming\mozilla\Firefox\Profiles\obavtsyv.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
    [2010/09/01 19:56:32 | 000,000,861 | ---- | M] () -- C:\Users\walmart\AppData\Roaming\Mozilla\Firefox\Profiles\obavtsyv.default\searchplugins\conduit.xml
    [2011/03/22 19:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/08/23 16:50:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/02/05 17:29:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/22 19:38:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2010/10/17 10:59:09 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/05/31 15:46:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
    O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O3:64bit: - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [OOTag] C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe (Microsoft)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe ()
    O4 - Startup: C:\Users\walmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2631836602-637535096-2860635993-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/01 23:46:52 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\walmart\Desktop\OTL.exe
    [2011/06/01 23:21:04 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{173231D0-CED5-4738-B7FD-1C339F0787ED}
    [2011/06/01 09:36:09 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{DD38BFFD-5F39-4F88-98CF-7B00A1266A84}
    [2011/06/01 09:35:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/31 15:29:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/31 15:29:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/31 15:29:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/31 15:29:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/31 15:29:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/31 15:29:03 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/05/31 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\walmart\Desktop\windowsbbs thread for laptop on may 31 2011
    [2011/05/31 15:21:12 | 004,109,019 | R--- | C] (Swearware) -- C:\Users\walmart\Desktop\ComboFix.exe
    [2011/05/31 15:13:54 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{9EC41777-1E4D-436F-8DEF-1418CB459D94}
    [2011/05/30 07:32:00 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{C9EFAF33-B532-4A91-BCCB-0F1181BF81CA}
    [2011/05/29 15:39:11 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{C085DAE3-76BF-4BC5-AE0C-B47D21A3CBD8}
    [2011/05/28 16:11:15 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{5E1483C6-2CD6-4FD5-BEB4-429E9E645FEF}
    [2011/05/27 21:26:34 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{72AFEB76-4517-4CC4-8888-B9FCD80E19E5}
    [2011/05/27 06:21:36 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{064E1AEB-08FC-4CE8-9715-7BC04626DC73}
    [2011/05/26 08:08:03 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{14C37D11-6F38-49C5-AA6C-D44DBE612985}
    [2011/05/25 09:14:27 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{DD93F1AD-6970-4C14-9B9B-F7AAEA5EE0AE}
    [2011/05/22 19:40:13 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{4F4FC3F3-1C02-4D24-8E88-D24A33355A6D}
    [2011/05/22 07:36:45 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{A262F216-724F-43E1-8A6E-E0FB5CFE7EF2}
    [2011/05/21 13:47:14 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{8D4AC9FB-7303-41B9-B312-84885BBFBFD0}
    [2011/05/20 14:36:46 | 000,000,000 | ---D | C] -- C:\Users\walmart\Desktop\just to make it easier
    [2011/05/18 16:01:52 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{E7AEDFFF-64D0-4A5F-8285-3E3FE257ABE0}
    [2011/05/18 15:51:48 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{497590D8-8A6D-4734-915F-EE3C1FCA4DF8}
    [2011/05/18 14:35:03 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{34791F86-9BC3-4DE8-B118-30E1B03CCB1B}
    [2011/05/18 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{968A6565-3BD0-4899-8879-12F50A1DE76F}
    [2011/05/17 20:16:08 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{5DA9594C-0E0A-4EFE-957D-AF2123A90B7B}
    [2011/05/17 08:37:18 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{EF227575-327A-459E-B5CE-98614686A313}
    [2011/05/16 11:48:00 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{DEDF877A-79BE-4E6E-AD69-6777616E200D}
    [2011/05/16 02:40:58 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{3AAFE453-698C-48E8-9550-2CB7013DE1AC}
