Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect V to 8.26.70.252

Started by ironcitycats , May 31 2012 09:28 PM

  • This topic is locked This topic is locked
25 replies to this topic

#1 ironcitycats

ironcitycats

    Member

  • Members
  • PipPip
  • 23 posts

Posted 31 May 2012 - 09:28 PM

Good evening gents and thank you so very much in advance if you can help.....

I've seem to run into a problem that's way above my pay-grade. Using either IE or Firefox, when I google someething and try to go to one of the listed resulting websites, I get redirected to random websites and I wrote down the numbers 8.26.70.252 (I think that maybe the IP address???? Sorry I'm not the best with computer, but I can follow directions) Sometimes it will redirect to a site like www.click-get-answers-fast.com or something similar. Occasionally, I can back out of the page and try again and it will not redirect.

Also, I did a search of the numbers I listed above and saw 2 topics on your forums about this problem, so I guess it's good to know I'm not alone, but wasn't sure if I should just follow the same steps as was told to the other 2 users.

Also, I noticed in the Programs and Features window under Control Panel, there is program listed that I have no idea how it got there and after googling it, doesn't sound good. It's called Smart File Advisor 1.1.1 and the publisher is Filefacts.net. I have no idea if this is at all related to the redirect, but any help would be appreciated. Below you'll find the DDS I just ran and attached it the attach file.

FYI, not sure if it matters but I ran Malwarebytes and it didn't help. Also, per the instruction on the forum, I wasn't able to enable Windows Firewall. It says "Due to an unidentified problem, Windows can not display Windows Firewall settings".

Sorry if this is alot, I totally understand if this is a mess. Regardless, thanks for trying to help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Matt at 22:09:17 on 2012-05-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2593 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\AERTSr64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\runservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Akamai NetSession Interface] "C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Logitech® Webcam Software] rundll32.exe "C:\Users\Matt\AppData\Local\Microsoft\Logitech® Webcam Software\forsfb.dll",DllRegisterServer
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Advanced System Protector]
mRun: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{79BB65C3-AA0E-4B31-8765-9E8BE58DBADF} : DhcpNameServer = 192.168.10.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Advanced System Protector]
mRun-x64: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54990
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\system32\AERTSr64.exe --> C:\Windows\system32\AERTSr64.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]
R2 LicCtrlService;LicCtrl Service;C:\Windows\runservice.exe [2010-11-28 16384]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-28 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-9 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro35.sys --> C:\Windows\system32\drivers\hitmanpro35.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 129976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-6-15 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-01 01:29:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-28 21:00:02 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-28 21:00:02 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-28 14:34:54 130560 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B431.tmp.dat
2012-05-10 18:50:38 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-10 17:12:52 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-05-09 10:57:27 1422720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 10:57:26 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-05-06 23:24:01 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-06 23:24:00 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 23:24:00 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-05 23:13:38 -------- d-----r- C:\Program Files (x86)\Skype
2012-05-05 07:02:16 -------- d-----w- C:\Windows\TempEBF5520E-161E-140A-1B9F-6D70C93B686F-Signatures
.
==================== Find3M ====================
.
2012-06-01 01:30:58 1401 --sha-w- C:\Windows\SysWow64\mmf.sys
2012-04-18 17:49:50 405176 ----a-w- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-04-07 20:13:00 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-07 20:12:58 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-07 03:59:53 794408 ----a-w- C:\Windows\SysWow64\Pbsvc.exe
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-03-22 17:43:58 2557952 ----a-w- C:\Windows\SysWow64\QtCore4.dll
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-03-09 05:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 05:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:56:16 45056 ----a-w- C:\Windows\System32\atitmp64.dll
2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-03-08 05:27:40 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
.
============= FINISH: 22:09:42.94 ===============

Attached Files


 

  • BC Ads
  • BleepingComputer.com

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~

  • Malware Response Team
  • PipPipPipPipPipPip
  • 2,946 posts
  • Gender:Male

Posted 02 June 2012 - 12:00 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 ironcitycats

ironcitycats

    Member

  • Members
  • PipPip
  • 23 posts

Posted 02 June 2012 - 07:37 AM

Thanks McMurphy, I appreciate your help. Info below..




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-02 08:33:44
-----------------------------
08:33:44.239 OS Version: Windows x64 6.0.6002 Service Pack 2
08:33:44.239 Number of processors: 2 586 0x170A
08:33:44.239 ComputerName: MATT-PC UserName: Matt
08:33:46.482 Initialize success
08:34:11.047 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:34:11.050 Disk 0 Vendor: WDC_WD5000AAKS-75A7B2 01.03B01 Size: 476940MB BusType: 3
08:34:11.095 Disk 0 MBR read successfully
08:34:11.096 Disk 0 MBR scan
08:34:11.098 Disk 0 Windows VISTA default MBR code
08:34:11.108 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
08:34:11.137 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
08:34:11.152 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461516 MB offset 31586304
08:34:11.181 Disk 0 scanning C:\Windows\system32\drivers
08:34:17.545 Service scanning
08:34:27.986 Modules scanning
08:34:27.990 Disk 0 trace - called modules:
08:34:28.018 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
08:34:28.020 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800574d580]
08:34:28.024 3 CLASSPNP.SYS[fffffa6000d32c33] -> nt!IofCallDriver -> [0xfffffa80048a0520]
08:34:28.027 5 acpi.sys[fffffa6000b79fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800489c4b0]
08:34:28.030 Scan finished successfully
08:35:03.661 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
08:35:03.664 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~

  • Malware Response Team
  • PipPipPipPipPipPip
  • 2,946 posts
  • Gender:Male

Posted 02 June 2012 - 11:02 AM

Posted Image P2P - I see you have P2P software (uTorrent & Limewire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until we are done.

