Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35
  1. #21
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    Forgot to attach the aswMBR.dat file
    Attached Files

  2. #22
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    We need to try a couple other scanners to see whats going on.

    1.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type 1 (SCAN) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    2.
    Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with Dr.Web CureIt as follows:
    • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
    • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
    • The Express scan will automatically begin.
      (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
    • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
    • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
    • When complete, click Select All, then choose Cure > Move incurable.
      (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
    • Now put a check next to Complete scan to scan all local disks and removable media.
    • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
    • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
    • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
    • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
    • In the top menu, click file and choose save report list.
    • Save the DrWeb.csv report to your desktop.
    • Exit Dr.Web Cureit when done.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


    3.
    • 1. Please download OTL from one of the following mirrors:
    • This is THE Mirror
      2. Save it to your desktop.
      3. Double click on the icon on your desktop.
      4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      volsnap.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT

      5. Push the Quick Scan button.
      6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



    Things to include in your next reply::
    OTL.txt
    Extra.txt
    Roguekiller log
    DrWeb log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #23
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    OTL logfile created on: 7/2/2011 6:37:08 PM - Run 1
    OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\KVC\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 6.79 Gb Available Physical Memory | 85.23% Memory free
    15.93 Gb Paging File | 14.69 Gb Available in Paging File | 92.20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.10 Gb Total Space | 838.46 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
    Drive D: | 11.32 Gb Total Space | 1.36 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
    Drive F: | 292.73 Gb Total Space | 257.64 Gb Free Space | 88.01% Space Free | Partition Type: NTFS
    Drive G: | 5.34 Gb Total Space | 1.97 Gb Free Space | 36.91% Space Free | Partition Type: FAT32
    Drive L: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: KVC-HP | User Name: KVC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/02 18:35:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\KVC\Desktop\OTL.exe
    PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    PRC - [2009/05/01 14:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/02 18:35:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\KVC\Desktop\OTL.exe
    MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
    MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2006/12/11 13:12:22 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
    SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\All Programs\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\All Programs\SAS\SASCORE64.EXE -- (!SASCORE)
    SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2006/12/11 13:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcrcoms.exe -- (lxcr_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/05/10 07:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/16 05:28:42 | 010,619,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/26 00:39:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/01/27 07:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\All Programs\SAS\sasdifsv64.sys -- (SASDIFSV)
    DRV - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\All Programs\SAS\saskutil64.sys -- (SASKUTIL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=mpes"

    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011/06/21 15:12:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins

    [2011/01/05 19:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KVC\AppData\Roaming\Mozilla\Extensions
    [2010/12/25 22:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KVC\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/01/05 19:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KVC\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
    [2011/07/02 18:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions
    [2010/12/25 18:34:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2011/06/21 16:18:06 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com
    [2011/01/24 22:40:34 | 000,000,931 | ---- | M] () -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\searchplugins\dictionary.xml
    [2011/04/19 16:41:27 | 000,001,504 | ---- | M] () -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\searchplugins\imdb.xml
    File not found (No name found) --
    () (No name found) -- C:\USERS\KVC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72VPT0ZV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\KVC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72VPT0ZV.DEFAULT\EXTENSIONS\BETTERGMAIL2@GINATRAPANI.ORG.XPI