    [2011/05/15 12:11:15 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{0D0B6A0F-8E3D-4505-A400-65647B897870}
    [2011/05/14 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{7C50C130-B6F1-4C77-98F7-86FE872CFE5E}
    [2011/05/13 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{541BEB2D-73B3-4E9A-9205-76A60E847809}
    [2011/05/12 13:18:21 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{83D0E0D1-F357-40FA-802C-5FD959ADAC85}
    [2011/05/11 12:23:04 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{B38A1B24-2264-44A8-9810-20EBDA044835}
    [2011/05/11 06:45:35 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{DED73177-B5F8-4141-BE0D-B01C8F24FC51}
    [2011/05/10 13:50:40 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{C8C52A38-C9E5-4F83-ACB2-43202F5A9375}
    [2011/05/09 12:52:37 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{DA0F3494-043C-47A7-918F-FBA5587A710E}
    [2011/05/07 09:38:00 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{75503FE0-FE72-4F44-87BE-5798A7998A14}
    [2011/05/06 20:07:10 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{C4A52F2B-3C84-4AA2-BD63-CA9994A9E8F9}
    [2011/05/06 06:23:29 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{395B9B4A-1B5D-4054-825E-FFBAA26AA288}
    [2011/05/04 18:36:27 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{663D4798-30D0-4CA9-A4BF-8368C2D7714D}
    [2011/05/03 23:14:03 | 000,000,000 | ---D | C] -- C:\Users\walmart\AppData\Local\{8A63A842-8481-489D-AB95-1693C57A5159}
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/01 23:47:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\walmart\Desktop\OTL.exe
    [2011/06/01 23:39:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/06/01 23:31:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/01 23:27:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/01 23:27:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/01 23:20:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/01 23:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/01 23:20:16 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/31 15:46:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/05/31 15:21:31 | 004,109,019 | R--- | M] (Swearware) -- C:\Users\walmart\Desktop\ComboFix.exe
    [2011/05/31 15:20:46 | 001,007,108 | ---- | M] () -- C:\Users\walmart\Desktop\rkill.com
    [2011/05/27 01:33:49 | 000,002,349 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/05/24 23:55:38 | 000,000,062 | ---- | M] () -- C:\Windows\pcvcdbr.INI
    [2011/05/24 23:55:38 | 000,000,000 | ---- | M] () -- C:\Windows\pcvcdvw.INI
    [2011/05/18 17:30:57 | 001,106,036 | ---- | M] () -- C:\Users\walmart\Desktop\thing when I reestablist the connection with the home wireless router and the laptop.png
    [2011/05/15 22:26:55 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/05/15 22:26:55 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/05/15 22:26:55 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/05/10 08:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/05/10 08:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/05/10 08:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/05/10 08:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/05/10 07:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/05/10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/05/10 07:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/05/10 00:20:05 | 001,366,067 | ---- | M] () -- C:\Users\walmart\Desktop\mcafee found items on laptop pc done on may 10 monday 2011.png
    [2011/05/04 00:36:06 | 000,003,526 | ---- | M] () -- C:\Users\walmart\Desktop\3308453.PDF
    [2011/05/04 00:05:36 | 000,033,888 | ---- | M] () -- C:\Users\walmart\Desktop\IADVANCECASH.COM
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/31 15:29:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/31 15:29:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/31 15:29:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/31 15:29:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/31 15:29:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/31 15:20:37 | 001,007,108 | ---- | C] () -- C:\Users\walmart\Desktop\rkill.com
    [2011/05/24 23:55:38 | 000,000,062 | ---- | C] () -- C:\Windows\pcvcdbr.INI
    [2011/05/24 23:55:38 | 000,000,000 | ---- | C] () -- C:\Windows\pcvcdvw.INI