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 ironcitycats

ironcitycats

    Member

  • Members
  • PipPip
  • 23 posts

Posted 02 June 2012 - 01:12 PM

Totally understood if judgment is passed..... I am going to uninstall them both.

Question though. After I uninstall them both, what about the files that I've downloaded using those 2 programs? Should I delete them all too or will that happen automatically when I remove the P2P program? Just want to make sure I'm doing this in the correct manner and not screwing anything up. I'd rather have a clean PC than keep uTorrent around.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~

  • Malware Response Team
  • PipPipPipPipPipPip
  • 2,946 posts
  • Gender:Male

Posted 02 June 2012 - 04:17 PM

In most cases the files that you download from these programs are more dangerous than the applications themselves. Unless they were from known, trustworthy sources I'd recommend that you delete them. As far as I know removing the programs will NOT remove the files, you'll probably have to do that separately.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 ironcitycats

ironcitycats

    Member

  • Members
  • PipPip
  • 23 posts

Posted 03 June 2012 - 12:08 PM

I uninstalled Limewire and uTorrent through the control panel.

After doing that though, I think I ran into a problem. I downloaded combofix like you said and ran it. It popped up an error message telling me I should shut down MS Security Essentials and Avira Antivir Desktop. The problem is, I looked everywhere to find out how to shut them both down and couldn't do it. I opened up the task manager and looked for their processes and couldn't find it. MSE isn't running on the system tray and I can't seem to locate it on my computer to disable the real-time protection. Combofix finished running and I did save the file to desktop. Here's the log below. Sorry in advance if I've made things more complicated.



ComboFix 12-06-03.01 - Matt 06/03/2012 10:53:51.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1540 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\301311k1t287s744w427h1kxp7h2
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\users\Matt\AppData\Local\Microsoft\Logitech® Webcam Software\forsfb.dll
c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\{b0bff901-12df-4088-9712-84957e0de1f9}
c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\{b0bff901-12df-4088-9712-84957e0de1f9}\chrome.manifest
c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\{b0bff901-12df-4088-9712-84957e0de1f9}\chrome\xulcache.jar
c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\{b0bff901-12df-4088-9712-84957e0de1f9}\install.rdf
c:\users\Matt\AppData\Roaming\Roaming
c:\users\Matt\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Matt\Taskmgr.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))))
.
.
2012-06-03 15:00 . 2012-06-03 15:04 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-06-03 15:00 . 2012-06-03 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 12:12 . 2012-06-01 12:12 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-01 12:12 . 2012-06-01 12:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 01:29 . 2012-06-01 01:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-28 14:34 . 2012-05-28 14:34 130560 ----a-w- c:\programdata\Microsoft\Windows\DRM\B431.tmp.dat
2012-05-10 18:50 . 2012-05-10 18:50 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-10 17:12 . 2012-04-21 01:19 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-05-09 10:57 . 2012-03-30 12:45 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 10:57 . 2012-03-29 14:22 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-06 23:24 . 2012-05-18 12:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-06 23:24 . 2012-04-21 01:19 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 23:24 . 2012-04-21 01:19 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-05 23:13 . 2012-06-03 15:04 -------- d-----w- c:\users\Matt\AppData\Roaming\Skype
2012-05-05 23:13 . 2012-05-05 23:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-05 23:13 . 2012-05-05 23:13 -------- d-----r- c:\program files (x86)\Skype
2012-05-05 23:13 . 2012-05-05 23:13 -------- d-----w- c:\programdata\Skype
2012-05-05 16:59 . 2012-05-05 16:59 -------- d-----w- c:\windows\system32\Macromed
2012-05-05 15:49 . 2012-05-05 15:49 -------- d-----w- c:\users\Matt\AppData\Roaming\Logitech
2012-05-05 07:02 . 2012-05-05 07:02 -------- d-----w- c:\windows\TempEBF5520E-161E-140A-1B9F-6D70C93B686F-Signatures
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 18:36 . 2012-04-18 18:36 53248 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-18 17:49 . 2012-04-27 16:45 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-04-13 08:46 . 2011-02-24 16:20 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-07 20:13 . 2010-10-05 12:20 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-07 20:12 . 2011-08-24 03:43 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-07 03:59 . 2011-02-06 15:16 794408 ----a-w- c:\windows\SysWow64\Pbsvc.exe
2012-04-04 19:56 . 2010-09-21 14:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 17:43 . 2012-04-27 16:45 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2011-08-16 19:06 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2011-08-16 19:06 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2011-08-16 19:06 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2011-08-16 19:09 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2009-03-19 17:46 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2009-03-19 17:46 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2011-08-16 19:06 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2011-08-16 19:06 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2011-08-16 19:06 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2011-08-16 19:06 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2011-08-16 19:07 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:56 . 2011-08-16 19:06 45056 ----a-w- c:\windows\system32\atitmp64.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-08-16 19:08 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 05:27 . 2012-03-08 05:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Akamai NetSession Interface"="c:\users\Matt\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-05-27 1779440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aeeifyju;aeeifyju;c:\windows\system32\drivers\aeeifyju.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 12:12]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 16:17]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 16:17]
.
2012-06-03 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2009-03-19 11:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-05-27 1779440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.10.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54990
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-Logitech® Webcam Software - c:\users\Matt\AppData\Local\Microsoft\Logitech® Webcam Software\forsfb.dll
Wow6432Node-HKLM-Run-Advanced System Protector - (no file)
SafeBoot-22409109.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-Advanced System Protector_is1 - c:\program files (x86)\Advanced System Protector\unins000.exe
AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-The Manhattan Modification 1.00 - c:\program files (x86)\WizardWorks\911 - First Responders\Mods\Uninstall.exe
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1847110369-3275543388-1229837096-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:13,ec,db,9d,23,5a,db,c5,b6,11,46,00,2f,4e,56,4a,eb,c9,63,cd,f2,fc,83,
94,96,ea,b4,c2,fc,82,4d,d6,ee,21,39,ce,62,61,48,52,cf,b3,97,2a,09,e7,f0,9c,\
"??"=hex:f0,fe,6f,3f,99,9e,06,53,0c,75,2e,18,49,5a,f1,bd
.
[HKEY_USERS\S-1-5-21-1847110369-3275543388-1229837096-1000\Software\SecuROM\License information*]
"datasecu"=hex:47,d7,af,fb,da,9a,fa,29,56,9a,49,92,40,22,85,ec,25,ec,e3,a6,fc,
d2,a5,7b,5f,c0,88,da,72,cd,a7,f9,6a,46,b1,28,32,bb,fd,92,28,5b,37,ba,fd,61,\
"rkeysecu"=hex:34,a1,7d,6c,4b,1e,03,26,7a,bb,ee,63,0b,6a,f6,47
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c,
de,a0,46,ee,d1,e1,d8,58,7c,57,c7,1b,31,49,37,81,75,ce,c3,a7,5b,16,8f,ae,f7,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\windows\runservice.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2012-06-03 11:08:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-03 15:08
.
Pre-Run: 198,639,136,768 bytes free
Post-Run: 198,621,712,384 bytes free
.
- - End Of File - - AF680B0CEB34F355FCEA82A5E8198515