    O1 HOSTS File: ([2011/07/02 00:39:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\All Programs\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/02 18:35:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\KVC\Desktop\OTL.exe
    [2011/07/02 13:40:20 | 000,000,000 | ---D | C] -- C:\Users\KVC\DoctorWeb
    [2011/07/02 13:37:48 | 000,000,000 | ---D | C] -- C:\Users\KVC\Desktop\RK_Quarantine
    [2011/07/02 00:56:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/07/02 00:38:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/26 19:47:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/26 19:47:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/26 19:47:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/26 19:47:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/26 19:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/25 22:23:53 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\Thinstall
    [2011/06/25 22:23:53 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Local\Thinstall
    [2011/06/24 19:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
    [2011/06/24 19:26:09 | 000,000,000 | ---D | C] -- C:\Users\KVC\.thumbnails
    [2011/06/24 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\KVC\Documents\gegl-0.0
    [2011/06/24 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\KVC\.gimp-2.6
    [2011/06/23 20:59:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/06/18 11:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/06/14 16:59:41 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\SUPERAntiSpyware.com
    [2011/06/14 16:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/06/14 16:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/06/14 16:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2011/06/14 01:01:08 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/06/14 00:09:17 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\Malwarebytes
    [2011/06/14 00:09:14 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/06/14 00:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/06/14 00:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/06/14 00:09:11 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/06/13 22:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMan
    [2011/06/05 17:54:13 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Silverline
    [2011/06/05 17:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silverline
    [2011/06/03 20:09:04 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bridge Building Game
    [2011/06/03 20:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bridge Building Game
    [2011/02/03 14:37:23 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
    [2011/02/03 14:37:23 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
    [2011/02/03 14:37:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
    [2011/02/03 14:37:23 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
    [2011/02/03 14:37:23 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
    [2011/02/03 14:37:22 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
    [2011/02/03 14:37:22 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
    [2011/02/03 14:37:22 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
    [2011/02/03 14:37:22 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
    [2011/02/03 14:37:22 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
    [2011/02/03 14:37:22 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
    [2011/02/03 14:37:22 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
    [2011/02/03 14:37:22 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/02 18:40:54 | 000,006,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/07/02 18:40:54 | 000,006,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/07/02 18:35:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\KVC\Desktop\OTL.exe
    [2011/07/02 18:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/07/02 18:33:19 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/02 18:03:15 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-913013744-1395498927-1650167935-1000UA.job
    [2011/07/02 16:55:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\setup_xp.ini
    [2011/07/02 08:13:55 | 069,279,864 | ---- | M] () -- C:\Users\KVC\Desktop\drweb-cureit.exe
    [2011/07/02 08:00:16 | 000,516,608 | ---- | M] () -- C:\Users\KVC\Desktop\RogueKiller.exe
    [2011/07/02 07:57:56 | 000,004,707 | ---- | M] () -- C:\Users\KVC\Desktop\directions.rtf
    [2011/07/02 01:03:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-913013744-1395498927-1650167935-1000Core.job
    [2011/07/02 00:39:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/07/01 19:54:20 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKVC.job
    [2011/07/01 08:51:05 | 000,069,187 | ---- | M] () -- C:\Users\KVC\Documents\mediaman.rtf
    [2011/07/01 08:50:04 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
    [2011/07/01 08:49:42 | 041,073,664 | ---- | M] () -- C:\Users\KVC\Documents\My_bak_latest.mmc
    [2011/07/01 08:49:42 | 041,073,664 | ---- | M] () -- C:\Users\KVC\Documents\My.mmc
    [2011/06/30 10:42:23 | 000,010,240 | ---- | M] () -- C:\Users\KVC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/29 14:32:39 | 000,353,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/06/28 11:44:49 | 000,001,854 | ---- | M] () -- C:\Users\KVC\Desktop\avast!.lnk
    [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
    [2011/06/24 19:47:29 | 000,002,109 | ---- | M] () -- C:\Users\KVC\.recently-used.xbel
    [2011/06/23 21:02:19 | 000,000,000 | ---- | M] () -- C:\Users\KVC\defogger_reenable
    [2011/06/21 15:12:19 | 000,002,153 | ---- | M] () -- C:\Users\KVC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
    [2011/06/14 16:56:24 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
    [2011/06/14 00:21:27 | 000,000,000 | ---- | M] () -- C:\Windows\FileLock.bin
    [2011/06/13 22:24:19 | 000,136,704 | RHS- | M] () -- C:\Windows\SysWow64\oflcw.dll
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/02 16:55:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\setup_xp.ini
    [2011/07/02 08:00:27 | 069,279,864 | ---- | C] () -- C:\Users\KVC\Desktop\drweb-cureit.exe
    [2011/07/02 08:00:14 | 000,516,608 | ---- | C] () -- C:\Users\KVC\Desktop\RogueKiller.exe
    [2011/07/02 07:55:39 | 000,004,707 | ---- | C] () -- C:\Users\KVC\Desktop\directions.rtf
    [2011/06/28 11:44:49 | 000,001,854 | ---- | C] () -- C:\Users\KVC\Desktop\avast!.lnk
    [2011/06/26 19:47:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/26 19:47:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/26 19:47:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/26 19:47:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/26 19:47:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/24 19:47:29 | 000,002,109 | ---- | C] () -- C:\Users\KVC\.recently-used.xbel
    [2011/06/23 21:02:19 | 000,000,000 | ---- | C] () -- C:\Users\KVC\defogger_reenable
    [2011/06/23 09:13:24 | 000,010,240 | ---- | C] () -- C:\Users\KVC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/17 20:06:48 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKVC.job
    [2011/06/14 16:54:18 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
    [2011/06/14 10:25:08 | 000,006,784 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/14 10:25:08 | 000,006,784 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/14 10:22:43 | 000,353,584 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/06/14 00:07:49 | 000,000,000 | ---- | C] () -- C:\Windows\FileLock.bin
    [2011/06/13 22:47:43 | 000,000,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMan.lnk
    [2011/06/13 22:24:19 | 000,136,704 | RHS- | C] () -- C:\Windows\SysWow64\oflcw.dll
    [2011/02/12 11:11:49 | 000,000,131 | ---- | C] () -- C:\Windows\EurekaLog.ini
    [2011/02/03 14:37:23 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
    [2011/02/03 14:37:23 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
    [2011/01/26 23:03:50 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
    [2011/01/26 23:03:44 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2011/01/14 22:42:43 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010/12/27 22:59:19 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2010/12/27 19:47:16 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2010/12/25 18:19:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/10/16 05:27:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/10/16 05:27:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/10/16 05:27:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2010/07/21 14:28:09 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/07/21 14:28:09 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2003/07/24 21:21:08 | 000,345,088 | ---- | C] () -- C:\Windows\SysWow64\renMM.dll
    [2002/09/18 15:14:56 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\therename.dll
    [2002/09/18 15:13:58 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\renogg.dll