    [2011/05/18 17:30:54 | 001,106,036 | ---- | C] () -- C:\Users\walmart\Desktop\thing when I reestablist the connection with the home wireless router and the laptop.png
    [2011/05/10 00:20:05 | 001,366,067 | ---- | C] () -- C:\Users\walmart\Desktop\mcafee found items on laptop pc done on may 10 monday 2011.png
    [2011/05/04 00:36:05 | 000,003,526 | ---- | C] () -- C:\Users\walmart\Desktop\3308453.PDF
    [2011/05/04 00:05:36 | 000,033,888 | ---- | C] () -- C:\Users\walmart\Desktop\IADVANCECASH.COM
    [2010/08/23 21:01:33 | 000,000,000 | ---- | C] () -- C:\Users\walmart\AppData\Roaming\wklnhst.dat
    [2010/06/30 00:36:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/03/25 00:39:42 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2010/03/23 14:58:17 | 000,000,040 | ---- | C] () -- C:\Windows\SysWow64\Sx5363.ini
    [2009/11/05 13:34:56 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2009/11/05 13:34:56 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2009/11/05 13:34:56 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2009/11/05 13:34:54 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2010/05/02 23:54:42 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\CheckPoint
    [2010/07/06 18:41:18 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\MyScribe
    [2011/02/16 21:59:14 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\NeopleLauncherDFO
    [2010/05/04 17:36:07 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\OpenOffice.org
    [2010/08/23 21:01:35 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\Template
    [2010/03/04 12:19:45 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\WildTangent
    [2010/12/29 17:18:43 | 000,000,000 | ---D | M] -- C:\Users\walmart\AppData\Roaming\Windows Live Writer
    [2011/05/11 06:43:24 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/11/05 13:37:00 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/05/31 16:18:00 | 000,023,412 | ---- | M] () -- C:\ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/06/01 23:20:16 | 2360,848,384 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/06/01 23:20:18 | 3462,373,376 | -HS- | M] () -- C:\pagefile.sys
    [2009/11/05 13:51:49 | 000,002,881 | ---- | M] () -- C:\RHDSetup.log
    [2011/05/31 15:27:57 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/05/19 19:14:34 | 000,001,830 | -HS- | M] () -- C:\Users\walmart\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/01 09:01:12 | 000,000,221 | -HS- | M] () -- C:\Users\walmart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/28 00:21:55 | 000,296,448 | ---- | M] () -- C:\Users\walmart\Desktop\2zhgrn2g.exe
    [2010/03/23 14:54:59 | 1712,875,136 | ---- | M] ( ) -- C:\Users\walmart\Desktop\AirRivals_EN_1.0.0.39.exe
    [2011/05/31 15:21:31 | 004,109,019 | R--- | M] (Swearware) -- C:\Users\walmart\Desktop\ComboFix.exe
    [2011/02/16 21:30:35 | 001,943,704 | ---- | M] () -- C:\Users\walmart\Desktop\DFODownloaderV33.exe
    [2011/02/16 21:52:15 | 1309,808,952 | ---- | M] (Nexon) -- C:\Users\walmart\Desktop\DFOSetup33.exe
    [2010/10/23 00:06:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\walmart\Desktop\HijackThis.exe
    [2010/12/28 00:22:30 | 000,080,384 | ---- | M] () -- C:\Users\walmart\Desktop\MBRCheck.exe
    [2010/05/15 20:44:34 | 454,457,197 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\walmart\Desktop\Office2007 (2).exe
    [2010/05/15 20:44:34 | 454,457,197 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\walmart\Desktop\Office2007.exe
    [2011/06/01 23:47:30 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\walmart\Desktop\OTL.exe
    [2011/04/17 21:26:35 | 004,693,257 | ---- | M] (Saitek ) -- C:\Users\walmart\Desktop\Saitek_P2600_Rumble_Pad_SD6_32.exe
    [2011/04/17 21:30:07 | 005,109,384 | ---- | M] (Saitek ) -- C:\Users\walmart\Desktop\Saitek_P2600_Rumble_Pad_SD6_64.exe
    [2011/04/17 21:43:49 | 231,572,128 | ---- | M] (Saitek ) -- C:\Users\walmart\Desktop\SST_Software_32_6_6_6_9.exe
    [2011/04/17 22:55:48 | 235,147,824 | ---- | M] (Saitek ) -- C:\Users\walmart\Desktop\SST_Software_64_6_6_6_9.exe
    [2010/12/28 00:16:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\walmart\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 15:53:05 | 000,000,402 | -HS- | M] () -- C:\Users\walmart\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EA029835