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~

  • Malware Response Team
  • PipPipPipPipPipPip
  • 2,946 posts
  • Gender:Male

Posted 03 June 2012 - 05:32 PM

From the looks of your logs neither of those programs are actually even installed so you may ignore that message if you see it again. Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

File::
c:\windows\system32\drivers\aeeifyju.sys
Driver::
aeeifyju
DDS::
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54990
FF - prefs.js: network.proxy.type - 4
SecCenter::
{090F9C29-64CE-6C6F-379C-5901B49A85B7}
{108DAC43-C256-20B7-BB05-914135DA5160}
{B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
{ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 ironcitycats

ironcitycats

    Member

  • Members
  • PipPip
  • 23 posts

Posted 03 June 2012 - 09:10 PM

ComboFix 12-06-03.05 - Matt 06/03/2012 20:30:33.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2283 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\aeeifyju.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aeeifyju
.
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 00:37 . 2012-06-04 00:37 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-04 00:37 . 2012-06-04 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-03 15:13 . 2012-06-03 15:13 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-03 15:13 . 2012-06-03 15:13 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 01:29 . 2012-06-01 01:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-28 14:34 . 2012-05-28 14:34 130560 ----a-w- c:\programdata\Microsoft\Windows\DRM\B431.tmp.dat
2012-05-10 18:50 . 2012-05-10 18:50 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-10 17:12 . 2012-04-21 01:19 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-05-09 10:57 . 2012-03-30 12:45 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 10:57 . 2012-03-29 14:22 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-06 23:24 . 2012-05-18 12:21 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-06 23:24 . 2012-04-21 01:19 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 23:24 . 2012-04-21 01:19 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-05 23:13 . 2012-06-04 00:22 -------- d-----w- c:\users\Matt\AppData\Roaming\Skype
2012-05-05 23:13 . 2012-05-05 23:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-05 23:13 . 2012-05-05 23:13 -------- d-----r- c:\program files (x86)\Skype
2012-05-05 23:13 . 2012-05-05 23:13 -------- d-----w- c:\programdata\Skype
2012-05-05 16:59 . 2012-05-05 16:59 -------- d-----w- c:\windows\system32\Macromed
2012-05-05 15:49 . 2012-05-05 15:49 -------- d-----w- c:\users\Matt\AppData\Roaming\Logitech
2012-05-05 07:02 . 2012-05-05 07:02 -------- d-----w- c:\windows\TempEBF5520E-161E-140A-1B9F-6D70C93B686F-Signatures
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 18:36 . 2012-04-18 18:36 53248 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-18 17:49 . 2012-04-27 16:45 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-04-13 08:46 . 2011-02-24 16:20 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-07 20:13 . 2010-10-05 12:20 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-07 20:12 . 2011-08-24 03:43 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-07 03:59 . 2011-02-06 15:16 794408 ----a-w- c:\windows\SysWow64\Pbsvc.exe
2012-04-04 19:56 . 2010-09-21 14:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 17:43 . 2012-04-27 16:45 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:26 . 2012-03-09 05:26 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-03-09 05:26 . 2012-03-09 05:26 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-03-09 05:26 . 2012-03-09 05:26 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-03-09 05:26 . 2012-03-09 05:26 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-03-09 05:26 . 2012-03-09 05:26 16507392 ----a-w- c:\windows\system32\amdocl64.dll
2012-03-09 05:25 . 2012-03-09 05:25 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2011-08-16 19:06 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2011-08-16 19:06 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2011-08-16 19:06 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2011-08-16 19:09 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2009-03-19 17:46 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2012-03-09 04:23 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2012-03-09 04:23 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2009-03-19 17:46 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2011-08-16 19:06 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2011-08-16 19:06 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2011-08-16 19:06 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2011-08-16 19:06 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2011-08-16 19:07 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:56 . 2011-08-16 19:06 45056 ----a-w- c:\windows\system32\atitmp64.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2011-08-16 19:08 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 05:27 . 2012-03-08 05:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Akamai NetSession Interface"="c:\users\Matt\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-05-27 1779440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 257696]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 15:13]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 16:17]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 16:17]
.
2012-06-04 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files (x86)\Realtek\RTNICDiag\RTNICDiag.exe [2009-03-19 11:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6431232]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-05-27 1779440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.10.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54990
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1847110369-3275543388-1229837096-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:13,ec,db,9d,23,5a,db,c5,b6,11,46,00,2f,4e,56,4a,eb,c9,63,cd,f2,fc,83,
94,96,ea,b4,c2,fc,82,4d,d6,ee,21,39,ce,62,61,48,52,cf,b3,97,2a,09,e7,f0,9c,\
"??"=hex:f0,fe,6f,3f,99,9e,06,53,0c,75,2e,18,49,5a,f1,bd
.
[HKEY_USERS\S-1-5-21-1847110369-3275543388-1229837096-1000\Software\SecuROM\License information*]
"datasecu"=hex:47,d7,af,fb,da,9a,fa,29,56,9a,49,92,40,22,85,ec,25,ec,e3,a6,fc,
d2,a5,7b,5f,c0,88,da,72,cd,a7,f9,6a,46,b1,28,32,bb,fd,92,28,5b,37,ba,fd,61,\
"rkeysecu"=hex:34,a1,7d,6c,4b,1e,03,26,7a,bb,ee,63,0b,6a,f6,47
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,43,69,70,4c,7e,7f,7c,
de,a0,46,ee,d1,e1,d8,58,7c,57,c7,1b,31,49,37,81,75,ce,c3,a7,5b,16,8f,ae,f7,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\windows\runservice.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-06-03 20:45:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-04 00:45
ComboFix2.txt 2012-06-03 15:08
.
Pre-Run: 198,337,794,048 bytes free
Post-Run: 198,418,960,384 bytes free
.
- - End Of File - - DA9F9BF1262339E546ECBA0C546C953E