    ========== LOP Check ==========

    [2011/05/28 11:49:20 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\.dbox
    [2010/12/27 14:54:08 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\ACD Systems
    [2010/12/26 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Atari
    [2010/12/27 11:31:15 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Basilisk Games
    [2011/04/27 23:33:51 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\crawl
    [2011/05/11 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Downloaded Installations
    [2011/06/22 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\foobar2000
    [2010/12/25 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Foxit
    [2010/12/26 14:26:27 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Foxit Software
    [2011/01/26 23:27:04 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\FreeBurner
    [2010/12/26 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\funkitron
    [2011/02/17 01:25:14 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Gili File Lock
    [2011/06/24 19:48:44 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\gtk-2.0
    [2010/12/26 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Leadertech
    [2011/01/05 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\MediaMan
    [2011/02/12 10:59:42 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Obsidium
    [2011/01/05 22:58:45 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\OpenOffice.org
    [2010/12/25 17:53:09 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\PictureMover
    [2011/01/07 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Rovio
    [2011/07/01 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\SolSuite
    [2011/01/05 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Songbird2
    [2011/06/25 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Thinstall
    [2011/04/13 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Tower Builder Game
    [2011/02/17 09:46:25 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\UDP Software
    [2011/03/16 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Unity
    [2010/12/26 18:26:22 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\WinBatch
    [2011/05/31 10:00:10 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2011/06/24 09:52:30 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
    [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
    [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
    [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
    [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
    [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2008/06/06 17:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

    < MD5 for: IASTORV.SYS >
    [2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
    [2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
    [2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
    [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
    [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
    [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
    [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
    [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
    [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
    [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
    [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
    [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
    [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
    [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
    [2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
    [2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
    [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
    [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
    [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
    [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
    [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
    [2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