    < End of report >
     
    Forsaken Knight,
    #13
  15. 2011/06/01
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    OTL Extras logfile created on: 6/1/2011 11:58:19 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\walmart\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.24% Memory free
    6.15 Gb Paging File | 4.72 Gb Available in Paging File | 76.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.78 Gb Total Space | 157.93 Gb Free Space | 71.53% Space Free | Partition Type: NTFS

    Computer Name: WALMART-PC | User Name: walmart | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2631836602-637535096-2860635993-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0CE0034E-2119-4CDF-9597-DE28390A77F1}" = MobileMe Control Panel
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EB7C6F78-2A27-4FEF-A98B-5F2698DC4CBF}" = Saitek SD6 Programming Software 6.6.6.9
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AirRivals_EN_is1" = AirRivals_EN 1.0.0.39
    "avast" = avast! Free Antivirus
    "DFO" = DFOLauncher
    "eMachines Registration" = eMachines Registration
    "eMachines Screensaver" = eMachines ScreenSaver
    "eMachines Welcome Center" = Welcome Center
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
    "MyScribe" = MyScribe
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "WildTangent emachines Master Uninstall" = eMachines Games
    "WinLiveSuite" = Windows Live Essentials
    "ZoneAlarm" = ZoneAlarm

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/25/2010 6:14:10 PM | Computer Name = walmart-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 11/25/2010 6:16:16 PM | Computer Name = walmart-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe ".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture= "AMD64 ",type= "win32 ",version= "1.0.0.1 ". Definition
    is WLMFDS,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.0.1 ". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 11/25/2010 6:17:31 PM | Computer Name = walmart-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe ".
    Dependent
    Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/25/2010 6:17:31 PM | Computer Name = walmart-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe ".
    Dependent
    Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/25/2010 6:17:32 PM | Computer Name = walmart-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe ".
    Dependent
    Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/25/2010 6:17:32 PM | Computer Name = walmart-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe ".
    Dependent
    Assembly msadctls,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.1801.0 "
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/10/2010 3:14:18 PM | Computer Name = walmart-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16671 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1390 Start
    Time: 01cb989e2397ec82 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 12/27/2010 11:55:59 PM | Computer Name = walmart-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/27/2010 11:56:08 PM | Computer Name = walmart-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Application or service 'Internet Explorer' could not be shut down.

    Error - 12/27/2010 11:56:16 PM | Computer Name = walmart-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ System Events ]
    Error - 4/27/2011 11:02:05 PM | Computer Name = walmart-PC | Source = Service Control Manager | ID = 7043
    Description = The Group Policy Client service did not shut down properly after receiving
    a preshutdown control.

    Error - 4/29/2011 8:04:23 AM | Computer Name = walmart-PC | Source = DCOM | ID = 10010
    Description =

    Error - 4/29/2011 8:57:04 PM | Computer Name = walmart-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 5/17/2011 8:54:01 AM | Computer Name = walmart-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 5/18/2011 4:16:52 PM | Computer Name = walmart-PC | Source = Tcpip | ID = 4199
    Description = The system detected an address conflict for IP address 192.168.1.2
    with the system having network hardware address 00-15-F2-BD-43-16. Network operations
    on this system may be disrupted as a result.

    Error - 5/27/2011 9:25:33 PM | Computer Name = walmart-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:20:22 PM on ?5/?27/?2011 was unexpected.

    Error - 5/31/2011 3:35:12 PM | Computer Name = walmart-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 5/31/2011 3:39:34 PM | Computer Name = walmart-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 5/31/2011 3:46:37 PM | Computer Name = walmart-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 6/1/2011 9:51:58 AM | Computer Name = walmart-PC | Source = BROWSER | ID = 8032
    Description =


    < End of report >
     
    Forsaken Knight,
    #14
  16. 2011/06/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ======================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EA029835


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #15
  17. 2011/06/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Still with me?
     
    broni,
    #16
  18. 2011/06/07
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    yeah, still here. Sorry about that. I have had a busy week. Dad's birthday, job hunting, both driving and going to potentail jobs. Sadly, none have called me back for me to come in for an interview. I'll do as you instructed right now, so that when you next are able to reply to my thread, it will be up to date for you. Thank you for your patience with me on this matter.
     
    Forsaken Knight,
    #17
  19. 2011/06/07
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    Forsaken Knight,
    #18
  20. 2011/06/07
    Forsaken Knight

    Forsaken Knight Well-Known Member Thread Starter

    Joined:
    2007/12/01
    Messages:
    512
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
    ADS C:\ProgramData\TEMP:EA029835 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: walmart
    ->Temp folder emptied: 5400513 bytes
    ->Temporary Internet Files folder emptied: 114935916 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 219455412 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1812 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2647477 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 327.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Public

    User: walmart
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 06072011_042653

    Files\Folders moved on Reboot...
    C:\Users\walmart\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\walmart\AppData\Local\Temp\~DF0E64DA8AC543390F.TMP not found!
    File\Folder C:\Users\walmart\AppData\Local\Temp\~DF1B8AC614C03B72D7.TMP not found!
    File\Folder C:\Users\walmart\AppData\Local\Temp\~DF499B887F0639DDE1.TMP not found!
    C:\Users\walmart\AppData\Local\Temp\~DF77E0886A2C1DBBAA.TMP moved successfully.
    File\Folder C:\Users\walmart\AppData\Local\Temp\~DFCDA1645350255974.TMP not found!
    File\Folder C:\Users\walmart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZRL9GLEB\99146-active-laptop-pc-having-some-concerns[1].html not found!
    File\Folder C:\Users\walmart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZRL9GLEB\df949936-2850-4e26-af65-c14d91c5c48b[1].htm not found!
    File\Folder C:\Users\walmart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZRL9GLEB\drts[1].htm not found!
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    C:\Windows\temp\ZLT05e21.TMP moved successfully.

    Registry entries deleted on Reboot...
     
    Forsaken Knight,
    #19
  21. 2011/06/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on...
     
    broni,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...