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Matt :: MATT-PC [administrator]

6/3/2012 8:49:49 PM
mbam-log-2012-06-03 (20-49-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 524818
Time elapsed: 1 hour(s), 17 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~

  • Malware Response Team
  • PipPipPipPipPipPip
  • 2,946 posts
  • Gender:Male

Posted 03 June 2012 - 09:59 PM

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 ironcitycats

ironcitycats

    Member

  • Members
  • PipPip
  • 23 posts

Posted 04 June 2012 - 07:21 AM

I just tried to see if I was getting the redirect problem with Firefox or IE and I wasn't being redirected, which is good. Although my redirect problem didn't occur every time I googled something, so I will keep checking to see if it truly is gone.

Other than that, whenever I do reboot, I get a message onscreen after the startup that says "Smart File Advisor is not currently associated to unknown files. Do you want to run Smart File Advisor Installer to fix this problem?" I did notice that Smart File Advisor was still in the control panel install/uninstall section, but it almost looks like its icon is greyed out. Here is the ESET log. I see an error came up about my youtube to mp3 converter... is that P2P software too, like uTorrent?


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a872a709abbfe04b87729d95fb5932a4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-04 05:53:39
# local_time=2012-06-04 01:53:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 43 0 175381026 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=329603
# found=4
# cleaned=0
# scan_time=6899
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Local\Microsoft\Logitech® Webcam Software\forsfb.dll.vir a variant of Win32/Kryptik.AFZD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\{b0bff901-12df-4088-9712-84957e0de1f9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\lwkmnltaos@lwkmnltaos.org.xpi JS/Redirector.NBX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Matt\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~

  • Malware Response Team
  • PipPipPipPipPipPip
  • 2,946 posts
  • Gender:Male

Posted 04 June 2012 - 10:53 AM

ESET flagged that YouTube converter because it is ad driven, installs toolbars or has other unclear objectives. If you no longer want that app, uninstall it via Control Panel > Programs > Uninstall a program.

Try uninstalling that Smart File Advisor via Control Panel > Programs > Uninstall a program also and let me know how it goes. Please do this next:

Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt log only (I don't need to see Extras.txt) into your next post.
Please include the following in your next post:
  • OTL.txt log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 ironcitycats

ironcitycats

    Member

  • Members
  • PipPip
  • 23 posts

Posted 04 June 2012 - 02:14 PM

I uninstalled Smart File Advisor per your instructions and it seemed to uninstall without an issue. When it finished, it brought me to their website for a review of why I canceled it, so I just closed the window. The program is no longer in the Control Panel->Programs list and when I just rebooted, it didn't pop up the message.