    < %systemroot%\*. /mp /s >

    < End of report >

    EXTRA.TXT:
    OTL Extras logfile created on: 7/2/2011 6:37:08 PM - Run 1
    OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\KVC\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 6.79 Gb Available Physical Memory | 85.23% Memory free
    15.93 Gb Paging File | 14.69 Gb Available in Paging File | 92.20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.10 Gb Total Space | 838.46 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
    Drive D: | 11.32 Gb Total Space | 1.36 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
    Drive F: | 292.73 Gb Total Space | 257.64 Gb Free Space | 88.01% Space Free | Partition Type: NTFS
    Drive G: | 5.34 Gb Total Space | 1.97 Gb Free Space | 36.91% Space Free | Partition Type: FAT32
    Drive L: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: KVC-HP | User Name: KVC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [ACDSee 10.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
    Directory [ACDSee Pro 3.Manage] -- "C:\All Programs\ACDSee\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [THE Rename] -- "C:\All Programs\rename\rename.exe" "%1" (Hervé Thouzard)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee 10.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
    Directory [ACDSee Pro 3.Manage] -- "C:\All Programs\ACDSee\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [THE Rename] -- "C:\All Programs\rename\rename.exe" "%1" (Hervé Thouzard)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Lexmark 2400 Series" = Lexmark 2400 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PC-Doctor for Windows" = Hardware Diagnostic Tools

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
    "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
    "{0FCD12BE-F238-438E-BBC4-77FEEEE05DC3}_is1" = Eschalon Utilities 0.7.5
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{10FBBAC3-DCB1-4B6F-AE7F-5F41EB7CEC4E}_is1" = DosBlaster 3.0
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
    "{39B15C51-9F6D-4691-81F7-F9F9AFB4C8E7}" = MediaMan
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads!
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A99BE117-F10C-470D-AE6D-DC2889F5F24E}" = Avadon
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1" = Image Comparer v3.7
    "{D4B8AFAB-FB39-11D7-9D43-000A735D259C}" = Rollercoaster Tycoon 2 UCES
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
    "{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads!
    "{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F284FB94-BF61-4BA6-A662-24E998D4A91F}" = Avernum 6
    "{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
    "{F5C7FD70-2C0A-401E-95E9-916363567DDA}" = HP Setup
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
    "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast" = avast! Free Antivirus
    "Belarc Advisor" = Belarc Advisor 8.1
    "Boggle Supreme" = Boggle Supreme
    "Bridge Building Game" = Bridge Building Game
    "Crawl" = Dungeon Crawl Stone Soup
    "Dissolution" = Dissolution
    "Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
    "Eschalon Book II_is1" = Eschalon Book 2 1.05
    "Evochron Mercenary_is1" = Evochron Mercenary
    "Five Card Deluxe" = Five Card Deluxe
    "Flip Words" = Flip Words
    "Flip Words 2_is1" = Flip Words 2
    "foobar2000" = foobar2000 v1.1.1
    "Foxit Reader" = Foxit Reader
    "Free Easy Burner_is1" = Free Easy Burner V 4.1
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "Picasa 3" = Picasa 3
    "Revo Uninstaller" = Revo Uninstaller 1.90
    "SoldierEliteUS" = Soldier Elite
    "Songbird-release-1959" = Songbird 1.9.3 (Build 1959)
    "Steam App 130" = Half-Life: Blue Shift
    "Steam App 20" = Team Fortress Classic
    "Steam App 218" = Source SDK Base 2007
    "Steam App 220" = Half-Life 2
    "Steam App 30" = Day of Defeat
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 440" = Team Fortress 2
    "Steam App 50" = Half-Life: Opposing Force
    "Tag&Rename_is1" = Tag&Rename 3.5.4
    "TextTwist2 1.00" = TextTwist2 1.00
    "THE Rename_is1" = THE Rename 2.1.6
    "VLC media player" = VLC media player 1.1.5
    "VTFEdit_is1" = VTFEdit 1.2.5
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "HuluDesktop" = Hulu Desktop
    "LastPass" = LastPass (uninstall only)

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >

  4. #24
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    RogueKiller V5.2.7 [06/30/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/30)

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: KVC [Admin rights]
    Mode: Scan -- Date : 07/02/2011 13:37:48

    Bad processes: 0

    Registry Entries: 5
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : (C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe) -> FOUND

    HOSTS File:
    127.0.0.1 localhost


    Finished : << RKreport[1].txt >>
    RKreport[1].txt



    Dr.Web file is too big to post - log attached

    Machine remains the same - these tests found no infections
    Attached Files

  5. #25
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    1.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type 2 (REMOVE) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    2.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type 4 (PROXYFIX) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    3.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, type type 5 (DNSFIX) then Enter
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    4.
    We need to run an OTL Fix
    1. Please reopen on your desktop.
    2. Copy and Paste the following code into the textbox. Do not include the word "Code"
      Code:
      :Otl
      [2011/06/21 16:18:06 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
      O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
      O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
      O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    3. Push
    4. OTL may ask to reboot the machine. Please do so if asked.
    5. Click .
    6. A report will open. Copy and Paste that report in your next reply.


    Things to include in your next reply::
    Roguekiller logs
    OTL fix log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #26
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    RogueKiller V5.2.7 [06/30/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/31)

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: KVC [Admin rights]
    Mode: Remove -- Date : 07/05/2011 16:16:16

    Bad processes: 0

    Registry Entries: 5
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : (C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe) -> REPLACED : ("C:\Program Files (x86)\mozilla firefox 4.0 beta 8\firefox.exe")

    HOSTS File:
    127.0.0.1 localhost
    127.0.0.1 aj.600z.com
    127.0.0.1 ads.pheedo.com
    127.0.0.1 feedads.g.doubleclick.net


    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    RogueKiller V5.2.7 [06/30/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/31)

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: KVC [Admin rights]
    Mode: ProxyFix -- Date : 07/05/2011 16:16:45

    Bad processes: 0

    Registry Entries: 0

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    RogueKiller V5.2.7 [06/30/2011] by Tigzy
    contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)
    mail: tigzyRK<at>gmail<dot>com
    Feedback: [RogueKiller] Remontes (1/31)

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: KVC [Admin rights]
    Mode: DNSFix -- Date : 07/05/2011 16:17:00

    Bad processes: 0

    Registry Entries: 0

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

    ========== OTL ==========
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\platform folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\META-INF folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\defaults\preferences folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\defaults folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\components folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com\chrome folder moved successfully.
    C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\support@lastpass.com folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}\ not found.
    File {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
    File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
    File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
    File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

    OTL by OldTimer - Version 3.2.26.0 log created on 07052011_161956

    So this got rid of my lastpass extension in firefox, but it didn't delete it from chrome. Is Lastpass a problem and should I uninstall it from chrome? (Lastpass is a password filling extension.)

  7. #27
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    The redirect seems to be gone!

    Avast! still doesn't load at start-up and Security Center still shuts off about 3 minutes after the machine boots up.

  8. #28
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    Windows Live Mail no longer works. I use this for both e-mail and RSS Feeds. The message (either email or rss) won't load. The title loads, but not the body.

  9. #29
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    So this got rid of my lastpass extension in firefox, but it didn't delete it from chrome. Is Lastpass a problem and should I uninstall it from chrome? (Lastpass is a password filling extension.)
    Its not a problem, But it had become corrupted so I removed it from firefox. I would uninstall it and reinstall it. Then it should be ok.

    Avast! still doesn't load at start-up and Security Center still shuts off about 3 minutes after the machine boots up
    Windows Live Mail no longer works. I use this for both e-mail and RSS Feeds. The message (either email or rss) won't load. The title loads, but not the body.
    I would uninstall and reinstall Avast and Windows Live Mail they probably became corrupted from the infection.

    Uninstall Avast!

    The following removal utility can be used to uninstall Avast

    • Download aswClear.exe on to your desktop.
    • Start Windows in Safe Mode.
    • Run aswClear.exe.
    • If you installed Avast! in a different folder than the default, browse for it.
      (Note: Be careful! The content of any folder you choose will be deleted!)
    • Click REMOVE.
    • Restart your computer.

    Avast! should now be removed from your PC.



    Lets have one more OTL Log as I see something I don't like.