Unfortunately though, I'm still getting the same redirect. Below is the OTL.txt:

OTL logfile created on: 6/4/2012 2:56:50 PM - Run 1
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Matt\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 56.76% Memory free
8.22 Gb Paging File | 6.48 Gb Available in Paging File | 78.76% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.70 Gb Total Space | 185.87 Gb Free Space | 41.24% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.26 Gb Free Space | 48.40% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 14:55:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/18 19:19:17 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/11/28 14:59:19 | 000,016,384 | ---- | M] () -- C:\Windows\runservice.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/05/27 15:15:00 | 001,779,440 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/10 03:46:44 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 03:45:58 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll
MOD - [2012/05/10 03:45:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 03:39:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:39:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/10 03:39:35 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/10 03:38:53 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:38:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/05/27 15:15:00 | 001,779,440 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/05/27 15:15:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/05/27 15:15:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/05/27 15:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/05/27 15:14:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2008/11/03 09:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 08:42:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 22:51:33 | 000,067,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2008/01/20 22:48:26 | 000,088,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/03 11:13:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/06 19:24:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/18 19:19:17 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/12/10 01:04:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/28 14:59:19 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Windows\runservice.exe -- (LicCtrlService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/04 19:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:49:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/08 01:27:40 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/23 23:47:21 | 000,025,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/04/11 00:54:21 | 000,299,008 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs)
DRV:64bit: - [2009/03/28 21:41:48 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/03/28 21:41:47 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/03/19 13:48:24 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2009/03/19 13:48:24 | 000,018,488 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/21 07:18:30 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2008/07/15 08:14:10 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 22:47:28 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ipmidrv.sys -- (IPMIDRV)
DRV:64bit: - [2008/01/20 22:47:28 | 000,035,896 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\i2omp.sys -- (i2omp)
DRV:64bit: - [2008/01/20 22:47:27 | 000,185,912 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2008/01/20 22:47:27 | 000,024,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2008/01/20 22:47:26 | 000,128,056 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2008/01/20 22:47:26 | 000,078,392 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2008/01/20 22:47:25 | 000,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2008/01/20 22:47:25 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\fdc.sys -- (fdc)
DRV:64bit: - [2008/01/20 22:47:04 | 000,113,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2008/01/20 22:47:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2008/01/20 22:47:03 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2008/01/20 22:47:01 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2008/01/20 22:47:00 | 000,091,192 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2008/01/20 22:47:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2008/01/20 22:46:59 | 000,397,368 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastorv.sys -- (iaStorV)
DRV:64bit: - [2008/01/20 22:46:59 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2008/01/20 22:46:59 | 000,047,672 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hpcisss.sys -- (HpCISSs)
DRV:64bit: - [2008/01/20 22:46:59 | 000,035,896 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2008/01/20 22:46:59 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2008/01/20 22:46:56 | 000,438,328 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (MegaSR)
DRV:64bit: - [2008/01/20 22:46:56 | 000,284,728 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\uliahci.sys -- (uliahci)
DRV:64bit: - [2008/01/20 22:46:56 | 000,105,016 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2008/01/20 22:46:56 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2008/01/20 22:46:54 | 000,342,584 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2008/01/20 22:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2008/01/20 22:46:54 | 000,126,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu160m.sys -- (adpu160m)
DRV:64bit: - [2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2008/01/20 22:46:53 | 000,486,456 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2008/01/20 22:46:52 | 001,221,176 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2008/01/20 22:46:52 | 000,174,696 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata2.sys -- (ulsata2)
DRV:64bit: - [2008/01/20 22:46:52 | 000,090,680 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2008/01/20 22:46:51 | 000,314,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (rdpdr)
DRV:64bit: - [2008/01/20 22:46:51 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2008/01/20 22:46:51 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2008/01/20 22:46:51 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2008/01/20 22:46:51 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2008/01/20 22:46:50 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2008/01/20 22:46:50 | 000,018,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,018,024 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,015,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2008/01/20 22:46:50 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 08:03:03 | 000,051,816 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2006/11/02 08:02:52 | 000,049,256 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\symc8xx.sys -- (Symc8xx)
DRV:64bit: - [2006/11/02 08:02:47 | 000,048,232 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_u3.sys -- (Sym_u3)
DRV:64bit: - [2006/11/02 08:02:39 | 000,044,648 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2006/11/02 08:02:37 | 000,044,648 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_hi.sys -- (Sym_hi)
DRV:64bit: - [2006/11/02 08:02:24 | 000,039,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mraid35x.sys -- (Mraid35x)
DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteraid.sys -- (iteraid)
DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteatapi.sys -- (iteatapi)
DRV:64bit: - [2006/11/02 07:51:30 | 000,203,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2006/11/02 07:50:54 | 000,148,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata.sys -- (UlSata)
DRV:64bit: - [2006/11/02 07:50:27 | 000,124,008 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2006/11/02 07:50:06 | 000,090,216 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2006/11/02 07:50:06 | 000,088,168 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\djsvs.sys -- (aic78xx)
DRV:64bit: - [2006/11/02 06:27:53 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2006/11/02 05:44:02 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2006/11/02 05:44:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2006/11/02 05:43:46 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2006/11/02 05:43:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2006/11/02 05:43:36 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2006/11/02 05:40:24 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2006/11/02 05:38:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2006/11/02 05:38:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2006/11/02 05:37:57 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2006/11/02 04:43:25 | 000,086,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2006/09/18 17:30:18 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserwdm.sys -- (BrSerWdm)
DRV:64bit: - [2006/09/18 17:30:18 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{78A44A76-28EC-4596-B20A-670692BA7469}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{816E8BCE-46D7-46D9-9991-E980CBAC7847}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{BF44A6AB-D648-4951-A680-FFEE88F23275}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54990
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/10 13:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2009/12/12 19:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2009/12/12 19:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/06/03 11:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions
[2011/10/11 14:39:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/05/10 13:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/22 16:08:42 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4SK4YPF9.DEFAULT\EXTENSIONS\LWKMNLTAOS@LWKMNLTAOS.ORG.XPI
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/03 20:39:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79BB65C3-AA0E-4B31-8765-9E8BE58DBADF}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative64)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 23:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/03 23:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/03 23:34:54 | 000,772,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/03 23:34:54 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/03 23:34:45 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/03 23:34:45 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/03 23:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/03 22:34:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/03 20:45:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/03 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\temp
[2012/06/03 20:28:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/03 11:13:39 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/03 11:13:39 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/03 10:51:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/03 10:51:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/03 10:51:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/03 10:19:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/03 10:15:27 | 004,536,354 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2012/05/31 22:08:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\dds.scr
[2012/05/31 21:29:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/10 14:50:38 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/09 06:56:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012/05/09 06:56:50 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/09 06:56:49 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/09 06:56:49 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/09 06:56:49 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/09 06:56:49 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/09 06:56:29 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/06 19:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/06 19:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/05 19:13:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Skype
[2012/05/05 19:13:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/05/05 19:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/05 19:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/05 19:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/04 14:32:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 14:32:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 14:32:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/04 14:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/04 12:32:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/03 23:34:34 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/03 23:34:34 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/03 23:34:34 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/03 23:34:34 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/03 23:34:34 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/03 23:21:29 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/03 23:21:29 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/06/03 23:21:24 | 000,001,401 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2012/06/03 23:13:41 | 000,078,336 | ---- | M] () -- C:\Users\Matt\Documents\22.wps
[2012/06/03 23:13:41 | 000,017,114 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2012/06/03 20:39:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/03 20:25:02 | 004,536,354 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2012/06/03 11:13:39 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/03 11:13:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/03 11:08:58 | 000,773,594 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/03 11:08:58 | 000,651,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/03 11:08:58 | 000,124,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/02 08:35:03 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/05/31 22:08:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\dds.scr
[2012/05/31 22:02:08 | 000,000,168 | ---- | M] () -- C:\Users\Matt\defogger_reenable
[2012/05/24 21:19:14 | 000,000,945 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/18 10:39:35 | 001,588,722 | ---- | M] () -- C:\Users\Matt\Documents\282.JPG
[2012/05/18 10:35:46 | 001,205,720 | ---- | M] () -- C:\Users\Matt\Documents\281.JPG
[2012/05/10 14:50:38 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/10 13:12:54 | 000,000,914 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/10 13:12:54 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/10 12:28:26 | 000,000,680 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2012/05/10 03:34:43 | 000,283,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/05 19:13:38 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 11:13:40 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 10:51:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/03 10:51:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/03 10:51:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/03 10:51:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/03 10:51:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/02 08:35:03 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/05/31 22:02:08 | 000,000,168 | ---- | C] () -- C:\Users\Matt\defogger_reenable
[2012/05/24 21:19:14 | 000,000,945 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/18 10:39:02 | 001,588,722 | ---- | C] () -- C:\Users\Matt\Documents\282.JPG
[2012/05/18 10:35:19 | 001,205,720 | ---- | C] () -- C:\Users\Matt\Documents\281.JPG
[2012/05/05 19:13:38 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/12/23 23:33:41 | 000,017,230 | -HS- | C] () -- C:\Users\Matt\AppData\Local\301311k1t287s744w427h1kxp7h2
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/23 23:43:37 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/23 23:43:36 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/17 15:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/06 11:16:26 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe
[2010/12/11 16:21:33 | 000,768,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/28 14:59:21 | 000,001,401 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2010/11/28 14:59:19 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2010/11/28 14:59:19 | 000,016,384 | ---- | C] () -- C:\Windows\runservice.exe
[2010/11/21 11:33:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/10/18 11:54:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/05 08:20:18 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/06/15 02:24:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/06/15 02:23:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/06/15 02:22:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~