    • 1. Please download OTL from one of the following mirrors:
    • This is THE Mirror
      2. Save it to your desktop.
      3. Double click on the icon on your desktop.
      4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT

      5. Push the Quick Scan button.
      6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #30
    Member
    Join Date
    Jun 2011
    Posts
    21
    Points
    0

    Default

    OTL logfile created on: 7/5/2011 8:28:38 PM - Run 2
    OTL by OldTimer - Version 3.2.26.0 Folder = C:\Users\KVC\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.97 Gb Total Physical Memory | 6.75 Gb Available Physical Memory | 84.77% Memory free
    15.93 Gb Paging File | 14.70 Gb Available in Paging File | 92.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.10 Gb Total Space | 836.03 Gb Free Space | 90.86% Space Free | Partition Type: NTFS
    Drive D: | 11.32 Gb Total Space | 1.36 Gb Free Space | 12.05% Space Free | Partition Type: NTFS
    Drive F: | 292.73 Gb Total Space | 257.64 Gb Free Space | 88.01% Space Free | Partition Type: NTFS
    Drive G: | 5.34 Gb Total Space | 1.97 Gb Free Space | 36.91% Space Free | Partition Type: FAT32
    Drive L: | 3.72 Gb Total Space | 3.72 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: KVC-HP | User Name: KVC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/05 20:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\KVC\Desktop\OTL.exe
    PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    PRC - [2009/05/01 14:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/05 20:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\KVC\Desktop\OTL.exe
    MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
    MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
    MOD - [2009/07/13 21:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2006/12/11 13:12:22 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
    SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\All Programs\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/04 13:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\All Programs\SAS\SASCORE64.EXE -- (!SASCORE)
    SRV - [2011/01/25 17:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2006/12/11 13:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcrcoms.exe -- (lxcr_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/16 05:28:42 | 010,619,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/26 00:39:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/01/27 07:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\All Programs\SAS\sasdifsv64.sys -- (SASDIFSV)
    DRV - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\All Programs\SAS\saskutil64.sys -- (SASKUTIL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en&source=mpes"

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF:64bit: - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\KVC\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF:64bit: - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KVC\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF:64bit: - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KVC\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\KVC\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KVC\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KVC\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/05 20:16:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011/06/21 15:12:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins
    FF - HKCU\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/05 20:16:12 | 000,000,000 | ---D | M]
    FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2011/06/21 15:12:17 | 000,000,000 | ---D | M]
    FF - HKCU\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins

    [2011/01/05 19:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KVC\AppData\Roaming\Mozilla\Extensions
    [2010/12/25 22:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KVC\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2011/01/05 19:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KVC\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
    [2011/07/05 16:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions
    [2010/12/25 18:34:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2011/01/24 22:40:34 | 000,000,931 | ---- | M] () -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\searchplugins\dictionary.xml
    [2011/04/19 16:41:27 | 000,001,504 | ---- | M] () -- C:\Users\KVC\AppData\Roaming\Mozilla\Firefox\Profiles\72vpt0zv.default\searchplugins\imdb.xml
    File not found (No name found) --
    [2011/07/05 20:16:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    () (No name found) -- C:\USERS\KVC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72VPT0ZV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\KVC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72VPT0ZV.DEFAULT\EXTENSIONS\BETTERGMAIL2@GINATRAPANI.ORG.XPI