  • Malware Response Team
  • PipPipPipPipPipPip
  • 2,946 posts
  • Gender:Male

Posted 04 June 2012 - 07:55 PM

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54990
FF - prefs.js..network.proxy.type: 4
[2012/05/22 16:08:42 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4SK4YPF9.DEFAULT\EXTENSIONS\LWKMNLTAOS@LWKMNLTAOS.ORG.XPI
[2011/12/23 23:33:41 | 000,017,230 | -HS- | C] () -- C:\Users\Matt\AppData\Local\301311k1t287s744w427h1kxp7h2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
:Commands
[EmptyTemp]
[ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
  • Open OTL again and press "Quick Scan" to produce a fresh log
Please include the following in your next post:
  • OTL fix log
  • New OTL.txt log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 ironcitycats

ironcitycats

    Member

  • Members
  • PipPip
  • 23 posts

Posted 05 June 2012 - 06:49 PM

OTL Fix log is 1st and then the OTL log after Quickscan is after it....

ll processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 54990 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\lwkmnltaos@lwkmnltaos.org.xpi moved successfully.
C:\Users\Matt\AppData\Local\301311k1t287s744w427h1kxp7h2 moved successfully.
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matt
->Temp folder emptied: 4228422 bytes
->Temporary Internet Files folder emptied: 264222321 bytes
->Java cache emptied: 3471227 bytes
->FireFox cache emptied: 199910122 bytes
->Flash cache emptied: 2023553 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 480802 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33109 bytes
RecycleBin emptied: 5047237 bytes

Total Files Cleaned = 457.00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.46.0 log created on 06052012_193416

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...