    O1 HOSTS File: ([2011/07/03 09:40:32 | 000,000,111 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 aj.600z.com
    O1 - Hosts: 127.0.0.1 ads.pheedo.com
    O1 - Hosts: 127.0.0.1 feedads.g.doubleclick.net
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\All Programs\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/05 20:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/07/05 20:16:55 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/07/05 20:16:54 | 000,288,088 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/07/05 20:16:49 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/07/05 20:16:46 | 000,045,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/07/05 20:16:40 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/07/05 20:16:35 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/07/05 20:16:35 | 000,064,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/07/05 20:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/07/05 20:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/07/05 20:00:59 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\KVC\Desktop\OTL.exe
    [2011/07/05 16:31:31 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Local\VirtualStore
    [2011/07/05 16:19:56 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/07/02 00:56:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/07/02 00:38:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/26 19:47:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/26 19:47:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/26 19:47:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/26 19:47:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/26 19:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/25 22:23:53 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\Thinstall
    [2011/06/25 22:23:53 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Local\Thinstall
    [2011/06/24 19:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VTFEdit
    [2011/06/24 19:26:09 | 000,000,000 | ---D | C] -- C:\Users\KVC\.thumbnails
    [2011/06/24 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\KVC\Documents\gegl-0.0
    [2011/06/24 19:22:54 | 000,000,000 | ---D | C] -- C:\Users\KVC\.gimp-2.6
    [2011/06/23 20:59:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/06/18 11:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/06/14 16:59:41 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\SUPERAntiSpyware.com
    [2011/06/14 16:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/06/14 16:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/06/14 16:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2011/06/14 01:01:08 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/06/14 00:09:17 | 000,000,000 | ---D | C] -- C:\Users\KVC\AppData\Roaming\Malwarebytes
    [2011/06/14 00:09:14 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/06/14 00:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/06/14 00:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/06/14 00:09:11 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/06/13 22:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMan
    [2011/02/03 14:37:23 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
    [2011/02/03 14:37:23 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
    [2011/02/03 14:37:23 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
    [2011/02/03 14:37:23 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
    [2011/02/03 14:37:23 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
    [2011/02/03 14:37:22 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
    [2011/02/03 14:37:22 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
    [2011/02/03 14:37:22 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
    [2011/02/03 14:37:22 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
    [2011/02/03 14:37:22 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
    [2011/02/03 14:37:22 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
    [2011/02/03 14:37:22 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
    [2011/02/03 14:37:22 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/05 20:16:56 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/07/05 20:16:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/07/05 20:12:04 | 000,006,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/07/05 20:12:04 | 000,006,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/07/05 20:04:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/07/05 20:04:23 | 2120,097,791 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/05 20:01:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\KVC\Desktop\OTL.exe
    [2011/07/05 19:40:10 | 000,003,377 | ---- | M] () -- C:\Users\KVC\Documents\feeds.opml
    [2011/07/05 19:03:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-913013744-1395498927-1650167935-1000UA.job
    [2011/07/05 18:54:09 | 041,165,824 | ---- | M] () -- C:\Users\KVC\Documents\My_bak_latest.mmc
    [2011/07/05 18:54:09 | 041,165,824 | ---- | M] () -- C:\Users\KVC\Documents\My.mmc
    [2011/07/05 09:59:22 | 000,009,728 | ---- | M] () -- C:\Users\KVC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/07/04 07:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/07/04 07:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/07/04 07:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/07/04 07:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/07/04 07:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/07/04 07:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/07/04 07:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/07/03 09:40:32 | 000,000,111 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/07/02 16:55:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\setup_xp.ini
    [2011/07/02 01:03:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-913013744-1395498927-1650167935-1000Core.job
    [2011/07/01 19:54:20 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKVC.job
    [2011/07/01 08:51:05 | 000,069,187 | ---- | M] () -- C:\Users\KVC\Documents\mediaman.rtf
    [2011/07/01 08:50:04 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
    [2011/06/29 14:32:39 | 000,353,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
    [2011/06/24 19:47:29 | 000,002,109 | ---- | M] () -- C:\Users\KVC\.recently-used.xbel
    [2011/06/23 21:02:19 | 000,000,000 | ---- | M] () -- C:\Users\KVC\defogger_reenable
    [2011/06/21 15:12:19 | 000,002,153 | ---- | M] () -- C:\Users\KVC\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
    [2011/06/14 16:56:24 | 000,002,048 | ---- | M] () -- C:\Uninstall.dat
    [2011/06/14 00:21:27 | 000,000,000 | ---- | M] () -- C:\Windows\FileLock.bin
    [2011/06/13 22:24:19 | 000,136,704 | RHS- | M] () -- C:\Windows\SysWow64\oflcw.dll
    [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/05 20:16:56 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/07/05 19:40:10 | 000,003,377 | ---- | C] () -- C:\Users\KVC\Documents\feeds.opml
    [2011/07/02 16:55:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\setup_xp.ini
    [2011/06/26 19:47:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/26 19:47:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/26 19:47:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/26 19:47:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/26 19:47:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/24 19:47:29 | 000,002,109 | ---- | C] () -- C:\Users\KVC\.recently-used.xbel
    [2011/06/23 21:02:19 | 000,000,000 | ---- | C] () -- C:\Users\KVC\defogger_reenable
    [2011/06/23 09:13:24 | 000,009,728 | ---- | C] () -- C:\Users\KVC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/17 20:06:48 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForKVC.job
    [2011/06/14 16:54:18 | 000,002,048 | ---- | C] () -- C:\Uninstall.dat
    [2011/06/14 10:25:08 | 000,006,784 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/14 10:25:08 | 000,006,784 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/14 10:22:43 | 000,353,584 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/06/14 00:07:49 | 000,000,000 | ---- | C] () -- C:\Windows\FileLock.bin
    [2011/06/13 22:47:43 | 000,000,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMan.lnk
    [2011/06/13 22:24:19 | 000,136,704 | RHS- | C] () -- C:\Windows\SysWow64\oflcw.dll
    [2011/02/12 11:11:49 | 000,000,131 | ---- | C] () -- C:\Windows\EurekaLog.ini
    [2011/02/03 14:37:23 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
    [2011/02/03 14:37:23 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
    [2011/01/26 23:03:50 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
    [2011/01/26 23:03:44 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2011/01/14 22:42:43 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010/12/27 22:59:19 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
    [2010/12/27 19:47:16 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2010/12/25 18:19:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2010/10/16 05:27:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/10/16 05:27:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/10/16 05:27:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2010/07/21 14:28:09 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/07/21 14:28:09 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2003/07/24 21:21:08 | 000,345,088 | ---- | C] () -- C:\Windows\SysWow64\renMM.dll
    [2002/09/18 15:14:56 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\therename.dll
    [2002/09/18 15:13:58 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\renogg.dll