OTL logfile created on: 6/5/2012 7:42:24 PM - Run 2
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Matt\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 58.36% Memory free
8.17 Gb Paging File | 6.35 Gb Available in Paging File | 77.74% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.70 Gb Total Space | 184.55 Gb Free Space | 40.95% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.26 Gb Free Space | 48.40% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 14:55:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/20 21:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/12/18 19:19:17 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/11/28 14:59:19 | 000,016,384 | ---- | M] () -- C:\Windows\runservice.exe
PRC - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/05/27 15:15:00 | 001,779,440 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/10 03:46:44 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 03:45:58 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\24556241d64589a6b95b7eaa7432295b\System.Web.Services.ni.dll
MOD - [2012/05/10 03:45:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 03:39:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:39:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/10 03:39:35 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/10 03:38:53 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:38:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/04/20 21:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/05/27 15:15:00 | 001,779,440 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/05/27 15:15:00 | 000,268,016 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/05/27 15:15:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/05/27 15:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/05/27 15:14:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2008/11/03 09:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 08:42:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 22:51:33 | 000,067,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2008/01/20 22:48:26 | 000,088,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/06 19:24:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/18 19:19:17 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/12 12:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/12/10 01:04:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/28 14:59:19 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Windows\runservice.exe -- (LicCtrlService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/19 11:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/04 19:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:49:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/08 01:27:40 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/23 23:47:21 | 000,025,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/04/11 00:54:21 | 000,299,008 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs)
DRV:64bit: - [2009/03/28 21:41:48 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/03/28 21:41:47 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/03/19 13:48:24 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2009/03/19 13:48:24 | 000,018,488 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/07/21 07:18:30 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2008/07/15 08:14:10 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 22:47:28 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ipmidrv.sys -- (IPMIDRV)
DRV:64bit: - [2008/01/20 22:47:28 | 000,035,896 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\i2omp.sys -- (i2omp)
DRV:64bit: - [2008/01/20 22:47:27 | 000,185,912 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2008/01/20 22:47:27 | 000,024,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2008/01/20 22:47:26 | 000,128,056 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2008/01/20 22:47:26 | 000,078,392 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2008/01/20 22:47:25 | 000,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2008/01/20 22:47:25 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\fdc.sys -- (fdc)
DRV:64bit: - [2008/01/20 22:47:04 | 000,113,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2008/01/20 22:47:04 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2008/01/20 22:47:03 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2008/01/20 22:47:01 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2008/01/20 22:47:00 | 000,091,192 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2008/01/20 22:47:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2008/01/20 22:46:59 | 000,397,368 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastorv.sys -- (iaStorV)
DRV:64bit: - [2008/01/20 22:46:59 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2008/01/20 22:46:59 | 000,047,672 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hpcisss.sys -- (HpCISSs)
DRV:64bit: - [2008/01/20 22:46:59 | 000,035,896 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2008/01/20 22:46:59 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2008/01/20 22:46:56 | 000,438,328 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (MegaSR)
DRV:64bit: - [2008/01/20 22:46:56 | 000,284,728 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\uliahci.sys -- (uliahci)
DRV:64bit: - [2008/01/20 22:46:56 | 000,105,016 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2008/01/20 22:46:56 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2008/01/20 22:46:54 | 000,342,584 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2008/01/20 22:46:54 | 000,128,056 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2008/01/20 22:46:54 | 000,126,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu160m.sys -- (adpu160m)
DRV:64bit: - [2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2008/01/20 22:46:53 | 000,486,456 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2008/01/20 22:46:52 | 001,221,176 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2008/01/20 22:46:52 | 000,174,696 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata2.sys -- (ulsata2)
DRV:64bit: - [2008/01/20 22:46:52 | 000,090,680 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2008/01/20 22:46:51 | 000,314,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (rdpdr)
DRV:64bit: - [2008/01/20 22:46:51 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2008/01/20 22:46:51 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2008/01/20 22:46:51 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2008/01/20 22:46:51 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2008/01/20 22:46:50 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2008/01/20 22:46:50 | 000,018,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,018,024 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,015,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2008/01/20 22:46:50 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2008/01/20 22:46:50 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 08:03:03 | 000,051,816 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2006/11/02 08:02:52 | 000,049,256 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\symc8xx.sys -- (Symc8xx)
DRV:64bit: - [2006/11/02 08:02:47 | 000,048,232 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_u3.sys -- (Sym_u3)
DRV:64bit: - [2006/11/02 08:02:39 | 000,044,648 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2006/11/02 08:02:37 | 000,044,648 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_hi.sys -- (Sym_hi)
DRV:64bit: - [2006/11/02 08:02:24 | 000,039,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mraid35x.sys -- (Mraid35x)
DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteraid.sys -- (iteraid)
DRV:64bit: - [2006/11/02 08:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteatapi.sys -- (iteatapi)
DRV:64bit: - [2006/11/02 07:51:30 | 000,203,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2006/11/02 07:50:54 | 000,148,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata.sys -- (UlSata)
DRV:64bit: - [2006/11/02 07:50:27 | 000,124,008 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2006/11/02 07:50:06 | 000,090,216 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2006/11/02 07:50:06 | 000,088,168 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\djsvs.sys -- (aic78xx)
DRV:64bit: - [2006/11/02 06:27:53 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2006/11/02 05:44:02 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2006/11/02 05:44:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2006/11/02 05:43:46 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2006/11/02 05:43:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2006/11/02 05:43:36 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2006/11/02 05:40:24 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2006/11/02 05:38:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2006/11/02 05:38:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2006/11/02 05:37:57 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2006/11/02 04:43:25 | 000,086,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2006/09/18 17:30:18 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserwdm.sys -- (BrSerWdm)
DRV:64bit: - [2006/09/18 17:30:18 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{78A44A76-28EC-4596-B20A-670692BA7469}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{816E8BCE-46D7-46D9-9991-E980CBAC7847}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{BF44A6AB-D648-4951-A680-FFEE88F23275}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/10 13:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2009/12/12 19:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2009/12/12 19:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/06/05 19:34:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions
[2011/10/11 14:39:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4sk4ypf9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/05/10 13:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/05 19:35:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79BB65C3-AA0E-4B31-8765-9E8BE58DBADF}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative64)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 19:34:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/03 23:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/03 23:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/03 23:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/03 22:34:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/03 20:45:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/03 20:45:09 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\temp
[2012/06/03 20:28:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/03 10:51:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/03 10:51:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/03 10:51:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/03 10:19:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/03 10:15:27 | 004,536,354 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2012/05/31 22:08:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\dds.scr
[2012/05/31 21:29:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