    ========== LOP Check ==========

    [2011/05/28 11:49:20 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\.dbox
    [2010/12/27 14:54:08 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\ACD Systems
    [2010/12/26 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Atari
    [2010/12/27 11:31:15 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Basilisk Games
    [2011/04/27 23:33:51 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\crawl
    [2011/05/11 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Downloaded Installations
    [2011/07/05 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\foobar2000
    [2010/12/25 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Foxit
    [2010/12/26 14:26:27 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Foxit Software
    [2011/01/26 23:27:04 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\FreeBurner
    [2010/12/26 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\funkitron
    [2011/02/17 01:25:14 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Gili File Lock
    [2011/06/24 19:48:44 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\gtk-2.0
    [2010/12/26 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Leadertech
    [2011/01/05 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\MediaMan
    [2011/02/12 10:59:42 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Obsidium
    [2011/01/05 22:58:45 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\OpenOffice.org
    [2010/12/25 17:53:09 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\PictureMover
    [2011/01/07 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Rovio
    [2011/07/04 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\SolSuite
    [2011/01/05 19:36:56 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Songbird2
    [2011/06/25 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Thinstall
    [2011/04/13 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Tower Builder Game
    [2011/02/17 09:46:25 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\UDP Software
    [2011/03/16 12:53:48 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\Unity
    [2010/12/26 18:26:22 | 000,000,000 | ---D | M] -- C:\Users\KVC\AppData\Roaming\WinBatch
    [2011/05/31 10:00:10 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2011/06/24 09:52:30 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
    [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
    [2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
    [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
    [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
    [2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2008/06/06 17:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

    < MD5 for: IASTORV.SYS >
    [2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
    [2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
    [2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
    [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
    [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
    [2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
    [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
    [2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
    [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
    [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
    [2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
    [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
    [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
    [2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
    [2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
    [2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
    [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
    [2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
    [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
    [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
    [2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

    < %systemroot%\*. /mp /s >

    < End of report >

Page 3 of 4 FirstFirst 1234 LastLast