========== Files - Modified Within 30 Days ==========

[2012/06/05 19:36:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/05 19:36:49 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/06/05 19:36:42 | 000,001,401 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2012/06/05 19:36:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 19:36:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 19:36:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/05 19:35:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/05 19:32:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 23:13:41 | 000,078,336 | ---- | M] () -- C:\Users\Matt\Documents\22.wps
[2012/06/03 23:13:41 | 000,017,114 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2012/06/03 20:25:02 | 004,536,354 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2012/06/03 11:08:58 | 000,773,594 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/03 11:08:58 | 000,651,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/03 11:08:58 | 000,124,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/02 08:35:03 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/05/31 22:08:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\dds.scr
[2012/05/31 22:02:08 | 000,000,168 | ---- | M] () -- C:\Users\Matt\defogger_reenable
[2012/05/24 21:19:14 | 000,000,945 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/18 10:39:35 | 001,588,722 | ---- | M] () -- C:\Users\Matt\Documents\282.JPG
[2012/05/18 10:35:46 | 001,205,720 | ---- | M] () -- C:\Users\Matt\Documents\281.JPG
[2012/05/10 13:12:54 | 000,000,914 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/10 13:12:54 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/10 12:28:26 | 000,000,680 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2012/05/10 03:34:43 | 000,283,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/03 10:51:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/03 10:51:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/03 10:51:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/03 10:51:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/03 10:51:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/02 08:35:03 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/05/31 22:02:08 | 000,000,168 | ---- | C] () -- C:\Users\Matt\defogger_reenable
[2012/05/24 21:19:14 | 000,000,945 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2012/05/18 10:39:02 | 001,588,722 | ---- | C] () -- C:\Users\Matt\Documents\282.JPG
[2012/05/18 10:35:19 | 001,205,720 | ---- | C] () -- C:\Users\Matt\Documents\281.JPG
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/23 23:43:37 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/23 23:43:36 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/17 15:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/06 11:16:26 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\Pbsvc.exe
[2010/12/11 16:21:33 | 000,768,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/28 14:59:21 | 000,001,401 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2010/11/28 14:59:19 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2010/11/28 14:59:19 | 000,016,384 | ---- | C] () -- C:\Windows\runservice.exe
[2010/11/21 11:33:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/10/18 11:54:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/05 08:20:18 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010/06/15 02:24:00 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/06/15 02:23:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/06/15 02:22:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2012/02/20 11:23:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\3E650
[2011/10/21 13:36:59 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\a11uuvSS2oF3pG5
[2011/02/23 09:00:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AnVi
[2010/11/26 14:50:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Avanquest
[2012/03/07 15:48:24 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Baumaschinen Simulator 2011
[2010/10/23 14:05:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/21 13:55:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2012/03/08 01:05:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2012/04/27 12:45:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DVDVideoSoft
[2011/10/11 14:39:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/20 11:23:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\F083E
[2011/10/21 13:45:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\f6sWK7fELgZjCkV
[2011/10/21 14:13:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FP00yycA1ivDon4
[2012/04/21 08:44:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GetRightToGo
[2011/10/21 13:36:59 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GJJJ6ddWK8
[2011/10/21 13:36:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\H55ssWJJ7dE8gZ
[2011/10/21 13:36:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\HooonGG4amH6WJf
[2012/04/18 14:36:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/04/07 19:42:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mumble
[2011/12/24 12:41:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mumble(PR Edition)
[2010/09/21 11:10:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ofuco
[2011/10/21 13:45:40 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OlONtxP0uSiDoGa
[2010/11/21 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Philipp Winterberg
[2010/11/26 16:44:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Quest3D
[2012/02/23 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Systweak
[2009/12/06 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2009/12/06 17:27:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\The Creative Assembly
[2011/07/31 11:47:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tropico 3
[2011/11/15 12:45:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tropico 4 Demo
[2012/02/07 12:33:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2011/05/21 13:05:20 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2010/11/27 01:07:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ValuSoft
[2010/09/21 09:52:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Viosd
[2012/02/23 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\W Photo Studio
[2009/12/18 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\W Photo Studio Viewer
[2009/03/24 22:51:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WildTangent
[2012/06/05 19:36:49 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/06/05 19:35:17 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·